Privacy policy.

The Support System (trading name for ‘Dr Claxton Psychology Services Ltd’) takes the privacy rights of all our clients seriously and we adopt a high standard of compliance and confidentiality when dealing with your data.  We want you to understand that this is a safe place for you to discuss your feelings and concerns and we operate in a highly confidential environment.  This privacy notice sets out the details of how we collect and process your personal and sensitive data when using our services.

Dr Claxton is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this privacy policy.

We keep information (data) about you when you make contact with us or use our services.  We aim to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected. This privacy notice sets out the details of why and how we collect your data, where we keep it, how we keep it safe and what your rights are.

1.        How we collect and use your personal data

We may hold data from associates; clients; advisers; consultants and other professionals. We will only collect information from you that is relevant to the matter we are dealing with.

If we are working with you directly (for example providing therapy services) then the data we collect from you is as submitted by you via email, over the telephone, video-conferencing technology or during face-to-face consultations. 

If you work for an organisation that has contracted our services (for example if we provide supervision to you through your employer) then your data (such as name and contact information) may be provided to us through this ‘third party’ (e.g. your employer).  In these circumstances we request your employer gains your consent before your details are shared and following this, you will be provided with a copy of this privacy notice.

2.        What data we collect

We may collect data that is defined as “personal data”.  Personal data is any information about you from which you can be identified.  It includes details such as (but not limited to) your: name, address, contact details, employment details, financial data, bank account and payment card details. 

We may also collect information referred to as being “special category” (this could include; physical and mental health details, racial and ethnic origin, religious beliefs, criminal convictions, sexual orientation, political opinions, trade union membership).  We require your explicit consent for processing this sensitive data.

Your psychologist may take brief notes of the discussion during sessions or during professional supervision consultations.  These will contain no names or identifying details of any client you discuss. 

We may collect technical data about you when you use our website, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

3.        Why do we collect your data and how we use it?

We will use your sensitive personal data (that is any special category data you have provided to us and given explicit consent for us to process) for the purposes of providing our services to you or if we need to comply with a legal obligation. Our legal ground of processing this data is your explicit consent (this can we withdrawn at any time by advising Dr Melanie Claxton)

We will use your non-sensitive personal data to (i) register you as a new client, (ii) provide our services to you (psychological therapy, consultation and/or supervision) (iii) manage payment, (iv) to manage our relationship with you, (v) collect and recover monies owed to us (vi) send you details of our goods and services.

Our legal grounds for processing your data in relation to points (i) to (iv) above are for performance of a contract with you and/or your employer and in relation to (v) and (vi) above, necessary for our legitimate interests to develop our products/services and grow our business and to recover monies owed.

As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.  Please see section 8 below  on Cookies for more information.

We will never share your details with third parties for marketing purposes.

4.        Disclosure of your personal data

The information and data outlined above is treated as confidential.  This means that, aside from a couple of exceptions outlined below, we will not share your information with anyone without your consent.

There are certain exceptions to client confidentiality where we may have a legal duty to share certain information:

•                     When the information concerns risk of harm to you, another adult or a child.  Where possible we would always aim to discuss this disclosure with you first, however if we believed the danger to be imminent or that the disclosure would increase risk to you, another adult or a child then we may not be able to do so.

•                     When disclosure is in the public interest to prevent a miscarriage of justice or where there is a legal duty, e.g. a Court Order.

•                     When there is need-to-know information for another health provider, such as your GP or emergency services.

•                     In the case of our professional supervision services only, information may be shared with your employer and/or line manager if there are significant concerns about risk to you and/or to your clients including if we are concerned about your professional conduct. You will be informed of this before information is shared, where at all possible (it should only be in exceptional circumstances that you are not informed prior to information being shared).

We may have to share your personal and sensitive data with (i) service providers who provide IT and system administration support including software providers for accounting, marketing and practice management solutions, (ii) professional advisors including other healthcare professionals, lawyers, accountants, bankers, auditors and insurers (iii) HMRC and other regulatory authorities (iv) other professionals for the purposes of discussing your care.

We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.

5.        International transfers

Some of our third party providers may be businesses outside of the EEA in countries which do not always offer the same levels of protection for your personal data. We do our best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within Europe. If we are not able to do so, we will request your explicit consent to the transfer and you can withdraw this consent at any time.

6.        Data security

We have put in place security measures to prevent your personal and sensitive data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal and sensitive data to those associates and third parties who have a business need to know such data.

They will only process your personal and sensitive data on our instructions and are subject to a duty of confidentiality. We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measurements and in accordance with GDPR requirements.  Specifically:

·       Paper notes: All anonymised paper notes from sessions are stored in a locked cabinet in Dr Claxton’s home address. 

·       Electronic notes: All electronic notes are stored in a secure cloud drive (Dropbox) with two factor authentication (2fa). They may also be stored briefly on Dr Claxton’s computer which is password protected. 

·       All email systems are password protected and encrypted and have 2fa.  

·       Mobile phones are password protected.

In the event of a personal data breach we have in place procedures to ensure that the effects of such a breach are minimised and shall liaise with the Information Commissioner’s Office (ICO), any applicable regulator and with you as appropriate.

In certain circumstances you can ask us to delete your data. See the section entitled ‘your rights’ below for more information.

We may anonymise your personal and sensitive data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. This may be for purposes such as knowing how many people we have provided a service to in one year.

7.        Data retention

We will only keep your personal and sensitive data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements so for example we need to keep certain information about you for 6 years after you cease to be a client for tax purposes.

You have the right to ask us to delete the personal and sensitive data we hold about you in certain circumstances. See section 6 below.

8.    Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

What's a cookie?

•A "cookie" is a piece of information that is stored on your computer's hard drive if you agree to this and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.

  •Cookies are used by nearly all websites and do not harm your system.

We are required to obtain your consent for all non-essential cookies used on our website. You can block cookies (including essential cookies) at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block essential cookies you may not be able to access all or parts of our site.

How do we use cookies?

•We use cookies to track your use of our website. This enables us to understand how you use the site and track any patterns with regards how you are using our website. This helps us to develop and improve our website as well as products and / or services in response to what you might need or want.

•Cookies are either:

- Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any personal data from your computer; or

- Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We use persistent cookies for Google Analytics.

•Cookies can also be categorised as follows:

- Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when buying a product and / or service. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

- Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.

- Functionality cookies: These cookies allow our website to remember choices you make and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised.

- Targeting cookies: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

- First and third party cookies: First party cookies are cookies set by our website. Third party cookies are cookies on our website that are set by a website other than our website, such as where we have adverts on our website or use Facebook pixels so that we can show you relevant content from us when you are on Facebook.

You can find more information about the individual cookies we use and the purposes for which we use them below:

ss_cid:

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cpvisit:

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvisit:

30 minutes

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvr:

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvt:

Identifies unique visitors and tracks a visitor’s sessions on a site

Universal Analytics (Google):

_ga
_gali
_gat
_gid

These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.

 Application firewall cookie

_zjc*

This cookie is set by a third-party web application firewall from Dyn to help maintain the security and performance of our website. Some traffic may receive a challenge to check if it is genuine and if it is, a cookie is set so the user isn’t challenged again.

 Security breach notification form cookie  

ASP.NET_SessionId 

This cookie is essential for the breach notification form – the form that public electronic communications service providers use to notify the ICO of a security breach – to operate. It is set only for those people using the form. This cookie is deleted when you close your browser.

 YouTube cookies

PREF*
VSC*
VISITOR_INFO1_LIVE*
remote_sid*

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
Read more at YouTube’s embedding videos information page.

PREF - * Expires after eight months
VSC - * expires at the end of your session
VISITOR_INFO1_LIVE - *expires after eight months
remote_sid - * expires at the end of your session

You can alter your cookie preferences at any time through your web browser.  Except for essential cookies, all cookies will expire after two years.  If you have any questions about the cookies that we use, feel free to email us at drclaxton@protonmail.com.

9. Your rights

You are able to exercise certain rights in relation to your personal and sensitive data that we process. These are set out in more detail at

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless your request is clearly unfounded, complex, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.

We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy.  If you have any questions about this privacy policy, including any request to exercise to legal rights or if you wish to make a Subject Access Request, please send the request to our DPO Dr Melanie Claxton via email: drclaxton@protonmail.com or post: Dr Melanie Claxton, First Floor, 85 Great Portland St, London W1W 7LT.

10.  Keeping your data up to date

We have a duty to keep your personal and sensitive data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.

If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by writing to or emailing the addresses set out in section 6 above.

11. Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

12. Complaints

We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the ICO, the UK supervisory authority for data protection issues (www.ico.org.uk). 

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.