Privacy Policy

Serenity of Mind Therapy is committed to protecting the privacy and security of
your information. This policy describes how we collect and use personal information
about you during and after you engage with our services, in accordance with the
General Data Protection Regulation (GDPR).

We are a “data controller”. This means that we are responsible for deciding how we
hold and use personal information about you. We are required under data protection
legislation to notify you of the information contained in this privacy policy.

Data Protection Principles

The personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and
    not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those
    purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

What kind of information does Serenity of Mind Therapy hold about you:

We may collect, store, and use the following categories of personal information
about you:

• Personal contact details such as name, title, addresses, telephone numbers,
and personal email addresses.
• Date of birth.
• Next of kin and emergency contact information.
• GP details

How does Serenity of Mind Therapy collect your data?

Data is collected only through the completion of our online contact me and new client registration forms, assessment and sessions.

How does Serenity of Mind Therapy use your data?

We will only use your personal information when the law allows us to. Most
commonly, we will use your personal information in the following circumstances:

• Where we need to perform the contract, we have entered into with you (i.e.,
contact details used to arrange appointments, issue invoices contact next of
kin or GPs).
• Where we need to comply with a legal obligation.

We may also use your personal information in the following situations, which are
likely to be rare:

• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest (or for official purposes).

Who will see my data?

Your data will only be used within the scope of managing your appointments,
invoices and personal safety. Your data will not be shared with other services for any
other reasons.

How do we store your data?

Your data will be stored electronically, we have put in place appropriate controlled
electronic storage security measures to prevent your personal information from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have put in place procedures to deal with any suspected data security breach
and will notify you and any applicable regulator of a suspected breach where we are
legally required to do so.

How long will we retain your data?

We will only retain your personal information for as long as necessary to fulfil the
purposes we collected it for, including for the purposes of satisfying any legal,
accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can
no longer be associated with you, in which case we may use such information
without further notice to you. Once you have terminated your contract with us, we will
retain and securely destroy your personal information in accordance with all
applicable laws and regulations.

Changes to Personal Information

It is important that the personal information we hold about you is accurate and
current. Please keep us informed if your personal information changes during your
therapy.

How can I review my data?

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a “data
subject access request”). This enables you to receive a copy of the personal
information we hold about you and to check that we are lawfully processing it.

• Request correction of the personal information that we hold about you. This
enables you to have any incomplete or inaccurate information we hold about
you corrected.

• Request the erasure of your personal information. This enables you to ask us
to delete or remove personal information where there is no good reason for us
continuing to process it. You also have the right to ask us to stop processing
personal information where we are relying on a legitimate interest and there is
something about your particular situation which makes you want to object to
processing on this ground.

• Request the restriction of processing of your personal information. This
enables you to ask us to suspend the processing of personal information
about you, for example if you want us to establish its accuracy or the reason
for processing it.

• Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information,
object to the processing of your personal data, or request that we transfer a copy of
your personal information to another party, please contact us in writing via email.

Privacy, Confidentiality and Data Sharing

The privacy and confidentiality of your sessions is of the utmost concern. While I
might keep brief process notes of your session, this information will only be shared
under the following conditions:

Clinical supervision: I undergo monthly clinical supervision to ensure the
quality and ethical process of my practice. All information within supervision
sessions will be anonymised and treated as confidential by all parties involved
in the process.

Legally required: under circumstances where required by statute, ordered by
a judge or presiding officer of the Court only data relevant to the request might
be shared.

In public interest: information might be shared if there is a justifiable concern
for public safety, to protect you or the public from serious harm and/or due to
the risk of serious crime.

For your personal safety: in the event that there is a serious concern for your
physical health data might be disclosed to your GP, mental health service,
social services and/or safeguarding units. Any such disclosures will be
discussed with you prior to such disclosure and you will be advised of the
steps taken.

At your request: data may be shared with such individuals and/or services as
you have requested. Any disclosures at your request will be discussed with
you in detail prior to such disclosure. Please note that I cannot make clinical
or occupational diagnosis.

Questions or Queries

If you have any questions about this privacy policy or how we handle your personal
information, please discuss in your session or contact via email. You have the right
to make a complaint at any time to the Information Commissioner’s Office (ICO), the
UK supervisory authority for data protection issues.