GDPR Data Protection - Dr Annahita Nezami Kingston Psychological Therapy

GDPR

GDPR Privacy Policy

GDPR & Privacy Policy – What is it? You may be aware of new laws relating to General Data Protection Regulation (GDPR) that are in effect from 25th May 2018.  The purpose of GDPR is to provide a set of standardised data protection laws across all EU member countries.

This Privacy Notice is relevant to anyone who uses Dr Annahita Nezami Psychological Therapies Service. Dr Nezami respects your privacy and takes her responsibility to protect your privacy very seriously.  She wants to be completely open about the way she uses the data you entrust to her. With this in mind, Dr Nezami has published an updated Privacy Notice on her website to give you more information about the data she holds on you and how she is complying with these laws.

1. Who is Dr Annahita Nezami

You are supplying your personal information to Dr Annahita Nezami Psychological Therapies.  Dr Nezami is a counselling psychologist.  She provides psychological services such as individual and couples psychological therapies and community workshops.  She specialises in the treatment of depression, anxiety, stress, trauma and personality disorder.

GDPR & Privacy Policy laws have advised that organisations/companies need to identify a Data Controller Officer.   Dr Nezami is the Data Controller Officer for Dr Annahita Nezami Psychological Therapies.

What Dr Nezami will NOT do with your personal information

Dr Nezami will not share your personal information with third-parties for marketing purposes.

2. How to contact Dr Nezami about this Privacy Notice

Dr Nezami has two consultation rooms in Kingston upon Thames, Surrey and Hampton, Middlesex.  She runs a sole trader business, with minimal input from external agencies.

Please contact Dr Nezami with any questions or requests about the personal information she processes.

Email: annahitanezami@gmail.com

Post: Nature’s Medicine, 8 Station Approach, Hampton TW12 2HY

3. What are your rights?

Dr Nezami is committed to protecting your rights to privacy. These rights include:

  • Right to be informed about what Dr Nezami does with your personal data
  • Right to request and have a copy of all the personal information Dr Nezami processes about you
  • Right to rectification of any inaccurate data Dr Nezami processes, and to add to the information she holds about you if it is incomplete
  • Right to be forgotten and your personal data destroyed
  • Right to restrict the processing of your personal data
  • Right to object to the processing Dr Nezami carries out based on her legitimate interest

4. Why does Dr Nezami collect personal information about you?

If Dr Nezami collects information about you it is because you are a current or previous client of hers.

Under the new GDPR & Privacy Policy laws, Dr Nezami has to detail why she needs to process your data.  Dr Nezami processes data because it is in her ‘legitimate interest’ as a counselling psychologist to do so. She needs to see and analyse documents containing this information in order to provide her expert advice, to carry out assessments or to deliver a psychological intervention.

Another lawful reason for Dr Nezami processing your data may be her ‘Legal Obligation’.  For instance, if she is processing “special category data” about you.  This is likely to be relevant if you are being assessed as part of a litigation claim. Dr Nezami’s lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care treatment.

5. What information does Dr Nezami collect about you?

Dr Nezami will collect information about you that may include personal or sensitive information, such as:

  • First name or given name
  • Family name or surname
  • Video Conference ID (online therapy)
  • Address
  • Telephone numbers (home phone, mobile/SMS number)
  • Date of birth
  • Gender (or preferred identity)
  • Relationships & children
  • Occupation
  • Email address
  • General practitioner (GP) details
  • Psychiatrists details
  • Next of kin
  • Medical conditions (if relevant)
  • Signed therapy contract/agreement
  • Therapy records (client code linking documents, brief session notes, assessments, letters, reports and/or outcome measures)
  • Prescribed medication
  • Psychological history and current difficulties
  • Sexuality
  • Offences (including alleged offences)
  • Financial information, including bank account details (if you are a private client)

To make sure that you are assessed and/or treated safely and appropriately, Dr Nezami records your personal information (detailed above), as well as appointments and the results of assessments and letters (internal/external) relating to your care.

Dr Nezami also processes personal data pursuant to her legitimate interests in running Dr Annahita Nezami Psychological Therapies business such as:

  • Invoices and receipts
  • Accounts, VAT and tax returns

a) Patients/clients (Therapy or private assessment)

When you are a client of Dr Nezami’s she will record the personal information detailed above.  She will also collect information regarding your treatment and details of your appointment in order to help her plan treatments professionally and effectively.

Dr Nezami’s will also collect basic contact information such as a suitable mobile phone number which will  logged on your terms and conditions form and on her business mobile phone.

If you are referred via an insurance company, Dr Nezami will need to communicate with the relevant insurance provider.  Dr Nezami may also collect some of this information from your insurance provider, if you have one, and some of this information will be collected directly from you.

b) On-line therapy

Dr Nezami offers her clients’ in the United Kingdom the ability to have therapy via the online therapy/video conferencing platforms (FaceTime or Skype), if the arrangement is agreed to by both parties. When you are a client of Dr Nezami’s she will record the personal information detailed in section 5, and if you agree to online therapy, she will also collect video conference ID and profile details.

It is important for you to be informed of and understand the information that can be collected about you when opting for online-therapy and video conferencing technology (Face Time / Skype) and the risks and procedures involved with using such methods.  Dr Nezami cannot guarantee the privacy or security of any session content being sent over the internet. There is a potential that video conferencing sessions can be intercepted and reviewed by others, and it is possible that there could be disruptions to therapy due to technological difficulties. Public parts of your Skype profile are also visible to everyone else on Skype. Please do not put details in your profile that you do not want to be publicly available. In addition, Skype may disclose personal information to respond to legal requirements, to protect Skype’s interests, to enforce their policies or to protect anyone’s rights, property or safety.

For more information about Skype security and privacy, please see: http://www.skype.com/en/security/

c) Clients undertaking court reports

In the case of a court report, Dr Nezami retains the personal information as required by the courts or your solicitor. Dr Nezami may be given some of this information from your solicitor or the party instructing her for the purposes of litigation, and some of this information will be collected directly from you.

In many cases, an individual will have already consented to the transfer of their personal data to Dr Nezami. Where an individual has consented, he or she may easily withdraw consent by notifying Dr Nezami and/or the legal firm/insurance company dealing with the matter.

d) Website collection of information

Dr Nezami collects information about you when you register with her or place any order for services. She also collects information when you voluntarily complete contact forms on her website www.annahitanezami.com.  If you complete a web-based enquiry form, Dr Nezami will also collect any information you provide as well as your internet protocol (IP) address.  This is automatically supplied by the website software used to offer the form.  All web services used by Dr Nezami are verified by themselves as GDPR compliant. However, Dr Nezami will be unable to access or send clients particular website activities or information as she does not have access to such information. Dr Nezami, makes every effort to minimise the amount of personal information that is required at the first point of contact.  However, it is each individual’s personal responsibility to ensure they omit highly sensitive information on the websites contact page.

Dr Nezami’s website uses cookies. The cookies are used to personalise content and to analyse traffic.  Some of your information may be used with partners of this website who may combine it with other information they have collected from you if you have used their services.  Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of this site.

e) Emails and online communication

Dr Nezami occasionally corresponds with clients via Gmail emailing system, often to schedule and confirm therapy appointments.  She takes every precaution to ensure this emailing system is secure. She minimises risk by periodically (monthly) deleting confidential and sensitive emails provided by her clients. However, as with all online internet systems, there is a risk of private data/emails being intercepted by hackers or external organisations.  Dr Nezami will make every effort not to email highly sensitive materials pertaining to client’s healthcare.    Dr Nezami will ensure that confidential or sensitive information/documents such as psychological reports and letters are not sent in the main body of emails, instead she will email the document(s) as a separate password protected Word or PDF document.   The passwords for sensitive documents will be sent to clients separately via text, face-to-face or over the phone.

Dr Nezami requests that her clients abide by the same emailing methods and accepts no liability or responsibility for any damage or loss due to sending/receiving of sensitive/personal data/information via emails.

6. How does Dr Nezami store the information about you?

Once Dr Nezami receives your data, she makes best efforts to ensure your data is secure and remains private.  All the personal information you provide as a client of Dr Nezami will be stored in compliance with GDPR rules.

Dr Nezami runs a small sole trader business and has therefore opted to adhere to a paper filling system (hard copies).  Your names will not be included on the therapeutic summaries and needs assessment files.  These files will use initials and a numerical coding system.  Your signed terms and conditions document, which will include personal details such as your name, phone number, address and GP details will be stored separately to your therapeutic files.  Dr Nezami stores your files in a locked filling cabinet, at her consultation room in Hampton or at her home office.  She may also, from time to time, briefly hold various “special category data” and occasionally store some reports electronically.  For example, some therapy information is occasionally stored in a folder on Dr Nezami’s business laptop.  All work files and sensitive or confidential documents are password protected/encrypted or anonymised. Malware and antivirus protection is installed on her computing device. Mobile devices are protected with a passcode/thumbprint scanner. Dr Nezami will only use your personal information to provide the services you have requested from her.If you do not provide the personal information requested, then she may be unable to provide a therapy service to you

7. How long does Dr Nezami keep your information for?

Dr Nezami will not keep your data for longer than is necessary.

Administrative Data:Administrative data is retained for up to six years, in case of the unlikely event there are queries from HMRC. Where it is not necessary to retain the data for six years, it will be destroyed as soon as possible.

Mobile Phone:Basic contact information held on Dr Nezami’s business mobile phone is deleted within 6 months of the end of therapy.

a)    Patients/Clients (Therapy or private assessment)

Sensitive/personal data such as client therapy summaries and assessment notes are stored for up to seven years after the end of therapy.  This is in accordance with British Psychological Society and Health and Care Professions Council guidelines.  After this time, this data is deleted at the end of each calendar year.  Where it is not necessary to retain the data for seven years, it will be destroyed/shredded as soon as possible.

b)    Legal cases and clients undertaking court reports

Personal data in legal cases is retained, where necessary, for six years in compliance with our professional indemnity obligations. Where this is not necessary, it is destroyed/shredded on the conclusion of the case.

8. Who does Dr Nezami share your personal information with?

Your information is kept confidential at all times.  Some of your information may need to be occasionally shared with external professionals/agencies.

By contacting the Data Controller/Information Security Officer, by email and/or using the address provided in section 2 or the address at the end of this Privacy Notice, you can get more details on:

  • Agreements Dr Nezami has with other organisations for sharing information;
  • Circumstances where Dr Nezami can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
  • How Dr Nezami collects, uses and deletes personal data; and
  • How Dr Nezami checks that the information she holds is accurate and up to date

Dr Nezami holds information about each of her clients and the therapy they receive in confidence. This means that she will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties, for example:

  • If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then Dr Nezami will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
  • Dr Nezami shares minimal personal data, on a need to know basis, internally with management staff and receptionist at her consultation rooms in Kingston and Hampton. This information might include appointments and first names of clients.  She also has written a short therapeutic will and has directed a therapeutic executer.  This is to ensure you will be contacted in the event of her death, should you still be in therapy with her.
  • In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

In exceptional circumstances, Dr Nezami might need to share personal information with relevant authorities:

  • When there is need-to-know information for another health provider, such as your GP.
  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
  • When the information concerns risk of harm to the client, or risk of harm to another adult or a child. If Dr Nezami becomes aware of your intent to cause serious harm to yourself, or another person/organisation (e.g. terrorism), the law may require that she inform an authority without seeking your permission. In such a situation, the law may also require that Dr Nezami share your personal information without your knowledge.

All healthcare professionals are required to adhere to their own strict professional and contractual codes of confidentiality.  Where possible Dr Nezami will anonymise personal identifying information so that individual clients cannot be identified via emails or correspondence.

a)    Patients/Clients (Therapy or private assessment)

In many circumstances Dr Nezami will not disclose personal data without consent. If Dr Nezami needs to share your information, she will always try and ask for your permission for this. However, she may not be able to ask your permission to share your information under special circumstances, for example where she is legally required to do so.

Your information may also be shared with outside organisations who are directly involved in your care/case, for instance, your insurer if they are funding your treatment, your GP, or your psychiatrist. Dr Nezami will ask your permission before making contact.

If you are referred by your health insurance provider, then Dr Nezami will collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.

Dr. Nezami will provide the highest levels of confidentiality and will make every effort to keep your personal data secure.  However, there are some exceptions to keeping of confidentiality, for instance:

  • Instances in which you may be a danger to yourself or If your health is in jeopardy Dr Nezami may share your contact information with an emergency healthcare service (e.g. police or Mental Health Crisis Team).
  • Instances in which Dr Nezami believes you may be a danger to others
  • Instances where Dr Nezami is required by law to report criminal activity
  • When Dr Nezami has to investigate or be part of an investigation or complaint she may need to share personal information with external bodies.
  • Dr Nezami’s professional clinical supervision where she will discuss some information relating to client’s presenting problems in order to gain professional guidance.

b)    Clients undertaking Court Reports

Dr Nezami does not share personal data with anyone external to the organisation, other than the organisations mentioned above, or with:

  • Those who have instructed Dr Nezami as an expert witness
  • On very rare occasions, outsourced service providers such as photocopying companies and digital dictation services, pursuant to GDPR compliant written contracts
  • With others pursuant to a court order

9. How you can access your information and correct it?

Make a “subject access request” or “right of access” request in writing to Dr Nezami (data controller) to request any personal information she may hold.

Dr Nezami makes every effort to be as open as she can be in terms of giving people access to their personal information. Individuals can find out if Dr Nezami holds any personal information by making a ‘subject access request’ or ‘right of access’ under the Data Protection Act and the General Data Protection Regulation. Dr Nezami, will usually respond/share data within 30-days of receiving your request. There may be an admin fee for supplying the information to you and Dr Nezami may request further evidence from you to check your identity. A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).  You have a right to get your personal information corrected if it is inaccurate. You can complain to a regulator If you think that Dr Nezami has not been complied with data protection laws, you also have a right to lodge a complaint with the Information Commissioner’s Office (ICO).

Upon a formal request being made Dr Nezami will supply to you:

  • A description of all data she holds about you
  • Inform you how it was obtained (if not supplied by you)
  • Inform you why, what purposes, she is holding it
  • What categories of personal data is concerned
  • Inform you who it could be disclosed to
  • Inform you of the retention periods of the data
  • Inform you around any automated decision making including profiling
  • Let you have a copy of the information in an intelligible electronic form unless otherwise requested
  • You may ask Dr Nezami to correct or remove information you think is inaccurate. Dr Nezami reserves the right to refuse a request to delete  client’s personal information where this therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirments for record keeping by the British Psychological Society and The Health and Care Professions Council (HCPC).

b)    Clients undertaking Court Reports

If your concern is related to a case with a solicitor that we are working for, please refer the queries through them. Dr Nezami may not be able to comply with a request to correct information she holds about you where it pertains to a litigation claim – this would need to be discussed with your solicitor.

10. How to make a complaint 

Dr Nezami tries to meet the highest standards when collecting and using personal information. For this reason, she takes any complaints she receives about this very seriously. She encourages people to bring to her attention if they think that any of her collection methods or use of information is unfair, misleading or inappropriate. She would also welcome any suggestions for improving her procedures. If you do have a complaint about GDPR & Privacy Policy laws please contact Dr Nezami in the first instance who will investigate the matter.

If you are not satisfied with the response from Dr Nezami or believe she is not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner’s Office (ICO), their contact details are:

Contact information ICO:
Website: https://ico.org.uk/concerns/
Email: casework@ico.org.uk
Telephone: +44 (0) 303 123 1113


Health & Care Professions Council Logo British Psychological Logo