This statement confirms how I Hayley Marshall, use and protect any information that you give to me when you use my services. It explains how I comply with the GDPR (General Data Protection Regulation).
I am committed to safeguarding and protecting your information. If I ask you for any information, it will only be used according to this privacy statement. I may change this policy from time to time in line with legislation.
If you are a client:
Where necessary, to act in your best interests, I may need to process information that is sensitive in nature such as health information. In rare circumstances, I may need to share this information with a third party such as a GP if I consider there is a real possibility of harm to yourself or others or in such instances when information is of such a gravity that confidentiality cannot be maintained for example:
Safeguarding adults (adult protection)
Safeguarding children (child protection)
Offences involving children under the age of 18
In cases of terrorism, fraud or money laundering
Further details regarding confidentiality will be found in my Therapeutic Contract discussed at assessment.
I have procedures and security in place to ensure that I do my best to safeguard your information and prevent unauthorised access.
How I use information
To carry out the contract between us and to provide you with the services that you request from me
To keep records such as client hours
To run and maintain my business i.e. for financial records
I will store information for no longer than 7 years and no less than 2 weeks, depending on the information provided. My computer and mobile phone are password protected to ensure the safety and protection of your information. No session notes are kept on my computer but are stored in a locked filing cabinet in my home. These will be shredded within the above time frame.
If you are a course or CPD group participant:
We ask for and hold basic records when you book on to a course at CFNR. As well as your Email address, home address, and tel number, this will include some limited medical information in order to support you in the event of any difficulty whilst attending a course or group. This information will be kept in paper form in a locked filing cabinet until the course or group has been completed, and will then be destroyed. I will hold your Email address and phone number on my computer and phone. Both of these are password protected. This information will only be viewed by my administrator Eleanor Gallant, and me
Access to information
You can request access to the personal information that I hold on you and, except (for therapy clients), in limited circumstances when I am not permitted to do so for legal reasons, I will provide this information to you within 30 days.
If you think that any information that I hold about you is inaccurate, you can ask me to update your information. If you want me to delete your information, please request this in writing and I will endeavour to do so, unless I need to keep it for legal or internal business purposes.