New laws relating to General Data Protection Regulation (GDPR) came into effect from 25 May 2018. The purpose of GDPR is to provide a set of standardised data protection laws across all EU member countries. This document sets out how Dr Joanne Weston complies with these laws.
Dr Joanne Weston is the data controller for Dr Joanne Weston’s Psychological Treatment and Expert Witness services. The ICO registration number is: 00010032401. Dr Joanne Weston provides psychological therapy and Expert Witness services from the Harbourside Practice, 3 Redcliffe Parade East, Bristol BS1 6SW.
What personal data Dr Joanne Weston processes
Dr Joanne Weston processes the following personal data from clients:
· Personal data: basic contact information: name, address, email, contact number, video conference ID (if online therapy) and GP contact details. If you are referred by your health insurance provider, solicitor, occupational health provider, or a case management company, Dr Joanne Weston will also collect and process personal data provided by that organisation. This includes referral information and health insurance policy number/solicitor, occupational health or case management company case reference number, and authorisation details for psychological treatment.
· Sensitive personal data: Therapy records (therapist notes, letters, reports and/or outcome measures) and Expert Witness instructions (reports, relevant paperwork necessary to complete the instruction - including emails - and interview notes).
The lawful basis for processing personal data
Dr Joanne Weston has a legitimate interest in using the personal data and sensitive personal data that I collect to provide health care and treatment. The data collected is necessary to provide psychological therapy or Expert Witness Services to clients.
You might also be asked for information on how you sourced Dr Joanne Weston;s services for the purpose of anonymised marketing research. You can choose not to disclose this information if you wish. No information you provide is passed on without your consent. Dr Joanne Weston will never sell your information to others.
What Dr Joanne Weston does with your personal information
Dr Joanne Weston takes your privacy seriously. Your personal information will only be used to provide the services you have requested from her.
If you do not provide the personal information requested, then Dr Joanne Weston might be unable to provide a service to you.
How long Dr Joanne Weston stores personal information
Dr Joanne Weston will only store your personal information for as long as it is required. Basic contact information held on a mobile phone is deleted at the end of therapy.
The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.
How your personal information is used
Dr Joanne Weston uses the information collected to:
· Provide services to you.
· Process and account for payment for such services.
How Dr Joanne Weston might share personal information
Dr Joanne Weston holds information about each client and the therapy they receive in confidence. This means that Dr Joanne Weston will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
· If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then Dr Joanne Weston will share appointment schedules with that organisation for the purposes of billing. Information might also be shared with that organisation to provide treatment updates if they request it or if you wish for Dr Joanne Weston to apply for extra treatment sessions over and above those already funded.
· In cases where treatment has been instructed by a solicitor, occupational health service or through a case management company, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
In exceptional circumstances, Dr Joanne Weston might need to share personal information with relevant authorities:
· When there is need-to-know information for another health provider, such as your GP or Psychiatrist.
· When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
· When the information concerns risk of harm to the client, or risk of harm to another adult or a child. Dr Joanne Weston will discuss such a proposed disclosure with you unless it is exceptional circumstances when it is an emergency or believed that to do so could increase the level of risk to you or to someone else.
What Dr Joanne Weston will NOT do with your personal information
Dr Joanne Weston will not share your personal information with third-parties for marketing purposes or any other unauthorised reason.
How Dr Joanne Weston ensures the security of personal information
Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. Dr Joanne Weston will never use open or insecure Wi-Fi networks to send any personal data.
Dr Joanne Weston uses Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
Dr Joanne Weston will also monitor any emails sent to email@example.com, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Personal information is stored on one office computer. This is password protected and only accessed by Dr Joanne Weston. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/thumbprint scanner and mobile security.
Confidential digital information will be stored in a secure cloud service hosted by Microsoft Office 365, which meets the high security requirements of GDPR.
Emails will also be sent via the Microsoft Office 365 server or external companies’ secure systems (e.g. CISCO). Confidential information sent via the internet will be password-protected when correspondence includes sensitive personal information (e.g. psychological reports). In emails, personally-sensitive information will be kept to a minimum and only included when necessary.
All information recorded on paper will be securely locked stored in a locked filing cabinet. If this is transported outside of the office, it will remain in the confidential care of Dr Joanne Weston at all times.
Letters sent by surface mail (e.g. to GPs), will be clearly marked Confidential.
Your right to access the personal information Dr Joanne Weston holds about you
· You have a right to access the information that is held about you.
· Dr Joanne Weston will usually share this with you within 30 days of receiving a request.
· There may be an admin fee for supplying the information to you.
· Further evidence might be requested from you to check your identity.
· A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
· You have a right to get your personal information corrected if it is inaccurate.
· You can complain to a regulator. If you think that Dr Joanne Weston hasn't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.
Dr Joanne Weston reserves the right to refuse a request to delete a client’s personal information where this constitutes therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000)  and The Health and Care Professions Council (HCPC; 2017) . Expert Witness data is retained for six years, in compliance with professional indemnity obligations. Where this is not necessary, it is destroyed upon conclusion of the case.
This website is hosted by 3rd party servers located in the EU which are compliant with EU legislation.
Dr Joanne Weston
 The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
 Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.
Website Legal Disclaimer
The information contained in this website is for general information purposes only. Whilst Dr Joanne Weston endeavours to keep the information up to date and correct, she makes no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will Dr Joanne Weston be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you are able to link to other websites which are not under Dr Joanne Weston's control. Dr Joanne Weston have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Dr Joanne Weston encourages you to read the privacy statements on the other websites you visit.
Every effort is made to keep the website up and running smoothly. However, Dr Joanne Weston takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond her control.