Paul is a registered Mental Health Nurse with the UK Nursing and Midwifery Council (NMC) who practices a variety of psychotherapeutic, complimentary therapy & holistic based interventions. Paul also holds a British Psychological Society (BPS) approved certificate in clinical supervision.
Paul is registered as the data controller and is committed to protecting the rights of individuals in line with the UK Data Protection Act (DPA) (1998) and the new General Data Protection Regulation (GDPR)(2018).
Paul takes the collection, storage and use of personal data very seriously. In this document, you will find an explanation of why certain data is collected, how it is processed and the steps taken to ensure data security at all stages.
What kind of information is collected?
Paul may collect the following information from individuals requesting advice, support, intervention, supervision, mentoring, participation in group activities and any other interventions and activities that may be offered.
• Name;
• Date of birth;
• Gender;
• Contact details, including address, telephone numbers, address and email address;
• The name and contact details of an individual’s General Practitioner (GP);
• The name and contact details of any other individuals/professionals providing support;
• The name and contact details of an emergency contact
• Details of the reasons for requesting a service and, any previous diagnosis relevant to this;
• Source of introduction;
• Medical and Health related information;
• Disability, medical evidence, psychiatric and, medical assessment reports;
• Details of ongoing assessments, disclosures and conversations established during any interventions.
• Data is also collected from website visitors using technology known as cookies, cookies may collect device ID’s, IP addresses, the type of device an individual is using and location data. If you would like to know more about my use of cookies and how to manage them, please read my cookie policy
Why individual data is collected
The legal basis for processing personal data is that an individual will have given consent to the processing as part of a signed consent form and also agreement to this privacy statement. Data may be used as part of regular audit and quality control of interventions, for training purposes, as part of clinical research, clinical and non-clinical supervision of individuals and, in order to provide accurate assessments and interventions.
Any information provided will only be used for the purpose for which consent has been obtained. Individuals will be asked to give separate consent for every data processing activity that is undertaken or if disclosure is required outside of the therapeutic relationship. In extremely rare circumstances Paul may have to reveal information to others e.g. when any individual is at risk of serious physical/psychological harm or death, a child or vulnerable person is in danger, someone has committed a crime against an individual or acts of terrorism are being planned. Should such a need arise to disclose information, in the majority of circumstances Paul would discuss directly with the individual making the disclosure when he needs to do this.
How your information will be used
1. In order to provide appropriate support; the details submitted and discussed with Paul will be safely recorded for use in future sessions. The information collected will also enable Paul to make decisions and recommendations to other health professionals should this be required.
2. The information provided will also help Paul assess, plan, deliver and evaluate interventions.
3. For the purposes of; safeguarding, promoting the welfare of client’s and maintaining client safety and security.
4. For the purposes of monitoring; which allows him to fulfil any compulsory external auditing revalidation and reporting requirements to regulatory bodies such as the Nursing and Midwifery Council (NMC,) Eye Movement Desensitization and reprocessing (EMDR) UK association, EFTi, Brainspotting UK, and any other professional bodies Paul may be registered to.
5. For the purposes of fee payment, processing invoices, financial transactions and payment.
6. To help Paul deliver services effectively and to continuously improve what he does.
How data is processed
i. To access services individuals will initially be asked to complete and return a personal details form or questionnaire specific to the service being requested either via an internet form, via email, in person or by post. Paul uses a GDPR compliant company and holds an individual data processing agreement with them to electronically collect and send any information/data submitted on a form to him.
ii. This form and any other forms that you may be asked to complete by Paul whilst you are accessing services are stored electronically in a secure inbox and or, in folder on a password protected computer. Data may be typed-up into a secure document and notes made, which can only be accessed and viewed by authorised personnel.
iii. Personal details such as name, address, email address and contact details may be stored on password protected devices and systems, such as mobile phones, appointment scheduling/diary systems and email systems.
iv. Paul uses a GDPR compliant company and holds an individual data processing agreement with them to schedule appointments via an electronic diary. Prior to booking an appointment electronically, you will be asked for permission by this company to use your name, email and mobile phone number to make bookings via their service.
v. Payment processing, invoicing, financial transactions, receipts and donations are processed through PayPal, Zettle/PayPal point of sale or Stripe. You should only provide your personal information to either of these payment processors after reviewing their own Privacy Policies/statements. PayPal privacy policy available at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full Zettle/PayPal point of sale privacy policy available at: https://www.zettle.com/gb/legal/privacy-policy Stripe privacy policy available at: https://stripe.com/gb/privacy I share information with these processors only to the extent necessary for the purposes of processing financial transactions, I do not see or store any of your financial data such as bank/debit/credit card details that you share with either processor.
vi. Any process notes recorded whilst providing a service will be stored electronically in secure folder and on a password protected computer. Information/data may also be typed-up into a secure document and notes made, which can only be accessed and viewed by authorised personnel.vii. Data shared with other external partners and organisations, for the purposes of providing a service to individuals will only be shared once explicit consent has been provided in writing.
viii. Paul will not respond to requests from family members, friends, employers or others, not even disclosing attendance or engagement (unless explicit consent has been obtained to do so.)
ix. In extremely rare circumstances Paul may have to reveal information to others without consent, please see the “why we collect individual data” section above for further details about this.
How long will your information be held?
Any information collected and provided to Paul, including any medical information, details of intervention and participation will be held securely for 7 years and thereafter will be destroyed.
Security of your information
Data protection legislation stipulates that individual’s information is kept secure. This means that an individual’s confidentiality will be respected and, all appropriate measures will be taken to prevent unauthorised access and disclosure. Only authorised personnel who need access to relevant parts or all of the information Paul holds will be authorised to do so. Information about individuals in electronic form will be subject to password and other security restrictions, while paper files will be stored in a secured area with controlled access.
Some processing and storage may be undertaken on the Paul’s behalf by an organisation contracted for that purpose. Organisations processing personal data on Paul’s behalf will be bound by an obligation to process personal data in accordance with Data Protection legislation.
What are your/an individual’s rights?
Individuals have a right to access their personal information, to object to the processing of their personal information, to rectify, to erase, to restrict and to port their personal information.
Withdrawing Consent
Individuals have the right to withdraw consent at any time. If for any reason individuals wish to withdraw consent, it is asked that this request is submitted in writing to Paul Harries via email to; enquiry@pauljharries.com individuals will be asked to complete a Request to Withdraw Consent form and return it to Paul in writing, so it can be ensured that individuals understand what is meant by withdrawing consent and what will happen next.
How to make a complaint
If an individual is unhappy with the way in which personal information has been processed, individuals should in the first instance contact Paul Harries via email on enquiry@pauljharries.com
If an individual remains dissatisfied then they have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: -
Information Commissioner’s Office: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk