General Data Protection Regulation (GDPR)
Statement of Intent
Also any information you choose to supply regarding the purpose of your enquiry or therapy session(s). I rely on client consent for handling and processing personal data under ‘special categories of personal data’ for health details.
Elevated Therapy may change this policy, and Terms of Service from time to time by updating this page, and connected information.
All clients in-person, online and by telephone should check this page from time to time to ensure that they are happy with any changes.
This policy is effective from 5th May 2018.
How is this information used?
Possibly, I may use your information to contact you to give a review or testimonial for the work we have undertaken together.
I may contact you by email or phone regarding this.
I will inform you of this at our appointment should this appear appropriate, and will only do this with your agreement.
In the course of our sessions
I will confirm your email address as it may also be necessary to send emails to confirm or rearrange appointments or send you information or forms to complete to bring back to me. My email has a powerful antivirus software inbuilt into the platform and all emails are encrypted in transit and I also use Email Guardian from Avast as well which scans for threats in my incoming email messages.
I am fully compliant with the PCI DSS, and have an Information Security Policy in place for my practice. The ISP is reviewed and updated at least annually. For the purposes of clarity, I do not receive or retain your bank or card details.
I also use Sysnet Protect, a leading compliance and data security manager application.
In order to safeguard you and the people around you, if you were to disclose that you were going to carry out harm to yourself or someone else, then under my “Duty of Care” I am obligated by law to inform the relevant authorities. I would always aim to discuss this with you prior to contacting anyone.
If I was issued with a police warrant or court order for information about you, by law I would also have to provide them with the information.
Under the General Data Protection Regulations which are effective from May 2018 you have the following rights:
the right to be informed: (which is why I have produced this policy)
the right of access: if you wish to see your file then please make a request in writing to me, Michael, the Data Processor. I will provide you with the information within 30 days of your request.
the right to rectification: this is your right to request changes to any information I hold that is factually inaccurate. If you believe any of the information I hold on you is incorrect then please let me know as soon as possible and I will make the relevant changes.
the right to erasure: given the nature of our work – I am required to hold your details for a period of 8 years, from the date of your last visit or, if the client is a child, until his or her 25th birthday, or 26th birthday if the client was 17 when the treatment ended.
Afterwards, information will be securely destroyed.
the right to restrict processing: I will only use the information for the purposes that I have stated above. I uphold the common law principles of confidentiality where the duty to keep confidence is measured against the concept of ‘greater good’. If in my opinion as a therapist there is good reason to believe not to disclose would cause danger or serious harm to self, the therapist or others then your GP or other appropriate agencies may be contacted. Only information required to ensure safety of relevant parties would be disclosed.
Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime.
The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentiality.
the right to data portability: this right is more relevant to IT companies e.g. the sharing of information when moving from one utility provider to another. I will not share your information without your specific consent, other than in the situations described above.
the right to object: I will not contact you for marketing purposes unless you have given me specific consent to do so.
the right not to be subject to automated decision-making including profiling: I will not use your information for profiling purposes.
I am committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, I have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information I hold. I also have CCTV both outside and inside the premises for the explicit purposes of crime prevention and public safety. This information is secure and where necessary, encrypted. Access is restricted, and images are only retained for a short period of time.
- Hardcopy documents
Are all stored in a locked cabinet in a locked, and secure private building. I do not store electronic documents or session notes, or your contact details on a computer with personal or sensitive information. Everything is held as hardcopy.
My email account requires a user name and password and has a powerful antivirus software inbuilt into the platform and all emails are encrypted in transit. I will only ever send an email to you with personal or sensitive information with your informed and explicit consent and will always give you the option of picking it up from me personally or posting it to you. All emails held by me are kept on a password protected computer running Avast Premium Security which has a Sensitive Data Shield and delivers a complete security solution.
Your emails will be deleted when the content is no longer needed, i.e. has been acted upon or therapy has ended.
- Mobile phone and texts
I do not use a Mobile / Cell phone or use texts in the course of my work.
Elevated Therapy has social media accounts, should you wish to participate with these accounts and posts therein, your participation will be visible to the public.
Links to other websites from the Elevated Therapy network
My website(s) may contain links to other websites of interest, and may include embedded content (e.g. videos from YouTube etc.).
Dr. Michael Millett
Elevated Therapy International
21 Dudley Road
Tel: 0333 121 0788 / 01476 568800
Registered with the ICO (Information Commissioners Office). Ref: ZA358064