Privacy Statement

On May 25th, 2018 new legislation, the General Data Protection Regulation (GDPR), came into effect. This law ensures that you are clearly informed about personal information held about you, that you have access to it, and that it is kept confidential.

In adherence with this new legislation I will need you to carefully read through this Privacy Statement for Matthew Frener, the website www.matthewfrener.com, operated by Matthew Frener before signing and agreeing to the Terms and Conditions of Service.

I will only retain your information for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal requirements. After therapy has been completed, my default position is to keep your data for a further period of 6 years in accordance with the guidelines of my governing bodies. This can be useful if you decide to return to therapy at some point or if you require an onward referral.

However, you have the right to withdraw your consent for this information to be held and you also have the right to request to see that information at reasonable intervals. Please note that if you have any concerns or complaints in relation to how your personal data is processed by me, my regulator is the UK Information Commissioner’s Office (https://ico.org.uk/concerns/).

What data will I collect and why?

You will likely first make contact with me to inquire about one of my services through some form of electronic communication, email, via my website contact page or telephone voice or text message.

All emails to matthew@matthewfrener.com will be stored on Google Mail Cloud which is GDPR compliant and is securely password protected. Emails will be accessible from my laptop, iPhone and iPad, which are also all password protected and face or finger print encrypted.

If your initial contact does not lead to engagement with one of my services, then your emails/messages and any information will be deleted. If you become a client, then the information will be stored as outlined above. Your contact details in my telephone will be stored securely and is password protected, keeping any messages you send confidential.

Your Registration Information will Include

Your first name, surname, date of birth, gender, ethnicity, phone number, email address and residential address.

By providing your email address and telephone number, you consent to communication regarding any changes in agreed appointment time or sending you information, worksheets, material for our work together.

Emergency contact details (name, relationship to you, phone number, email address and residential address). I will only use these details in the case of an emergency and only if you have expressly granted permission when registering as a client.

Contact details of anyone medically responsible for you such as your General Practitioner (GP) or if applicable a referring psychiatrist or medical consultant.

Should you choose to not allow me to contact your next of kin in an emergency or any persons medically responsible for you, such as your GP or psychiatrist, then I have to warn you of the potential risk this may cause to you if I am not able to get help in an emergency or share relevant information about your treatment with other professionals who are looking after you. Please see below information on when I may have to break confidentiality without your permission.

Ongoing Data Collection

I may take paper process notes during the session or go through worksheets with you. Your name will not be put on these documents. You will be encouraged to take these forms with you for your own records. If there are any documents I need to keep they will be scanned and uploaded to software where I will also record brief notes about our session. Any paper notes from the session will be destroyed. This procedure allows me to limit the transport of any documents that could get lost.

Your contact details, assessment information and subsequent notes from our meetings will be kept on GDPR compliant and securely password protected software called WriteUpp. Your information is securely stored on their cloud and not downloaded to any of my computers or devices.

You have a right to access any of the data I keep on you and requests will be responded to within 30 days without charge. Any documents that may be posted to me by you or on your behalf will also be stored digitally and then destroyed.

In order to process payments and keep track of my accounts, invoices and related account information will be processed by GDPR complaint accountancy software Xero. This software will securely store your email and name to enable it to generate invoices and reconcile your account. My accountant who is GDPR compliant may have access to your name, address and payment details but none of your personal information about your treatment by logging into my accountancy software in order to prepare and file my tax returns.

Confidentiality

Therapy often requires the discussion of sensitive and personal matters. I commit to respect, protect and preserve the confidentiality of all information you disclose to me. As a general rule I will never disclose your information to third parties; however, there are some limited exceptions to that rule that I need to make you aware of:

1. if you give your express consent to disclosure (in which case, I may disclose to the extent you have consented to);

2. if I reasonably believe you are intending to cause serious harm to yourself;

3. if I reasonably believe you are intending to cause serious harm to another;

4. if I become aware or reasonably suspect that abuse of a child or a vulnerable person has taken or may take place;

5. if I am compelled to do so by order of a court or governmental entity of competent jurisdiction, but only to the extent of complying with that order.

I attend regular clinician supervision, a requirement of my ethical framework to ensure safe and reflective practice. The purpose of this supervision is for me to ensure that I am offering my clients the best possible level of care and that any clinical issues that arise in the course of the therapeutic process are addressed quickly with the support of a qualified and accredited clinical supervisor. These sessions are also strictly confidential and no names or identifiable details will be shared. All notes that relate to you and our sessions will be held securely and is password protected in software called WriteUpp, which is General Data Protection Regulations (GDPR) compliant. All details will be destroyed at a prescribed date after your counselling ends.

In summary

As aforementioned, I may collect, use, store and transfer different kinds of personal data about you which I have grouped together as follows:

Identity Data includes first name, maiden name, last name, marital status, title, date of birth and gender.
Contact Data includes address, email address and telephone numbers.
Clinical Data includes information you disclose to me in our sessions of which I make a written note (whether during or after a session).
Correspondence Data includes any correspondence you provide to me or I receive from third parties such as GP letters or communications from other healthcare professionals such as psychiatrists.
Financial Data includes records of attendance at sessions, bank account and payment card details.

I have set out below, in a table format, a description of all the ways I plan to use your personal data, and which of the legal basis I rely on to do so. I have also identified what my legitimate interests are where appropriate.