Privacy Notice
About
Ludwig
Esser Psychotherapy & Hypnotherapy
Privacy
Notice
Contact
information:
11
Llynfa Road, Penclawdd, Swansea SA4 3XD
phone:
07835 379 046
email:
info@lifeleap.co.uk
web:
https://www.lifeleap.co.uk
“Ludwig
Esser Psychotherapy & Hypnotherapy” is the business name of
sole trader, Ludwig Esser.
I,
Ludwig Esser, am the Data Controller and Processor of Ludwig Esser
Psychotherapy & Hypnotherapy.
Privacy
Notice
The
basis on which I keep client data is that of “Legitimate
Interests”. This means that the data is necessary for me to fulfil
the contract that we have together (ie to provide therapy) and that
it is data that you would reasonably expect me to hold and use.
The
data I hold includes:
- Basic information such as name, email address, phone number
- Information that you give me as part of the work we do together
- Records of what interventions that I use (or potentially do not use) in our sessions
- Emails, texts and/or messages that are sent between us (see below)
- Information sent from any third party, eg GP, insurance company, EAP
- Audio recordings of sessions (if and when deemed appropriate)
Some
of the information that you give me may fall under the definition of
special category of data as defined by the General Data Protection
Regulation. The condition for processing this special data is
“processing is necessary for medical diagnosis, the provision of
health care or treatment pursuant to contract with a health
professional”.
Data
is not shared with anyone, except possibly your GP (see GP info
section below), and for any reasons covered by the Requirements for
Disclosure section below. However, if you were to make a complaint
about me to my professional body, I would be entitled to share your
notes with any investigation procedures.
The
data is primarily used to enable me to provide therapy for you. It
may also be used scientific research purposes and statistical
purposes.
Details
of where data is held:
- Any emails sent between us are held on my computer and in encrypted form on a separate backup drive which is stored in a safe. They are also held on my smartphone, which is code protected and encrypted and on the server of my Internet Service Provider, Zen Internet, which is based in the UK and GDPR compliant.
- Any texts, whatsapp messages sent between us are held on my smartphone, which is code protected and encrypted.
- Your notes are handwritten and are kept in a locked filing cabinet. A coding system enables me as the therapist to know whose notes are related to which client, but a stranger seeing the notes would not be able to identify to whom they refer.
- Audio recordings and other electronic media used in the sessions are stored on a separate hard-drive in encrypted form. It is stored in a locked filing cabinet when not in use. The backup of this drive is on a separate encrypted backup drive which is stored in a safe.
- If not handed over to you in person on a CD/DVD, audio recordings or any electronic media I share with you are shared via a secure link to a cloud file on box.com, which itself is GDPR compliant. The cloud means a hard-drive owned and held by a cloud provider (in this case box.com) that is accessible through the internet. Only I have access to the files and those with whom I share a link to a specific file.
- If you use Paypal or online banking then clearly these systems will hold your data. I will download from these systems for accounting purposes and the resulting spreadsheets are held on the above mentioned hard drive. When sent to my accountants, they will be password protected.
Your
data is kept for 7 years. The length of time is based on the
stipulation of my insurer. After this time any paper records are
shredded and computer records permanently deleted.
Ludwig
Esser Psychotherapy & Hypnotherapy takes the security of data
seriously and as such:
- All data is held securely (see details of where data is held above)
- Any date transmitted is sent encrypted where possible
- For accounting purposes Excel spreadsheets and Access files are used
However:
- I am not in control of data (including emails and texts) which you send me
- Apps such as Facebook routinely access any information held regardless of their confidentiality and this is beyond my control.
If
there is any breach of data security Ludwig Esser Psychotherapy &
Hypnotherapy will give full details to the Information Commissioners
Office and any person affected within 72 hours of the breach and do
all possible to minimise any potential impact.
You
have rights with regards to the data held:
- The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
- The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
- The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include case notes or data such as address/email/phone
- The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure
- The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
- The right to object to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). Ludwig Esser Psychotherapy & Hypnotherapy does not engage in these things
- direct marketing. Ludwig Esser Psychotherapy & Hypnotherapy does not do direct marketing
- processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
- automated decision making and profiling. Ludwig Esser Psychotherapy & Hypnotherapy does not engage in automated decision making or profiling
In
exceptional circumstances, I may be required to provide legal or
regulatory authorities with your personal data in order to comply
with legal requirements or regulations. Whilst I will be required to
comply with any such request, I will use reasonable endeavours (if
allowed by law) to ensure that you are first informed about this.
Personal
data that I hold about you will not be distributed or processed
outside of England and Wales.
If
you have any doubts or concerns over the way that I hold or process
your personal data you have the right to complain to the ICO, I would
however hope that you would contact me first with any complaint, and
I will use my best endeavours to address this promptly.
This
disclosure statement and any non-contractual obligations arising out
of or in connection with this disclosure statement will be governed
by the law of England and Wales. You and I both consent to submit to
the exclusive jurisdiction of the courts of England and Wales.