Name – Samara Mahmood
Telephone – 07392403940
Email – email@example.com
I, Samara Mahmood, am the Data Controller and Processor of Inner Resolve.
I take confidentiality very seriously and direct you to my FAQs page for further information as to how I maintain your confidentiality.
The basis on which I keep client data is that of “legitimate interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide therapy or clinical supervision or tuition) and that it is data that you would reasonably expect me to hold and use.
The data I hold includes:
Basic information such as name, email address, phone number
Information that you give me as part of the work we do together
Records of what interventions that I use (or potentially do not use) in our sessions
Emails, texts and/or messages sent between us
Information sent from any third party, e.g. GP, insurance company, Employee Assistance Program (EAP)
Audio recordings of sessions (unless you specifically object)
Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”. However, data on any criminal offences (including allegations, proceedings and convictions) is even more tightly controlled and so I need your specific consent in order to hold any such information.
I do not share data with anyone, except possibly your GP (see GP info section below), and for any reasons covered by the Requirements for Disclosure section below. However, if you do make a complaint about me to my professional body, I would be entitled to share your notes with any investigation procedures.
I primarily use data to enable me to provide therapy for you. I could use the data for scientific research purposes and statistical purposes.
Details of where data is held:
All emails sent between us are held either on my computer’s hard drive or exchange server or if archived, in Dropbox which is secure cloud based storage which is itself GDPR compliant.
Any that may be held on my Smartphone are fingerprint/code protected.
I hold Texts/WhatsApp messages/Messenger messages on my Smartphone which is fingerprint/code protected.
Your notes are handwritten and I keep them in a locked filing cabinet. A coding system enables me and only me as your therapist to know whose notes are whose, but a stranger seeing the notes will not be able to identify who they referred to.
I shred credit card information as soon as processed.
If you use PayPal or online banking then clearly these systems will hold your data. I will download from these systems for accounting purposes and the resulting spreadsheets are held in Dropbox. When sent to my accountants, they will be password protected.
Any recordings are stored in a secure computer database on a computer which is not connected to the internet and is password protected and accessible only by me
Your data is kept for 7 years. The length of time is based on the requirements of my insurer.
After this time any paper records are shredded and computer records permanently deleted.
I take the security of data seriously and as such:
All data is held securely (see details of where data is held above)
Any data transmitted is sent encrypted where possible
For accounting purposes Excel spreadsheets are used
I am not in control of data (including emails and texts) which you send me.
Apps such as Facebook routinely access any information held and this is beyond my control.
If there is any breach of data security I will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
You have rights with regards to the data held:
The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include case notes or data such as address/email/phone
The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure
The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
The right to object to:
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). I do not engage in these things
Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
Automated decision making and profiling. I do not engage in automated decision making or profiling
Each website you visit can send its own cookie to your browser if your browser’s preferences allow it. To protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
How to control and delete cookies;
You may restrict or block the cookies which are set by our website, or any other website, through your browser settings. You can also ask your browser to alert you when a cookie is issued.
For more information about cookies and how to manage them is available at www.aboutcookies.org
I use Google Analytics to understand how visitors engage with my websites. It collects information anonymously and reports website trends without identifying individual visitors. For more information visit Google Analytics privacy and security information.