This is a privacy notice for samanthajhudson.com
I understand that your privacy is extremely important. As a result I have put in place measures to ensure that any personal data I obtain from you is processed and maintained in accordance with the General Data Protection Regulation 2016 (GDPR). This statement provides you with details of the type of information I may hold about you, how I obtain and use the information and how I protect your privacy.
Security of Personal Data
Security of personal data is my priority, I protect this information by maintaining physical, electronic and procedural safeguards that meet or exceed applicable law. I am trained in the handling of personal information. When I use other companies to provide services I also require them to protect the confidentiality of the personal information that they receive to a similar or increased level.
Collecting Personal Data
The personal data that I will collect will be, but not limited to, name, address, phone number, email address, date of birth, occupation and next of kin details. Sometimes medical records are held if as a result of authorisation from the client.
How I use your information:
I may use the personal data I hold about you in the following ways:
For verifying your identity and to establish the funding of any work that I do on your behalf
Keeping financial records
Seeking advice or reports from third parties in connection with your matter
Responding to any complaint or allegation of negligence against myself
Internal management, supervision, and planning
To provide you with information, products or services that you request from me or which I feel may interest you - where you have consented to be contacted for such purposes
To notify you about changes to my service – this is for my legal and regulatory obligations
To safeguard against fraud and money laundering and to meet general legal or regulatory obligations
You may disclose sensitive information to me as part of our therapeutic alliance. Such information could include but is not limited to your relationships with others and obtaining copies of your medical records. The provision of such data is important for us to be able to work therapeutically with your presenting issue. If you do not consent for me to process your data I will not be able to continue with your therapy. This data includes notes taken during your session. Where such data is provided, it will only be used for the purposes set out above and will be treated securely and in line with this notice.
Sharing your information
I may disclose your personal information to third parties involved in providing services to myself, or to service providers who perform services on my behalf where it is reasonable to do so. (If consent is necessary to facilitate this sharing I will ensure it is obtained prior to processing).
I am legally obliged to disclose your personal information to the extent that I am required to by law in connection with any ongoing prospective legal proceedings in order to establish, exercise, or defend my legal rights (including providing information to others for the purpose of fraud prevention and reducing risk).
I may also disclose your personal information:
To protect the rights, property, or safety of others
On occasion others involved with you may ask for information about the sessions, this information is never disclosed, nor are you ever identified as a client, for example, a former partner or family member enquiring if you are in therapy is never responded to. Counselling is a private and discrete matter.
Subject Access Request
You may instruct me to provide you with any personal information I hold about you, via a ‘Subject Access Request’. Upon receipt of such a request I will, after confirming identity, provide all relevant data I may hold to you in the most practical format unless otherwise stipulated and reasonably possible within 30 days. There is an admin charge of £25.00 for this service.
Right of Rectification
You are entitled to have your personal data rectified if inaccurate or incomplete and I will respond to a rectification request within one month if not deemed complex. I will also inform related third parties where possible if the personal data was disclosed to them.
Right of Erasure
You have ‘The right to be forgotten’ or right to erasure if there is no compelling reason for possession and continued processing of your data. Specific circumstances stated by the Information Commissioner Office include:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
When the individual withdraws consent.
When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
The personal data has to be erased in order to comply with a legal obligation
Right to lodge a complaint
If you have a complaint or concern over how your data has or will be used or feel that I have not dealt with your request to your satisfaction please contact me.
The basis for processing your data
Your personal data will only be obtained, held, used, or disclosed if you have either given consent to do so. I understand that "consent" means you have been fully informed of the intended processing of your personal data and have signified your acceptance. This is included in the contract you sign before entering therapy.
How long I keep your data
Your data will be retained for no longer than 3 months and will be managed in accordance with my data retention policy.
I am registered as a data controller with the Information Commissioner Office (ICO) and my registration number is ZA192088