This page outlines your privacy as a client, or when making an initial enquiry about our services.
In accordance with GDPR, we are registered with the ICO (INFORMATION COMMISSIONER’S OFFICE). Our registration number is A8325014. Personal Data Conventions of Psychologists and Psychiatrists
Basic personal data, such as client names, addresses, phone numbers and emails, are collected to create a client record and be able to keep in contact with each client. At the end of an appointment, the client and the therapist make the next appointment (if applicable) at a time that suits both parties.
However, in some cases, the client or therapist may need to change or cancel the next appointment before it takes place – for example, if a psychologist is called to court, or if a client can no longer make the date arranged. It is important to hold this client data (and for clients to retain contact details for Lighthouse Psychology) to make new arrangements.
Lighthouse Psychology only employs psychologists and psychiatrists registered with the HCPC (Health and Care Professions Council). They therefore follow HCPC Standards of Proficiency: for example, the setting for psychology appointments is in a private and safe space where conversations cannot be overheard by others. However, in some cases the psychologist or psychiatrist will conduct assessments in other spaces, such as in the family home, which may have less privacy. The environment for an assessment or appointment is decided on a case-by-case basis.
Private psychologists and psychiatrists will, at times, be informed that a client is at serious risk of harming themselves or others, or that they must provide data for legal proceedings. In extreme circumstances, a client may not be able or willing to consent to their data being shared, but data may have to be shared to prevent harm to the client or other people, or to abide with the law.
If Lighthouse Psychology is required to share data in such situations where safety and health are severely compromised, only relevant data will be shared, and it will always be shared securely. This data sharing will be recorded by Lighthouse Psychology, including the justification for sharing, the individuals who received the information, and whether it was shared with or without consent.
If a referral is made for a client to an additional non-emergency service, such as a medical practitioner or specialist, data will be shared with the client’s consent.
You can read more about the British Psychological Society’s code of conduct and ethics for psychologists here.
Issues of safeguarding children are particularly important, as Lighthouse Psychology often works with children and families and various support agencies, such as social services. Statutory guidance on safeguarding children is part of the law and must be followed unless there is a substantial reason to support not doing so.
When working with children and families, the HCPC states that a child deemed to be Gillick competent (able to make their own informed decisions) can give consent to work with a psychologist, whether or not parental consent is given. The psychologist does not have to inform a Gillick competent young person’s parents that they are working with the child, thus keeping client-therapist privacy intact. If parents are divorced or separated, only one parent needs to provide consent.
This Website Will:
Track the pages you visits via Google Analytics
This Website Will:
Allow you to share pages with social networks such as Facebook (If available)
Data can take many forms, but the most basic will include:
- Client name
- Phone number/s (mobile or landline)
- Email address
When becoming a client or having an initial consultation, this can expand to:
- Clinical notes, including initial consultation
- Payment details, if agreeing to become a client
- Formal psychological or psychiatric assessment reports
- Contact details of a client’s GP and, if applicable, psychiatrist, either private or NHS, to keep them informed
We often work with local authorities and law courts. This widens the range of data we need to collect as professionals, and we are required to share the data with relevant parties in court and police proceedings. We may also receive data from these relevant parties about a client or the proceedings they are involved in. Additional data could include:
- Basic contact data of professionals we engage with from related agencies
- Emailed or written content from communications about ongoing or prospective cases
- Statements and testimonies from legal proceedings
- Medical records for the purpose of preparing reports
- Court bundles
- Police records
We do not share data with third parties for marketing purposes. We do, however, need to share data when required by agencies such as local authorities, social workers and solicitors, e.g. on receiving court orders for disclosure, or police investigations.
The external parties holding your data, such as your GP, legal representative or local authority, are duty-bound to store this data securely. In the case of a data breach, they must inform you and Lighthouse Psychology.
In the case of job applicants applying to vacancies at Lighthouse Psychology, the data we collect will include an applicant’s CV, basic contact details, and – at a more advanced stage of the recruitment process – details of references and referee contacts. At the interview stage, we will create notes about the interviewee and their answers, as standard in any job interviewing process. Applicants’ data will be kept for up to six months after initial contact about a vacancy, before being deleted.
Data is stored electronically and on paper by Lighthouse Psychology and is accessed by our data controllers when required, such as ahead of a client session or when asked by a client’s GP to provide an update on their care.
Data controllers are your named psychologist or psychiatrist at Lighthouse Psychology (if you become a client or complete an initial consultation), plus our head psychologist and founder, Dr. Christine Tizzard, and the company secretary and administrator, Shiona Watson.
Digital data is kept on password-protected electronic devices; written data is kept in secure filing cabinets and in a secure location. Irrelevant data which we have no lawful or professional reason to hold will be deleted.
By its very nature, data transmission over the internet can never be 100% secure, and its level of security depends on both parties’ cooperation (e.g. not using unsecured Wi-Fi networks, or internet-enabled devices that aren’t protected by passwords or firewalls). However, Lighthouse Psychology takes every reasonable effort to prevent loss, theft or unauthorised amendments of data.
Necessary phone call data from client or agency calls, such as the data mentioned previously, is recorded on paper-stored logs where necessary.
Any mail sent through the post is signed for or recorded delivery; most communication is via email.
If there were a breach of data security, such as hacking or theft of devices that hold data, clients (and those who have contacted us as potential clients) would be informed of this breach within 72 hours of us establishing that a breach has taken place.
Data protection law dictates that client data should not be kept for ‘longer than is necessary’, but no specific time limit is enforced. However, under common law, records can be kept for up to six years to protect from claims of personal injury or breach of contract initiated by a client.
At Lighthouse Psychology, client data is destroyed after six years. Data from prospective client queries which do not lead to a client-therapist relationship is destroyed after one year.
Subject Access Requirements occur when you make a request to see the data a company holds on you – in this case, Lighthouse Psychology. When a Subject Access Requirement is made, we will respond to it within one calendar month.
A copy of the requested information will then be sent to you, unless it is deemed by legal standards to be ‘manifestly unfounded or excessive’, in which case you will be told why the request has been refused.
If you find that your requested information is inaccurate (for example, your phone number is wrong) and needs amending, you are welcome to notify us of the corrections needed. If we have shared this inaccurate data with another data handler in the client process, such as your GP, we will inform them of the error.
This page was last updated on 08/03/2019