Privacy Policy

Privacy POLICY

1. Introduction

I am committed to protecting the privacy and security of your personal information. I take care to protect the privacy of my clients details when they communicate (online or offline), over the phone, through websites and on social media platforms.

I have developed this privacy policy to inform you of the data I collect, what I do with your information, what I do to keep it secure as well as the rights and choices you have over your personal information.

For the purpose of Data Protection Regulations, the data controller is myself, Hazel Wallace.

2. The information I collect and when

I only collect information that I know I will genuinely use and in accordance with the General Data Protection Regulation (GDPR) 2018 and applicable clinical confidentiality guidelines set out by Professional Bodies such as the BABCP.  I may hold and use personal data about you as a client when you complete a form, email me or speak to me. This may include sensitive personal data such as information on your mental health.

The type of information that I will collect on you, may include the following. By providing me with this information you are giving me your explicit consent to process this data for the purposes of providing a service to you:

• Your name.
• Date of Birth.
• Address.
• Telephone number(s).
• GP details.
• Email address.
• Emergency contact person.
• Demographic details 
• Clinical notes and reports about your health and treatment that has been kept during treatment or received from or sent to authorised third parties.
• Details of referrals, correspondence that I may have had with you or sent to me via third parties.
• Client feedback and treatment outcome information you provide.
• Survey responses.
• Information you give me if you make a payment to me.
• Information about complaints and incidents.
• Other information received from other sources, including enquiries that you have made via my website. 
• Where you use my website I may automatically collect personal data about you including your Internet protocol (IP) address, information about your visit to my site including the URL and pages you searched or clicked on. My website uses cookies to distinguish you from other users of my website. When you first access my website I will request your permission to use Cookies. Please follow the link for more information.
  
   

3. How I use your information

• To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted me about;
• Provide you with the information that you request from me;
• To enable me to carry out my contractual obligations to you arising from any contract entered into between you and me;
• To enable me to undertake audits, in order to check the accuracy of information I hold on you and the quality of the treatment or care that you have received; 
• To provide you with information that I think might be of interest to you provided you have given me your consent to contact you; 
• To take payment from you or give you a refund;
• For statistical analysis and to get feedback from you about my service, website and other services and activities. For example, I routinely ask for feedback via my client satisfaction questionnaire which is on Survey Monkey;
• To provide you with information on wellbeing and mental health related issues via my Facebook page if you chose to like and follow me;
• I will not pass your information onto others for commercial purposes. 
  
   

4. Who I might share your information with

I may share your personal data with others in the following circumstances:

 

• If the law or a public authority says I must share the personal data;
• If I need to share personal data in order to establish, exercise or defend my legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); 
• From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information I share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
• Your GP provided you give me consent to do so. Under rare circumstances I have a statutory obligation to break confidentiality, namely if I believe that a client is at risk to themselves or others under the Mental Health Act 2007, or if I believe that a child is at risk of  significant  harm under the Children’s Act section 47, 1989. In these instances I will contact your GP and other relevant authorities.
• Professional regulators in the event that a complaint is made about my professional conduct and this needs to be investigated by their professional regulatory body.
• Professionals are required to undertake supervision by their regulatory body as a means of ensuring good practice, this involve discussing client details with other professional, however this will always be done anonymously.
  
   

5. How I keep you updated on our services

I may send you relevant information e.g. appointment reminders by email, phone and text on occasions, but only if you have previously consented to receive these when you complete your case form. You can opt out of this choice at any time by letting me know.

6. Your rights over your information

6.1.1 Right to Access Your Personal Information

You have the right to access the personal information that I hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If I agree that  I am obliged to provide personal information to you (or someone else on your behalf), I will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.

I will ask for proof of identity and sufficient information about your interactions with me that I can locate your personal information.

If you would like to exercise this right, please contact me as set out below.

6.1.2 Right to Correction Your Personal Information

If any of the personal information I hold about you is inaccurate or out of date, you may ask me to correct it. It is important to understand that this right does not extend to matters of opinion by clinicians.

If you would like to exercise this right, please contact me as set out below.

6.1.3 Right to Stop or Limit My Processing of Your Data

You have the right to object to me processing your personal information if I am not entitled to use it any more, to have your information deleted if I am keeping it too long or have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact me as set out below.

6.1.4 For more information about your privacy rights 

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers are available publicly. You can access them here https://ico.org.uk/for-the-public.

You can make a complaint to the ICO at any time about the way I use your information. However, I hope that you would consider raising any issue or complaint you have with me first. Your satisfaction is extremely important to me, and I will always do my very best to solve any problems you may have.

7. How long I keep your information for

I retain a record of your personal information in order to provide you with a high quality and consistent service. I will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary.

If you are a client then I am required by law to keep your clinical records for a period of 7 years after my last contact with you at which point they will be deleted/ shredded. For children this will be until the age of 25. In some circumstances I may anonymous your personal information so that it is no longer associated with you i.e. Clinical outcome data and retain this indefinitely in order to monitor and evaluate my service. . If you are not happy for me to do this then please let me know.

8. Giving your reviews and sharing your thoughts

When using my website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review my Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

9. Security

Data security is of great importance to me and to protect your data I have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data. 

I take security measures to protect your information including:

• Restricting access to personal data of clients to only those that are required to access it for the purposes of carrying out the agreed service or job role.
• Ensuring that 3rd parties, Associates who process information on my behalf (such as 1 & 1 IONOS and Mayden) are aware of their contractual obligations as a data processor and under Data Protection Regulation.
• Ensuring that computers, phones and portable data storage devices are password protected.
• Ensuring that computers are fitted with malicious software including firewalls and anti-virus protection.
• Ensuring that written note are not left unattended, and always stored in a locked filing cabinet at the end of the day.
• Ensuring that personal information (notes, reports etc.) are kept securely whilst in transit from a clinical base.
• Ensuring that written consent for sharing information is always obtained in the first therapy session and a copy of this given to clients if they wish this.
• Ensure that personal data sent by email to third parties, Associates (i.e. reports) is password protected and sent via an encrypted email provider.
• Burning or shredding confidential information once the time period for retention has lapsed.
• Having an SSl certificate on my website to encrypt the communication between my website and the user.
• Being registered with the Information Commissioners office (ICO).
• Personal data shall not be transferred to a country or territory outside of the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection in accordance with Data Protection Laws.

Please note that sending information directly to my email address may not be completely secure as sending information in this way cannot be totally guaranteed. If you do communicate with me via this route then I suggest you only send limited information and ask me to get back to you.

Please also note that my website and Facebook page may contain links to other external sites, these sites have their own privacy policies and I am not responsible for their content and you should check their privacy policy before submitting any personal information.

10. How to contact me

I have used reasonable means in compiling this privacy policy. In the event that I have made any material errors or omissions, please notify me of this and I will rectify them in a timely manner.

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy or the way your personal information is processed, please contact me by one of the following means:

By email: info@hazelwallace.com

 

Thank you for taking the time to read this Privacy Policy.

This Policy was last updated on 13th February 2025