GDPR Privacy Policy for Claire Dunlop Therapy

Introduction

Claire Dunlop Therapy (referred to as "we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you access our services, in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Data Controller

Claire Dunlop Therapy is the Data Controller for the personal data you provide. Our contact details are as follows:

  • Name: Claire Dunlop Therapy

  • Email: claire@clairedunloptherapy

  • Phone Number: 07432344506

2. What Personal Data We Collect

In the course of providing therapy services, we may collect and process the following types of personal data:

  • Personal identification details: name, date of birth, contact details (phone number, email address)

  • Health data: information related to your mental and physical health, including medical history, treatment plans, progress reports, and therapy notes.

  • Billing information: payment details (if applicable, such as credit card information or bank account details).

  • Emergency contact details: if you provide us with an emergency contact person’s details.

3. How We Collect Your Data

We collect personal data through various channels, including:

  • Directly from you when you provide it during consultations, via phone, email, or other communications.

  • Through online forms for appointment booking, consent forms, or communication regarding your therapy.

  • If necessary, from other healthcare providers if they are involved in your care (with your explicit consent).

4. Purpose of Data Collection

We collect your personal data for the following purposes:

  • To provide and manage your CBT therapy services.

  • To maintain accurate records of your therapy sessions.

  • To comply with legal and professional obligations (e.g., medical record-keeping).

  • To process payments and manage financial records (if applicable).

  • To communicate with you about appointments, therapy updates, and related matters.

  • To manage our practice and improve the quality of our services.

5. Legal Basis for Processing Your Data

Under the GDPR, we rely on the following legal bases for processing your personal data:

  • Consent: You provide explicit consent when you agree to undergo therapy and share relevant information.

  • Contractual necessity: Processing is necessary for the performance of a contract (e.g., providing therapy services).

  • Legal obligation: Processing is necessary for compliance with legal obligations (e.g., health data retention).

  • Legitimate interests: Processing is necessary for the legitimate interests of managing our therapy practice (e.g., appointment scheduling).

6. Data Retention

We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law, including for medical record-keeping purposes. The general retention period for therapy records is at least 7 years after the last date of treatment, or longer if required by law.

7. Sharing Your Data

We will not share your personal data with third parties except in the following circumstances:

  • With your explicit consent.

  • If required by law (e.g., in cases of safeguarding concerns or to comply with legal obligations).

  • To third-party service providers who assist us in managing our practice, such as appointment scheduling systems, email providers, or payment processors. These providers are contractually obligated to handle your data securely and in compliance with GDPR.

8. Your Rights Under GDPR

As an individual whose personal data is being processed, you have the following rights:

  • Right to access: You can request a copy of the personal data we hold about you.

  • Right to rectification: You can request corrections to any inaccurate or incomplete data.

  • Right to erasure: You can request that we delete your personal data under certain conditions.

  • Right to restriction of processing: You can request that we limit the processing of your personal data in certain circumstances.

  • Right to data portability: You can request that your personal data be provided to you in a structured, commonly used, and machine-readable format.

  • Right to object: You can object to the processing of your data for direct marketing purposes or where we are relying on legitimate interests.

  • Right to withdraw consent: If we are processing your data based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us using the details provided above.

9. Requesting Access to or Deletion of Therapy Notes

You have the right to request access to the therapy notes we hold about you at any time. If you would like to request a copy of your notes, please submit a written request to us via the contact details listed above.

If you wish to request the deletion of your therapy notes, you can contact us with this request. Please note that while you have the right to request the deletion of your personal data, there may be legal or professional obligations that prevent us from deleting certain information (e.g., retention periods required by law or professional codes of practice). If we are unable to fulfill your request for deletion, we will explain the reasons to you.

10. Security of Your Data

We take the protection of your personal data seriously and have implemented appropriate technical and organizational measures to safeguard your data against unauthorized access, loss, or destruction. This includes secure storage of physical and electronic records, as well as encryption of sensitive data where applicable.

11. International Transfers of Data

If any of your personal data is transferred outside of the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your privacy rights.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be communicated to you through our website or via direct communication, where necessary.

13. Complaints

If you have concerns about how we process your personal data, you have the right to lodge a complaint with a supervisory authority. In the UK, the relevant authority is the Information Commissioner’s Office (ICO). In other countries, the relevant authority is the Data Protection Authority.

14. Consent

By engaging in therapy with us, you consent to the collection and processing of your personal data as outlined in this Privacy Policy.