Elements Psychological Services’ Website Privacy Notice
Hello there!
Thank you for checking out our privacy policy. At Elements Psychological Services we take our client’s privacy seriously. We’re committed to protecting your privacy and handling your information in a responsible way while you use our website and services. We want you to understand that this is a safe place for you to discuss your feelings and concerns, and we operate in a highly confidential environment. This policy sets out how data is collected and processed through the use of our website and when you use our services.
We encourage you to read this policy alongside any other privacy notices we might provide, so you're fully in the loop about how and why we use your information.
Who’s in charge of your data?
The controller of your data is Dr Claire Rycroft who can be contacted on:
Email address: contact@elements-psych-services.co.uk
Telephone Number: 07849 249219
-
How we use your personal data
We take the privacy rights of all our clients seriously and we adopt a high standard of compliance and confidentiality when dealing with your data. We want you to understand that this is a safe place for you to discuss your feelings and concerns and we operate in a highly confidential environment. This privacy notice sets out the details of how we collect and process your personal and sensitive data when using our services.
The only data we collect from you is as submitted by you on the client details form provided and when you provide information over the telephone or during consultations.
We will use any health data and other sensitive personal data that we collect from you for the purposes of providing our services to you or if we need to comply with a legal obligation. Our legal ground of processing this data is your explicit consent.
We will use your non-sensitive personal data to (i) register you as a new client, (ii) manage payment, (iii) collect and recover monies owed to us (iv) to manage our relationship with you, (v) send you details of our services.
Our legal grounds for processing your data are in relation to points (i), (ii) and (iv) above are for performance of a contract with you and in relation to (iii) and (v) above, are necessary for our legitimate interests to recover monies owed and to develop our services and grow our business.
We will not share your details with third parties for marketing purposes.
-
Disclosure of your personal data
We may have to share your personal and sensitive data with (i) service providers who provide IT and system administration support including software providers for accounting, marketing and practice management solutions, (ii) professional advisors including other healthcare professionals, lawyers, accountants, bankers, auditors and insurers (iii) HMRC and other regulatory authorities (iv) third parties to whom we sell, transfer or merge parts of our business or our assets and/or (v) to other professionals for the purposes of discussing your treatment.
We may need to share your personal data with courts, legal representatives, or other relevant authorities for medico-legal purposes. This includes situations where we are required to do so by law, or where it is necessary to protect your vital interests or the interests of another person. We ensure that this data sharing is conducted lawfully and with due regard for your privacy rights.
If you are referred by your health insurance provider, then we may need to share details about your appointment schedule with your insurer for the purposes of billing and to provide treatment updates.
As an HCPC accredited clinician, we are obliged to consult with another mental health professional for supervision purposes. This is to ensure we reflect and improve on our clinical skills. When discussing clients in supervision we only refer to clients by their first name and identifiable information is minimised.
Sometimes we may need to share details with your GP or a social worker. We will always get your consent prior to doing this. When the information concerns risk of harm to the client or another person then we may need to disclose information about you without your consent for your own safety or for the safety of someone else.
We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
-
International transfers
Some of our third-party providers are businesses outside of the UK and EEA - in countries which do not always offer the same levels of protection for your personal data. We do our best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within the UK and Europe. If we are not able to do so, we will request your explicit consent to the transfer, and you can withdraw this consent at any time.
-
Data security
We have put in place security measures to prevent your personal and sensitive data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal and sensitive data to those employees, agents, contractors and other third parties who have a business need to know such data.
They will only process your personal and sensitive data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.
In certain circumstances you can ask us to delete your data. See section 7 below.
We may anonymise your personal and sensitive data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
-
AI Usage
Artificial Intelligence (AI): We may use AI tools to assist with the provision of our services, including therapy session transcription, data analysis, drafting documents, responding to enquiries. Any AI tools we employ are used in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).
When using AI tools, we ensure:
-
Personal data is processed lawfully, fairly, and transparently.
-
Data minimisation principles are upheld, meaning we only provide AI tools with the information strictly necessary for the intended purpose.
-
Robust security measures are in place to protect your personal data during any processing involving AI tools.
-
When using AI tools, we ensure that personal data is retained only for as long as necessary to fulfil the purposes outlined in our policy, after which it is securely deleted or anonymised.
We have listed below the specific AI tools we are using within our practice, the purpose, the types of data we are collecting and our legal basis for this processing.
AI Tool Name - Heidi AI
Purpose - Transcribe and dictation services in sessions
Types of Data Used - Information shared in sessions, though this is anonymised and used purely to write up session notes
Legal Basis for Processing - Legitimate interest
For further enquiries on our AI usage or to exercise your rights, please contact us using the details provided in this policy.
-
Data retention
We will only keep your personal and sensitive data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements so for example we need to keep certain information about you for 6 years after you cease to be a client for tax purposes.
Mental health records are subject to special legislation e.g. adult records are kept for 7 years after the last contact with the service. This benchmark will be applied to all clinical records made in the process of engagement with our therapy. For any children we treat we are obliged to retain medical information until 7 years after the child’s 18th birthday.
You have the right to ask us to delete the personal and sensitive data we hold about you in certain circumstances. See section 7 below.
-
Your rights
You are able to exercise certain rights in relation to your personal and sensitive data that we process. These are set out in more detail at www.ico.org.uk.
You may request that we inform you of the data we hold about you and how we process it (your ‘Subject Access Right’). We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.
We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests, in which case we will notify you of any delay and will in any event reply within 3 months.
If you wish to make a Subject Access Request, please send the request to Elements Psychological Services, Office 1, 50 Fore Street, Bodmin, Cornwall, PL31 3HL or email contact@elements-psych-services.co.uk marked for the attention of the Data Compliance Officer.
-
Keeping your data up to date
We have a duty to keep your personal and sensitive data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.
​
If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by writing to or emailing the addresses set out above.
-
Complaints
We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.