Privacy Statement

Introduction                                  

I take your privacy very seriously. This Privacy Statement describes what I do, and what I don’t do, with the personal information that I collect in the operation of my Psychotherapy Practice, Therapy with Davina, and when you use this web site.

I will update this privacy policy from time to time by posting a new version on this website. Please check this web page periodically in order to ensure that you are familiar with any changes.

It is a legal requirement under the General Data Protection Regulation (GDPR) for me to make my data processing procedures clear to you.

I will be asking you to actively opt in and consent to these arrangements and the handling of your personal information.

I abide by the GDPR and the Data Protection Act 2018 and I, Davina Robertson, am the registered data controller and processor for Therapy with Davina. More information is available from the Information Commissioner’s Office (ICO) at https://ico.org.uk/

The personal data I collect, store and process:

Personal data is any information which identifies you personally whether directly (for example, your name) or indirectly (for example, information about your use of our products and services).

SECTION ONE:  the personal data I collect store and process in my psychotherapy practice

Why I collect personal data & information

I collect relevant personal information from clients to enable a working record of contact information, in case of emergencies and for the ongoing work. I do not share any of this information with anyone unless it is necessary to assist your well-being or the safety of others in which case, I will share the minimum necessary in order to mobilise the appropriate support for you. This would most likely be your GP but could be another service. I am also legally required to disclose personal information to the authorities if you are involved in serious crime.

What information do I collect, store and process?

Contact information. Personal information including age, health (mental and physical), gender, sexuality (if relevant to our work), domestic and financial arrangements (where relevant) and other special category data.

Notes on our sessions which give brief details of what the focus of our work is, how you are and perhaps anything I need to remember to revisit in a later session. I do not include any names or identifying information about anyone you might talk about in your sessions.

How is this information stored?

All client contact data, bookings, payment information and sessions notes are stored by my client management provider, Cliniko. Cliniko meet all the requirements and regulations of GDPR. Their servers are located outside the UK.  I do not store any client data on my own computer system.

Any paper correspondence will be scanned and uploaded to my Cliniko system and the originals shredded.

I store your first name, sometimes an initial of your second name and your phone number(s) on a dedicated phone that I only use for my practice and which is protected in case of loss so that I can wipe all data with one call.

I store your email address and any email correspondence in my Protonmail secure email account which is end to end encrypted. You can read about this here https://protonmail.com

What about data transfers to Cliniko?

All data is transmitted and stored securely using end to end encryption. You can read more about their data security at https://www.cliniko.com/security/

Who do you share my personal information with? Limits of confidentiality.

We will agree to work with the following limits of confidentiality when we start to work together

I do not share any of your personal information with anyone else unless one of the following situations occurs:

  1. I am concerned about a serious risk to your safety or someone else’s safety in which case I will seek appropriate support for you or for them. To do this I will share the minimum amount of information necessary with a medical or other professional. I will always seek to discuss this with you beforehand where at all possible.
  2. There are some requirements under the law to do with serious crime where I would have to share information with the authorities.
  3. A court of law can require me to show my records of our sessions together. This is a rare occurrence.

How long will you keep my data?

I am required to keep the records of our sessions for 7 years. After that time has elapsed all trace of your data will be erased from Cliniko’s system. If Cliniko stops trading they will give me the opportunity to move my records to another suitably secure provider and I will update this statement to reflect that fact.

When I stop working with you, I will delete your name, phone number and email address from my email and phone systems.

What if something happens to my therapist?

If anything happens to me that prevents me from attending your session and from communication with you directly—such as illness or death—then I have appointed an experienced colleague to act as my Therapeutic Executor and they would be able to access your contact details and inform you if this were to occur.

Using video meeting software

For video sessions I will use one of the following:

Cliniko’s telehealth  cliniko.com  This is also my practice management system referred to above.

V-See telehealth  vsee.com I only use the video meetings at V-see so none of your data is stored here.

All video calls are secured and meet strict privacy and security standards.  No content is stored anywhere. All features meet GDPR regulation standards. I do not record our meetings and request that you do not record them either.

Using email for sessions or otherwise

General email services are not secure. I use Protonmail as they use ‘end to end’ encryption for security. If we are to engage using email, I encourage you to set up a Protonmail or similarly secure email account. Protonmail is free of charge and is very easy to install and use. If you choose to email me from an insecure email address you may like to protect your privacy by limiting your content.

Using telephone for sessions

For phone sessions I use Signal encrypted phone calls or I can use WhatsApp encrypted calls if you prefer.  They both use end-to-end encryption, but WhatsApp does collect information about its users whilst Signal do not. If we are to engage using phone calls, I encourage you to set up a Signal account yourself. This is free of charge and straightforward to install and use and will give us the maximum security and privacy options.

WhatsApp privacy policySignal privacy policy.

Payment systems

For payment transactions I use BACS bank transfers or Stripe, an approved third-party payment processing service. I do not store your financial details anywhere on my website or on any physical documentation and neither does my practice management service, Cliniko.  Visit https://stripe.com/en-gb/privacy for details of their privacy policy. Your privacy within the BACS system and Stripe payment system is beyond my control. You may wish to check out their security arrangements on their websites.

Social Media

I do not engage with my clients, past or present, on social media. I do use social media for promoting my business and networking with colleagues. I will never share anything about our sessions together on social media. My intention in posting articles and mental health information is not to provide therapy by social media but to provide some support for people who might be considering seeking counselling or therapy ,or other services, from me or other practitioners

SECTION TWO–The personal data I collect, store and process on my website and on other online apps

Use of Cookies

A cookie is a very small text file, which often includes an anonymous unique identifier. When you visit a website that site’s server asks your computer for permission to store this file in a part of your computer’s memory specifically designed for cookies. Each website can send its own cookie to your browser if your preferences allow this but ,in order to protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites.

IP addresses

IP addresses are used by your computer every time you are connected to the internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as ‘traffic data’ so that data, such as web page content, can be sent to you.

Browsing: I use website tracking technologies. These use “cookies” (see above) help me analyse how people use the web site. The information generated by the cookie and gathered in server logs, about your use of the web site, may include the date and time of visits, the pages viewed, time spent at the web site and the websites visited just before and after our own, your IP address and your location (often to the nearest town). You have the ability to refuse the use of cookies by selecting the appropriate settings on your browser, however you may not be able to use the full functionality of the web site if you choose to do this.

Assessment quiz: Personal data is collected: First name & your responses to the questions on the quiz. I collect this information using a service called Typeform. Only I can access this information and I will not share it with anyone else. Typeform’s Terms of Service and Privacy Policy.

Enquiring: You will need to provide contact information to me if you choose to submit a question or request to me via email or by using my “contact me” form. The information that you will need to provide will include a name, and one or more means to contact you (whether by telephone or email address);

Subscribing: You will need to provide contact information to me if you choose to receive updates and information periodically. This contact information will include a first name and either an email address, or a username for a particular social networking service (e.g. Twitter, Facebook, Linked In etc);

Commenting: You will need to provide contact information to me if you choose to make a comment in relation to any content. This contact information will include your name, contact details – including email address – and (if they can be used to identify you) the views which you choose to express. Additionally, you may choose to submit personal information in the form of a small photograph, Avatar or Gravatar;

Signing up for my email list: My website provides you with the opportunity to opt-in for receiving marketing communications from me. All email sent from my organisation will clearly state who the email is from and provide clear information on how to contact me. There will also be clear information on how to remove yourself from a mailing list so that you will receive no further communication from the list and your details will be removed from the system.

ConvertKit email marketing:
My email newsletters and blog posts are managed by ConvertKit for marketing purposes. Your contact information of first name and email address are stored by them on my behalf and are only accessed by me.  When you subscribe for these you are asked to give your consent to receive emails  and to receive relevant marketing communications for services, before being added to the list. If you unsubscribe, using the link provided at the foot of all emails, these will be removed from their system. Their privacy policy is available here: https://convertkit.com/privacy

Accessing Restricted/Members Only Content: Some information I provide is only available to those who register by providing certain contact information (usually a name and email address and sometimes a phone number)

Website links to third party sites

I have no control over the content of external websites that I am linked to, nor the privacy or protection of information you are provided with whilst visiting them. Links to or from these sites not owned or controlled by me do not constitute an endorsement of these sites or their products or information presented in them. You may wish to look at their privacy statements.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Other Activities

I may use information for purposes not listed above in the following circumstances: (a) where specifically authorised by you; (b) where the use is related to one of the primary purposes listed above and where it could reasonably be expected; (c) where it is necessary for me to comply with the law.

Your rights under GDPR

  • You have the right to request access to your client record and receive an explanation of what is held within it.
  • You have the right to withdraw consent to the storage of your data, to request erasure or correction of your client record, to request portability where it applies in law, and to object to or restrict collection and processing of your data.
  • You have the right to know the sources of personal data not originating from yourself and the right not to receive unsolicited marketing.
  • You have the right to be made aware of any company’s automatic decision-making processes (e.g. profiling) and any significance
  • You will be made aware of any data breaches within 72 hours. You will be compensated for any damage or distress caused by the data breach.
  • You have the right to complain to the ICO if you are unhappy with the data processing arrangements, and to engage representation from a not-for-profit body in doing so.
  • You have the right to have information about you deleted, to have any inaccuracies corrected and to have access to all information about you, free of charge, within one month.

Updating your information

If any of your personal information needs updating or correcting please let me know,

Your right to complain to ICO

You have a right to complain if you are unhappy about any of the above by contacting the Information Commissioner’s Office here: https://ico.org.uk/concerns although I trust that you would try to discuss this with me in the first instance.

Any working contract shall be construed and governed in all respects in accordance with the laws of England and Wales and any dispute or differences in relation to this agreement shall be subject to the exclusive jurisdiction of the English Courts.

Your consent

When you book a service with Therapy with Davina you will be asked to give your consent for this Privacy Statement. That action will acknowledge that you fully understand and accept this policy for the storage of records and gives your consent to the use of personal and sensitive data for the purposes stated above.

When you use the website, you are giving your implied consent to the uses related to the website as listed above.

November 2020