Skip to content

Privacy Policy

This is the privacy notice of Just You. Psychology. In this document, “we”, “our”, or “us” refer to Just You. Psychology.

“Personal data” refers to information that identifies you. It will also include information about your difficulties and progress in therapy. Additionally, it will include any notes we make about our appointments.

“Processing” refers to various activities using your data. These may include collecting, recording, organising, using, disclosing, storing and deleting it.

“Condition for processing data” refers to the justification for processing the information. For instance, we would ask for your consent to process your data to deliver psychological therapies to you.

Introduction

This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal data”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.

We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately and to not book appointments with us.

We take seriously the protection of your privacy and confidentiality. We understand that all our clients and visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.

We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate. Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR). The law requires us to tell you about your rights and our obligations to you regarding the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org.

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website or appointments.

The Data Protection Act 2018 sets out the framework for data protection law in the UK. It updates and replaces the Data Protection Act 1998 and came into effect on 25 May 2018. This document explains how “Just You. Psychology” will use any personal data we collect about you, as a past, present, or future client, or when using the website, in line with UK The General Data Protection Regulation (UK GDPR).

Who we are

I am Dr Daniela Just, a Registered Clinical Psychologist and owner of Just You. Psychology. I am registered with the Information Commissioner’s Office (ICO), registration number ZB644567. My practice is also regulated and informed by the professional and ethical guidelines of The Health and Care Professionals Council (HCPC; registration number PYL38589). You can find out more about my professional and legal responsibilities on their respective websites.

https://ico.org.uk/

ww.hcpc-uk.org.uk

Data control

Dr Daniela Just is the data controlled for Just You. Psychology.

Our legal requirements

  1. To process your data in a lawful, fair and transparent way.
  2. To only collect your data for explicit and legitimate purposes.
  3. To only collect data that is relevant, and limited to the purpose(s) we have told you about.
  4. To ensure that your data is accurate and up to date.
  5. To ensure that your data is only kept as long as necessary for the purpose(s) we have told you about.
  6. To ensure that appropriate security measures are used to protect your data.  

Conditions for processing your data

The law on data protection sets out several different conditions or justifications for which an organisation or individual may collect and process your personal data. When collecting your personal data, we will discuss this with you. It is necessary, for the purpose of providing psychological services, as a healthcare professional, for us to process your personal data. Most commonly, we will process your data on the following lawful grounds:

  1. Your explicit consent
  2. Where there is a contractual obligation

When we begin working together, we will ask you to agree to our terms and conditions. This is normal practice and lays out what we expect of each other. By entering into these terms, we enter into a contract.

3. Where we have a concern about your wellbeing

We discuss your personal information in supervision for the purpose of ensuring that our practice is safe and effective, and as mandated by our professional bodies. Please see section below ‘Sharing of information for the purpose of supervision’ for more information.

4. Vital use of data

In rare occurrences it may also be necessary for us to process your personal and special category data under Vital Interests. In these circumstances we would be processing your data to protect the life of you or another person, and where you are physically or legally unable to provide consent. All attempts will be made to first process your data under another legal basis. In situations where we did have to share your personal information with third parties to protect you or another, we will only share your personal information in so far as it is relevant and necessary to protect you or someone else.

5. Legal obligation

The processing of your information may also be required due to legal obligation, for example it may be requested by the Police, a Court of Law, Coroners Office or a Professional Body in which circumstances we have no option but to comply with the law.

6. Legitimate interest

In certain circumstances, we may require your data to pursue our legitimate interest in a way which might reasonable be expected as a Clinical Psychologist. When we process data in this way, we will make sure there isn’t a chance of any impact on your rights, freedom or interest. We will never use our legitimate interest to process your sensitive data such as your case notes elating your mental health.

Special category data

The data that we collect about you will also include special category data (for example concerning your health) which it is necessary for us to process for the purpose of providing you with health or social care or treatment. We will collect information about your current and previous psychological and where relevant physical health, and your current and previous social and family circumstances during our appointments. We will also collect information about you when you voluntarily complete questionnaires. This sensitive personal information is defined as “Special Category Data” and we collect it because we are providing psychological assessment or treatment to you. “Special Categories” of particularly sensitive personal data require higher levels of protection. We need to have clear justifications for collecting, storing and using this type of personal data. We aim to collect and process only the special category data relevant to your mental health.

What type of personal data is collected and processed

By submitting a general enquiry via the website, we begin processing your personal data. For example, full names and email addresses are required to follow up with you about your request. Similarly, upon starting therapy, basic personal information will be collected for contact and identification reasons. During our therapy meetings, an assessment of your psychological health will be completed, and notes will be taken during sessions. These will include personal and sensitive details about your life. On occasions, we may audio record therapy sessions for the purpose of clinical supervision. This data will not form part of your client record and will be discussed with you in advance. You will be provided with the option to opt-out of having sessions recorded which will not impact your therapy.

All contacts that you have with the service (including by telephone, video call and email) and documentation associated with your contact (including letters and reports) will be recorded in writing electronically but can also be in paper form. This data is used solely for the delivery of a therapy service to you and to meet our professional and legal obligations. Personal data pursuant to our legitimate interests in running the business such as invoices and receipts, accounts, VAT and tax returns, will also be processed.

Website access

When you complete an online contact form, we will collect information about you and your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. All web services that we use are GDPR compliant.

Our website uses cookies. Cookies to help us to identify and track visitors and their website access preferences. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using this website. We will only collect the information needed so that we can provide you with the services you require, we do not sell or broker your data.

When someone visits this website, the website provider collects standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow our website provider to make any attempt to find out the identities of those visiting our website.

Video conferencing

Your therapy will be provided via the Microsoft Teams platform. Their privacy notice is here: https://learn.microsoft.com/en-us/microsoftteams/teams-privacy. This platform is GDPR compliant and end to end encrypted. Your session link will be unique to your session.

What we do with your personal information

We will only use your personal information to provide the services you have requested from us. In addition, your data may be used for the purpose of statistics (for example, in reviewing the number of referrals we have received). If you do not provide the personal information requested, then we may be unable to provide a therapy service to you.

Who we might share personal information with

We hold information about you and the service that you receive in confidence. However, in some circumstances we may need to share information and liaise with other parties, as outlined below:

  1. We will only agree to participate in information sharing with your written informed consent and when it is our professional opinion that it is in a client’s best interest.

In exceptional circumstances, we may need to share personal information with relevant authorities:

  1. When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
  2. When the information concerns the risk of serious harm to you as the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you wherever possible. In rare circumstances we may not be able to discuss this with you due to specific reasons e.g. we have reason to believe that to do so could increase the level of risk to you or to someone else. Such information shared will be limited only to that necessary to safeguard the person at risk and shared only with those services required to manage that risk.

Sharing of information for the purpose of supervision

For us to provide you with a quality service, and in line with our professional responsibilities, we will discuss your case with other mental health professionals for the purpose of supervision and professional advice. This will include clinical supervisors (normally another Clinical Psychologist) but may also include other health professionals. This will be done with your best interests in mind. Your identity will be kept confidential, and no names will be used. Anyone that we discuss your case with will be bound by the same data protection guidelines.

What we will NOT do with your personal information

We will not share your personal information with third-parties for marketing purposes. We will not share information about you or your involvement with our service with any individual outside of our service except when your prior consent has been obtained. This includes any request to confirm or deny your contact with our service.

How your personal information is stored

All information that is collected is kept confidential and private (within the limits thereof – see above for further information on this). We store private and confidential information electronically. All electronic devises and programs that are used are GDPR compliant and either password/passcode protected, and whenever possible, we use encryption, and/or password protection, to protect your data if/when it is sent electronically (e.g. a GP letter). Any email correspondence, or correspondence via the contact form on our website will also be stored. Your contact details will be stored electronically on your client record in a secure folder.

Our website is hosted on the WordPress platform. For information on how our website provider may use your personal data please see https://en-gb.wordpress.org/about/privacy.

How we ensure the security of personal information

We take your privacy very seriously. All Data is held in the EEA. We do not store personal data outside the EEA. All data storage services used are fully EU and UK GDPR compliant and details are available on request. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/biometric security, mobile security and antivirus software.

Where possible, discussion of personal information will be minimised in phone and email communication. Written communication will usually occur electronically. Sensitive personal data will be sent to clients in an email attachment that is password protected. Our email provider is GDPR compliant and uses TLS (transport layer security) which encrypts our emails on our server and when in transit to you, as long as your email provider also supports TLS. We advise our clients to ensure that their email provider supports TLS encryption and is GDPR compliant. You are also encouraged to password protect any documents that you send to us containing sensitive information or personal data. We can provide you with further information about this on request. We will never use open or unsecure Wi-Fi networks to send any personal data.

How long is information stored for- data retention

Your information is kept for the time necessary to provide the service requested. After this time, your data will be stored for a period of 6 years following the end of your involvement with the service (the data retention period), to comply with legal obligations that are placed upon us by our insurers. Your data will be deleted at the end of the end of the calendar year in which the data retention period ended.

Your rights

We are committed to protecting your rights detailed in the UK GDPR and the Data Protection Act 2018. They include:

  • Right to object

You have a right to object our processing or use of your personal information. But remember in some cases we are bound by law to process your data. If you have given consent for us to collect and process your personal data, you have the right to change your mind at any time and to withdraw that consent. However, please remember that if you withdraw your consent, because of the nature of our services, we may not be able to continue supporting you.

  • Right to a copy of your information and a chance to correct inaccuracies

You have the right to request a copy of any information about you that we may hold at any time to check whether it is accurate. To ask for that information, please contact us via email to justyou.psychology@outlook.com. To protect the confidentiality of your information and the interests we will ask you to verify your identity before proceeding with any requests for information. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to request such information.

  • Right to be forgotten

You have the right to ask us to forget you from our records. We will uphold this right unless there is a legal obligation such as a contractual agreement or it is in our legitimate interest to keep your data.

  • Right to be informed

You have a right to be informed, to know what we are doing with your data and why. We will publish privacy notices wherever they may be required to clearly explain our reasons.

  • Right to restriction

You have the right to ask us to stop processing your data for a number of different reasons. For example, it might be because you think the data we hold about you is incorrect, or maybe you think we were doing something wrong. Please contact us for further details.

  • Right or portability

If we hold information about you and you want us to ‘port’ it or send it to another organisation that does similar work or provides a similar service, you can ask us to do this. This service will be free of charge, and we will endeavour to provide this service without undue delay.

Right to complain

If you feel that your data has been handled incorrectly, or you are unhappy with the way we have dealt with your query regarding the way we use your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK. You can call them on 0303 123 1113 or go online to www.ico.org.uk/concerns

If you have any feedback about the service you receive from us, or you are not satisfied with your experience, please contact us. It is possible that we can resolve your complaint and we welcome feedback.  If you make a complaint, we will always take it seriously as it allows us to improve the service that we can offer to others.

If you have a complaint or concern about our professional practice, you can also contact The Health and Care Professions Council.

Acknowledgement

Please ensure you have thoroughly read this policy and contact us if you have any questions about its contents. You will be asked to confirm agreement with this policy prior to your first appointment. Attendance at your appointment, or payment for your session, constitutes your acceptance of this policy.