This privacy policy explains how I collect, store, and use personal information in accordance with UK data protection law and GDPR requirements.

What personal information I process

In order to provide you with services such as psychological assessment, psychological therapy, or consultation, I need to collect and process information from you which may include the following:

Personal data: Basic contact information such as name, date of birth, address, email, contact number, GP and contact details.

Sensitive personal data: Notes from our sessions, letters, reports, outcome measures, relevant medical records, school records and other relevant professionals’ records, personal and family history, relationships, etc.

In addition to any requirements of the GDPR, this information may be further protected by the British Psychological Society code of ethics and the regulating body Health and Caring Professions Council.

If you are referred by your health insurance provider, or choosing to claim through your insurance, then I will also collect and process personal data provided by that organisation.

This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.

Lawful Basis for Processing

My basis for processing your information is legitimate interests. This is information that both you and I might reasonably expect to be shared between us in order to provide you with the service you requested, with a clear understanding of how it will be used and protected.

What I do with your personal information

I take your privacy seriously and I will only use your personal information to provide the services you have requested from me. You are under no obligation to provide information to me. However, in this case I may not be able to provide you with the services you are requesting.

Categories of Personal Data Obtained

I do not obtain data from third parties unless it has been released to me with your informed consent. Data I receive will nearly always be obtained either directly from you, your representative, or your caregiver. In the case of children, this information will be obtained from the child and/or the caregiver. I may receive data from an insurance company or medical providers, again on your authorisation and knowledge.

Recipients of Data

Data received from you will be used within our partnership for the purpose of the service being provided. Except as required by law, courts, or police, I do not release data to recipients outside of our business.

How long I store personal information

I will only store your personal information for as long as it is required.  Basic contact information held on my mobile phone is deleted within 6 months of the end of therapy.

Sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.

How your personal information is used

I use the information I collect to:

• Provide services to you.

• Process payment for such services.

Who I might share personal information with

I hold information about you and your therapy in confidence. This means that I will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:

• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. I may also share information with that organisation to provide treatment updates.

• In cases where treatment has been instructed by a solicitor or another organisation, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

In exceptional circumstances, I might need to share personal information with relevant authorities:

• When there is need-to-know information for another health provider, such as your GP.

• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.

• When the information concerns risk of harm to you, or risk of harm to another adult or a child. I will discuss such a proposed disclosure with you unless I believe that to do so could increase the level of risk to you or to someone else.

How I ensure the security of personal information

I aim to minimise the sharing of sensitive personal information via phone and email wherever possible. Sensitive personal data will be sent to you in an email attachment that is password protected. I will never use open or unsecure Wi-Fi networks to send any personal data.

Personal information is also stored on a computer and on secure server. Appropriate security software and measures are in place to protect personal information. Mobile devices are password protected and secured using appropriate security measures.

Website Data and Cookies

My website may use basic coolies or website analytics to help understand website traffic and improve user experience. You can adjust your browser settings to refuse cookies if you prefer.

Your rights

A complete summary of your rights is available on the Information Commissioner’s Office website. You may request copies of data I hold on you and I will provide this information free-of-charge within 30 days. However, if your request is unreasonable or you have made repeated requests for the same information, I may refuse to comply unless and until a fee is paid or an agreement reached on the data to be provided. You always have the right to file a complaint with the Information Commissioner’s Office if you feel I have violated your rights under the GDPR. I will do my best to provide your information in a format that you can understand and use.

I reserve the right to refuse a request to delete personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society and The Health and Care Professional Council.

Contact

If you have any questions about this privacy policy or how your personal information is

handled, please feel free to contact me directly.

Email: drmeravzini@gmail.com

Telephone: 07903 880018