Privacy Policy

Dr Clare Conway and drclareconway.co.uk (hereby referred to as ‘Dr Conway’) respects your privacy and is strongly committed to protecting your personal data.  Dr Clare Conway is the trading name of Self & Others London Ltd, a UK registered Company.

Dr Conway aims to be as clear as possible about how and why she uses information about you so that you can be confident that your privacy is protected.

This policy describes the information she collects when you use her services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill dated May 2018.

If your questions are not fully answered by this policy, please contact Dr Conway. If you are not satisfied with the answers from her you can contact the Information Commissioner's Office (ICO) https://ico.org.uk.

Below are questions you may have relating to the management of your personal data 

Who keeps my data?

Dr Conway is the data controller. This means that she is responsible for data held and for keeping this data safe in line with the law.

What personal data do you process?

  • Personal data: basic contact information such as name, address, date of birth, email, contact number, next of kin name and phone number, and GP contact details.

  • Sensitive personal data: Signed Therapy/Service Agreement, therapy records (clinical notes, letters, reports and/or outcome measures).

  • If you complete a web-based contact form, all personal information provided as well as your internet protocol (IP) address will be collected. This is automatically supplied by the Squarespace website software used to create the form. All web services used by Dr Conway are verified as GDPR compliant.

  • If you are referred by your health insurance provider, Dr Conway will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.

 

Why do you keep personal data?

Dr Conway has a legitimate interest in keeping and using your personal data. It is essential that personal data be collected and held in order to provide psychological therapy, consultancy services, and supervision services.

No information you provide is passed on without your consent. Dr Conway will never sell your personal data to others.

What do you do with my personal information?

Dr Conway takes your privacy seriously and uses your personal data to provide appropriate services and to process payments for services only. Where the necessary personal information is not provided, it will not be possible to provide psychological services to you.  

 

How long will you store my personal information?

Your personal information is only stored for as long as it is required to fulfil the purposes it is collected for and to satisfy legal requirements. Basic contact information held on a mobile device is deleted at the end of therapy.  Sensitive personal data, as defined above, is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.

By law, Dr Conway has to keep basic information about her clients and customers (including contact, identity, financial and transaction data) for 7 years after they cease being customers for HMRC tax purposes.

In some circumstances, Dr Conway may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case she may use this information indefinitely without further notice to you.

 

Who will you share personal information with?

Dr Conway holds information about each of her clients and the therapy they receive in confidence. This data is confidential and is not normally shared.  The exceptions to this are:

  • If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then your appointment schedule will be shared with that organisation for the purposes of billing. Information may also be shared with your insurer to provide treatment updates in order to extend your treatment entitlement.

  • Where you have been referred for treatment via a GP or psychiatrist, treatment progress updates may also be shared with your referrer.

  • In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

In exceptional circumstances, personal information may need to be shared with relevant authorities:

  • When there is need-to-know information for another health provider, such as your GP or psychiatrist.

  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example, a Court Order.

  • When the information concerns the risk of harm to yourself or risk of harm to another adult or a child. Dr Conway will discuss such a proposed disclosure with you unless she believes that doing so could increase the level of risk to you or to someone else.

 Dr Conway WILL NOT share your personal information with third-parties for marketing purposes.

 

Where do you keep my data?

Your data is predominantly kept in a secure cloud system, mobile phone, and within Dr Conway’s email system. All applications and programmes used to support the operation of Dr Conway’s practice, such as OneDrive, Xero, Zoom, JotForm, and Egress are all GDPR compliant.

Paper notes are stored in a locked filing system and shredded once used.

All devices are password protected and encrypted. Malware and antivirus protection is installed on all computing devices.  Mobile and i-pad devices are protected with a thumbprint scanner, mobile security and antivirus software.

 

What are my rights?

  • You have a right to access your personal information.

  • This will usually be shared with you within 30 days of receiving a request.

  • There may be an admin fee for supplying the information to you.

  • Further evidence may be required from you to verify your identity.

  • If you have concerns that your data is being handled unlawfully, you can contact the Information Commissioners Office (ICO)

  • You can make a subject access request (SAR) by contacting Dr Conway.  She may require additional verification that you are who you say you are to process this request. She may withhold such personal information to the extent permitted by law. In practice, this means that she may not provide information if she considers that providing the information will violate your vital interests.

  • Dr Conway reserves the right to refuse a request to delete a client’s personal information where this constitutes therapy records. 

  • Clinical records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000)[1]and The Health and Care Professions Council (HCPC; 2017)[2].

 

Dr Clare Conway, Consultant Clinical Psychologist

[1]The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.

[2]Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.