Privacy Policy

 
tree_logo.png

Overview

Ssanyu Therapies Ltd aim to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected. This policy describes the information that we collect when you use our services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 [and the subsequent UK Data Protection Bill that is expected to be enacted in 2018]. The policy describes how we manage your information when you use our services, if you contact us or when we contact you. BH use the information we collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, ST is the data controller; if another party has access to your data we will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why we need to provide them with the information. If your questions are not fully answered by this policy, please contact our Data Protection Officer (Misha Camara, Director of Ssanyu Therapies Ltd) If you are not satisfied with the answers from the Data Protection Officer, you can contact the Information Commissioner's Office (ICO) https://ico.org.uk.

Why do we need your personal data?

• Identify who you are and communicate with you in a personal way. The legal basis for this is a legitimate interest.
• Deliver and offer our services to you. The legal basis for this is the contract with you.
• Process your payment for the services we offer. The legal basis for this is the contract with you.
• Confirm your identity so that we can be sure we are dealing with right person. The legal basis for this is a legitimate interest.
• Provide you relevant information (such as self-help resources). The legal basis for this is your consent.
• Provide you with a useful and relevant website, which includes information that is we may need to discuss. The legal basis for this is legitimate interest.

What personal information do we collect and when do we collect it?

For us to provide you with the relevant service, we need to collect the following information:

• Your name

• Your date of birth

• Your contact details including a postal address, telephone number(s) and electronic contact such as email address.

• You GP’s name and address and, where applicable, the contact details of other health professionals involved in your care. When taking a referral (and where relevant), we may also collect the following information relating to your current and past psychological difficulties and diagnoses:

• Any current/past psychological diagnoses

• Any current/past psychological symptoms • Any relevant physical health conditions

• Your current risk of suicide/self-harm

 • Your past admissions to hospital, suicide attempts and/or self harm

How do we use the information that we collect?

We use the data we collect from you in the following ways:
• To communicate with you so that we can inform you about your appointments with us we use your name, your contact details such as your telephone number, email address or postal address.
• To create an invoice, we use your name and email address

Where do we keep the information?

We keep your information as described below:
• On our personal computers. These are password protected and the hard drives are encrypted. Passwords are changed every 90 days and it is our policy that passwords are not shared. We do not use Dropbox, Google Drive or any other cloud service to store your data.
• As a paper copy. Prior to our assessment, we ask you to complete a paper and/or electronic registration form and to sign a copy of our terms and conditions. We take hand written and/or electronic notes during both assessment and treatment sessions, which we store in your personal file. These notes are used to create assessment and discharge letters when requested.

 How long do we keep the information?

The Data Protection Act (1988) states that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. This means that we will not store or keep personal data for longer than is necessary or required by law. Personal data will need to be retained for longer in some cases than in others. A decision in how long personal data will be retained will be based on individual needs.

 A judgement will be made about:

 • the current and future value of the information;

• the costs, risks and liabilities associated with retaining the information; i.e. the ease or difficulty of making sure it remains accurate and up to date. The minimum recommended period for retention of adult mental health personal data is seven years. When we destroy records, we shred paper records and any electronic files are deleted.

 How long do we keep the information?

The Data Protection Act (1988) states that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. This means that we will not store or keep personal data for longer than is necessary or required by law. Personal data will need to be retained for longer in some cases than in others. A decision in how long personal data will be retained will be based on individual needs.

 A judgement will be made about:

 • the current and future value of the information;

• the costs, risks and liabilities associated with retaining the information; i.e. the ease or difficulty of making sure it remains accurate and up to date. The minimum recommended period for retention of adult mental health personal data is seven years. When we destroy records, we shred paper records and any electronic files are deleted.