Privacy Policy
We at Shore Psychology CIC take your privacy seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).
We are registered with the Information Commissioners Office (ICO). For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding
the collection or processing of your data should be addressed to Sophie Revesz at our address: Shore Psychology CIC, 2 Sandport Place, Edinburgh EH6 6EU. This policy describes how the personal data is collected, handled and stored to meet the company’s data protection standards- and to comply with relevant laws. Our lawful basis for holding personal data is consent and the processing of special category data falls under article 9 (2) (h) health or social care (UK GDPR)
Data we Gather & Use of Your Information
Personal Data that we receive comes directly via self-referral or via third parties, such as GP’s. In order to work safely and effectively with you, and to arrange appointments and
Invoices we will typically collect information including name and address, date of birth, contact phone number, email address, GP details, private health insurance details (where applicable) Bank details and medical and mental health history.
During the course of your contact with us and follow on treatment and therapy, we will collect additional personal data relevant to treating you. This is to enable us to provide the support and treatment you required from us.
You may opt-in to receiving marketing updates such as emails and newsletters. You have the right to opt-out of our processing your data for marketing purposes at any time by contacting us at [email protected]
Confidentiality and Disclosure
Any discussions during clinical consultations are strictly confidential and will not be shared with any third parties. It should be noted that there are 2 exceptions to this rule, due to the nature of psychological therapies and treatment.1) We are obliged, under the professionals Duty of Care, to contact the relevant services, if we believe the client is in immediate danger of harming themselves or others. (we will endeavour to inform the client before this disclosure) 2) Mental Health professionals are required by their accredited bodies to undertake regular professional supervision. This can include discussion about the professional’s caseload with a supervisor to ensure standards and best practices are being upheld.
We do not disclose sensitive personal data such as race, religion or political affiliation without your explicit consent.
Storage and Transfer of Data
All client records and therapy notes are held on our practice management software system. The software system we use is Zanda (formerly PowerDiary). This software management system is GDPR compliant and ISO27001 accredited. ISO 27001 is an internationally recognized standard, validated by a certified and independent third-party auditor, acknowledging the organisation’s policies and practices related to mitigating risks, ensuring data confidentiality, integrity, and availability, and proactively responding to information security threats. All data stored in this system is stored on UK based servers.
Data Retention
We will keep financial records for a minimum of seven years to comply with HMRC requirements. If HMRC requirements change, we will adjust accordingly.
We will keep individual client records for the duration of their tenure as a client, or for a 7-year period, in line with best practice guidance from the British Psychological Society.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we hold.
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Use of Cookies
Our website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our website. Such information will not identify you personally – it is statistical data about our visitors and their use of our website. This statistical data does not identify any personal details whatsoever. We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies; you may be unable to access particular sections of our website.
Third Party Links
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Your Rights
The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed on page 1 of this document, or by email to [email protected]. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address provided on page 1 or by email to [email protected]
Changes to this policy
We may update these policies to reflect changes to our processes and customer feedback.
Please regularly review these policies to be informed of how we are protecting your personal data.
Shore Psychology CIC. Privacy Policy V1.0 January 2025