Privacy Notice
Who is the data controller: Lois Peña
I am committed to protecting any information that I may hold. If I ask you for any personal information, please be assured that I will only use it in accordance with this privacy notice.
What personal information do I hold?
The information I hold about you or your child may include:
· name,
· contact details (telephone and / or email), postal address.
· date of birth.
· case history details
· Health details (background information for case history purposes).
· Education details (background information for case history purposes).
· details of assessments and therapy sessions. (Casenotes)
· reports that I have written
· reports or other personal information from other professionals that I have received
· emails sent and received
· photographs, audio recordings or videos (for use in therapy or for personalised resources)
If a person is under 18 I will gain consent from their parent/ legal guardian to hold this information.
(I may ask to see a birth certificate to check your child’s age)
If an adult is deemed to not have capacity to give consent I will ask their nominated power of attorney or an appointed person. In some cases, a “best interest decision” may be made.
The personal information is used to provide an effective professional Speech and Language Therapy service. Some of these details I am required to keep to meet my professional obligation as a therapist. (see below)
You will be asked to agree to me holding this information about you or your child.
Meeting my professional obligations
It is a legal requirement for all Speech and Language Therapists to be registered with the Health and Care Professions Council (HCPC). The HCPC has clear standards of conduct, performance and ethics that all registrants must adhere to.
These standards affect the way in which we process and share information. Specifically:
Standard 2: Communicate appropriately and effectively
“You must share relevant information, where appropriate, with colleagues involved in the care, treatment or other services provided to a service user.”
Standard 10: Keep records of your work
“You must keep full, clear, and accurate records for everyone you care for, treat, or provide other services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access.”
For further information the full document can be found at:
http://www.hcpcuk.org/assets/documents/10004EDFStandardsofconduct,performanceandethics.pdf
How do I use your personal information?
I use this information:
• To prepare, plan and provide speech and language therapy services appropriate for you or your child/family member’s needs
• To communicate with you via post, email, telephone, mobile messages and SMS in relation to: - confirming and preparing for appointments - general communication in between appointments - sending reports and programmes (always password protected)
- copying you in to communications with other professionals involved (initials rather than full name will be used in emails)
- sending you resources
- sending you invoices and receipts
• For clinical audit to assess and improve our service. Results of audits are always presented with all client identities removed
• For management and administration, for example surnames of clients are included in my password protected accounting database
Whenever personal identifiers are not needed for these tasks, if possible I remove them from the information we use.
Do you share this with anyone?
I share information strictly on a “need to know basis”. This is usually with consent from you (unless this is required for me to share for safeguarding / legal reasons). I will record what information I share, who I share it with and for what purpose.
I may share information if
· required to by law
· in connection with any legal proceedings.
· in order to establish, exercise or defend my legal rights.
. in order to fulfil my professional obligations
I will only use data for research purposes with your permission.
How long do you hold this information for?
I only hold this data for as long as is necessary in accordance with regulations from the ICO – while complying with the Data protection act (1998) and GDPR (from May 2018)
Where do you hold this information? How do you keep it safe?
I may hold this information on paper – securely locked in a filing cabinet
Or on a storage device (encrypted) or on a computer (password protected and using security software) or on a password protected mobile device.
I have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information I collect.
For information regarding my website and the information this may gather please see – website privacy notice.
How do you detect, report and investigate a personal data breach.
A data breach is prevented by
- Using only an encrypted storage device
- A password protected computer
- Updated computer antivirus protection
- Sending personal information via password protected file via email.
- Using protected video conferencing facilities.
- Transporting only locked information.
I will detect a data breach via regular scans of the computer, checking any unusual activity online (email, passwords and log ins), checking of locked storage, checking of equipment.
If a data breach is suspected I will check all files that this may involve.
I will inform all individuals that this may include within a reasonable time period.
I will notify the ICO of any data breach that is likely to result in a risk to the rights and freedoms of individuals. (e.g. discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage)
Can I see the information you hold on me? Can I have a copy?
You can find out specifically what information I hold on you by making a “subject access request”.
A subject access request should be made to Lois Pena in writing at [email protected].
I will respond to this within one calendar month.
If the request is felt to be excessive then it maybe refused or a fee charged for time taken to locate and provide the information.
I will provide a reason for any refusal or fee.
You can appeal if I refuse to provide a subject access request.
How do I ask you to remove all information about me?
You can ask me to remove information about yourself or your child/family member by sending this request in writing via email to me at [email protected]
I will comply with this unless the information is required for
· safeguarding purposes,
· for a legal / criminal investigation
. to fulfil my professional obligations
· or to establish, exercise or defend my legal rights
The lawful reasons for processing this personal information
- The lawful basis for processing and storing personal information is one of “legitimate interest” (under article 6 of GDPR). Lois Pena cannot adequately deliver a service to clients without processing their personal information. As it is both a necessity for our service delivery and of benefit to the client, we have a legitimate interest to process and store their data.
- Data relating to an individual’s health is classified as “special category data” under section 9 of GDPR. The regulations specify that health professionals that are “legally bound to professional secrecy” may have a lawful basis for processing this data. Speech and Language therapists are legally bound to keep client information confidential, and it is under this condition that we process and store personal information.
Complaints:
You can complain to the ICO if you think there is a problem with the way I am handling your data
Website privacy notice:
I am committed to protecting your personal information.
Should I ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy statement.
What does the the website collect?:
Like most websites this website may collect certain information from our users including:
- Your name. (If you complete the contact us form)
- Contact information including email address. (If you complete the contact us form)
- Information about your computer type, operating system, length of visit, page views and browsing habits) and about your visits and use of the website (including your IP address, geographical location, browser).
- Other information relevant to visitor surveys or correspondence.
What do we do with the information we collect?
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
§ Internal record keeping.
§ We may use the information to improve our products and services.
§ For improving your browsing experience.
§ To enable your use of the services available on the website.
§ If you give specific consent you may periodically receive emails about information that we think you may find interesting using the email address which you have provided. You will be asked to “opt in “ to this.
§ If you give specific consent we may also use your information to contact you for market research purposes. We may contact you by email or phone but only if you have given permission for this.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Disclosures
We do not generally disclose our information to third parties. We may disclose information about you, to our website host as reasonably necessary for the purposes set out in this privacy policy. In addition, we may disclose your personal information:
§ To the extent we are required to by law.
§ In connection with any legal proceedings.
§ In order to establish, exercise or defend our legal rights.
§ in order to fulfil my professional obligations.
Links to other websites
This website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. You may request details of personal information which we hold about you under the Data Protection Act1998 and from May 2018 under the GDPR. (see Privacy Notice above)
Cookies
Like all websites, Lois Pena – Independent Speech and Language Therapy website uses cookies. A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognise a user’s device and respond to them as an individual. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Affiliate Links
This site uses affiliate links. I receive a small commission at no extra cost to you. Thank you for your support if you use these links!
I hope to be a member of affiliate advertising programmes designed to provide a means for my website to earn advertising fees - by advertising and linking to affiliated sites. (I will list these sites when I have signed up to the programmes).
The way affiliate links work is that if you make a purchase using one of my links, I make a small commission.
I will always try to include a brief and honest review of a product I place a link to. Maintaining your trust is very important to me. PLEASE MAKE SURE YOU READ MY REVIEW OF A PRODUCT before you purchase it. I may include links to products that I don’t particularly recommend. Please also remember that this is only my opinion of a product. I would strongly recommend reading other reviews on the products website before making YOUR OWN decision.
I cannot be held responsible for the quality or success of the product you purchase on someone else’s website.
If I have been given a product to review I will state this clearly and will still provide an honest personal opinion.
Your support is greatly appreciated.
NB I am an Apple.com affiliate but they no longer pay commission for apps.