Your privacy is of great importance to me and I am committed to complying with the terms of the General Data Protection Regulation (GDPR) regarding the responsible and secure use of your data. I have a legitimate interest in processing personal data in order to provide psychological services. The purpose of this statement is to let you know what personal information I gather and hold, why this data is collected, how long it is kept and what your rights are with regards to this personal data. I am registered with the Information Commissioner's Office (ICO).
WHAT INFORMATION WILL I GATHER?
Personal data such as name, address, date of birth, gender, GP/medical practitioner details, employment or occupation details, telephone numbers, email address and on-line addresses. I also gather any data you give me regarding personal and family background, alongside potentially sensitive data relating to medical and mental health conditions.
WHAT DO I USE YOUR INFORMATION FOR?
To provide clients with psychological services requested.
To notify you about changes to your appointments and the services I provide.
To fulfil any administrative, legal, ethical and contractual obligations.
WHAT INFORMATION DO I SHARE?
I will not share any information about you with other organisations or people, except in the following situations:
Consent – I may share information with relevant medical professionals or others whom you have requested or agreed I need to contact.
Serious harm – I may share your information with the relevant authorities if I have reason to believe that this may prevent serious harm being caused to you or another person.
Compliance with law – I may share information when the law requires me to - i.e. safeguarding, terrorism, drug trafficking and serious crime.
Clinical Will– I have a clinical will which means in the event of my sudden death or a serious accident or illness, a named colleague will be able to access the contact details so clients can be notified.
Supervision– It is an ethical requirement for any clinician offering psychological services to have regular supervision. Any supervisor used is an accredited member of the relevant accrediting body and works within their ethical framework.
HOW DO I KEEP YOUR INFORMATION SAFE?
All information you provide to me is stored as securely as possible. I will take all reasonable precautions to prevent the loss, misuse or alteration of information given.
All paper forms and correspondence are kept in locked filing cabinets. All electronic files are kept on password-protected devices with virus protection software.
All information is limited to administrators needed to maintain my services. Any personnel that have access to these files abide by this privacy statement and/or hold their own privacy statement that complies with the GDPR terms.
For live chat or audio-webcam appointments, wherever possible, I use Zoom which features end-to-end encryption for added security.
Client notes and other documentation are destroyed seven years after the end of the psychological services offered for adults and seven years post age 18 years old for children and young people.
Any known data breaches will be reported to the ICO within 72 hours.
Any requests for personal data need to be made through a formal request and will be supplied within one month.
My website, Heather Cuffe Psychotherapist, is maintained by myself and Sinead Cuffe. Your details are not stored on their systems for any contact requests made through them.
Under the GDPR, you have the right to:
Access your personal data - Rectify, erase or restrict your data - Object to the processing of your data - Request transfer of data (data portability).
You may withdraw your consent for Heather Cuffe to hold and process your data at any time. However, if you do this while actively receiving psychological services, the service would have to end. You can withdraw your consent by stating this on an email to
If you have any concerns about the way Heather Cuffe handles your data please contact firstname.lastname@example.org. If you feel this has not been resolved effectively you have the right to contact the Information Commissioner's Office (www.ico.org.uk)