Mindalot Ltd Privacy Statement
How to contact Mindalot Ltd
Who is Mindalot Ltd?
Mindalot Ltd is a psychology and psychotherapy practice that offers psychological treatment and clinical supervision for professionals. The Director and sole clinician is Dr Sharon Croskin, a Consultant Clinical Health Psychologist registered with the British Psychological Society as a Chartered Associate Fellow; as a Psychologist Specialising in Psychotherapy, Senior Practitioner (RoPSIP) and on the Register of Applied Psychology Practice Supervisors (RAPPS). She is registered with the Health and Care Professions Council (HCPC) as a Clinical Psychologist, as a Health Psychologist and as a Practitioner Psychologist. Dr Sharon Croskin is an Eye Movement and Desensitisation Reprocessing (EMDR) accredited practitioner with the EMDR UK & Ireland Association, a registered Cognitive Analytic Therapy (CAT) therapist with the UK Association of Cognitive Analytic Therapy (ACAT) and a licensed user of the Diagnostic Interview for Social and Communication Disorders (DISCO) for the assessment of Autism Spectrum Disorder (ASD). Dr Croskin also has a PhD in Psychoanalytic Psychotherapy.
Dr Sharon Croskin is committed to complying with the terms of the General Data Protection Regulations (GDPR) which is an EU regulation which replaces the Data Protection Act 1998. It came into force on 25 May 2018. The aim of the GDPR is to protect and empower all EU citizens’ data privacy and harmonise data privacy laws across Europe.
What information does Mindalot Ltd collect?
Personal data refers to any information which can identify you, either on its own or combined with any other information. Personal details are collected when you sign a consent form for psychological treatment such as your name, date of birth, age, telephone number, home address, email address, GP name and address. Other personal information such as family details, lifestyle and social circumstances, goods and services, financial details, employment and education details will be collected during a clinical interview or during the course of your therapy. Mindalot Ltd may also process sensitive classes of information (also known as Special Category Information) that may include: physical and mental health details, sexual life, racial and ethnic origin, trade union membership, religious or other beliefs of a similar nature, offences and alleged offences, health information including medical history, diagnosis and treatment data, as well as financial data (such as payment card details), and transaction data (such as details about payments). Mindalot Ltd also processes personal data where appropriate about its supervisees, staff, suppliers, business contacts and supervisors. Mindalot Ltd would also require any other information that you provide should you request that a report be written for you. The information that Mindalot Ltd has on record is what you provide when you sign the consent form at the start of your treatment. Without your signature on the consent form no treatment can take place. There is an opt in section on the consent form when you commence therapy and there is also an opt in section on the website which you need to tick when you send a query. Should you wish to withdraw consent for treatment you can do so at any point. Psychometric Tests conducted and data obtained are used for assessment and diagnostic purposes to inform your treatment plan.
What does Mindalot Ltd use this information for?
Mindalot Ltd processes personal information to enable the clinician to provide health services to patients, to maintain accounts and records, promote services and to support and manage employees. Mindalot Ltd collects this information so that you can be contacted should an appointment need to be changed or if there is a need to write to your GP, with your express permission. Mindalot Ltd will only share your information with your permission and after discussion with you. An instance of this would be if you needed a letter written to your GP or any other organisation as required. Mindalot Ltd would ask you to sign a separate consent form before any report/letter is written. Your name, date of birth and your address is put in the report/letter subject line.
All information that is held on record is audited and any letters that are written on your behalf are password protected. If this information is sent out by email, the document attached is password protected and the recipient contacted by phone so that they can be told the password. Letters that are posted are always sent with special delivery and need to be signed for on receipt. The other use of the personal information is to fulfil administrative legal, ethical and contractual obligations as a Clinical Health Psychologist. Mindalot Ltd employs a Practice Administrator who will have access to limited data on instruction only. The Practice Administrator holds a DBS check and is subject to a duty of confidentiality at all times, e.g. for invoicing, accounts reconciliation, and typing up confidential reports dictated by the clinician.
What information does Mindalot Ltd share?
Mindalot Ltd will not share any information about you with other organisations or people except in the following situations:
- Your GP or any other legal representative designated by you. Mindalot Ltd will ask for separate written consent.
- Serious harm. Mindalot Ltd may share your information with the relevant authorities if the clinician has reason to believe this may prevent serious harm being caused to you or another person. You would be informed of the clinician’s intent to do so.
Where it is necessary to share this information Mindalot Ltd is required to comply with all aspects of the General Data Processing Regulations (GDPR).
Who the information may be shared with
What follows is a description of the types of organisations Mindalot Ltd may need to share some of the personal information it processes given the above exceptional circumstances:
- Healthcare professionals
- Social and welfare organisations
- Central government
- Business associates
- Family, associates and representatives of the person whose personal data Mindalot Ltd is processing
- Suppliers and service providers
- Financial organisations
- Current, past and prospective employers
- Employment agencies and examining bodies
How does Mindalot Ltd keep your information secure?
All information and notes taken during treatment are written onto an iPad Pro and then at the end of each day the notes are transferred to a secure Mindalot computer where it is password protected. The iPad Pro only functions on face recognition of the clinician. All information on the iPad Pro is then deleted. Mindalot Ltd takes all reasonable precautions to prevent the loss, misuse or alteration of information that is held. All electronic records are stored on a Mindalot Ltd computer which is password protected and has security software installed. Mindalot backs up information onto a password protected system. All letters that are written are password protected. Passwords will always be provided separately to you, either by calling you or by telling you in person. A password will not be sent by email. All emails sent to you or received from you by Mindalot Ltd are copied into PDF document with a password and the email is deleted from the server. If you need to text the clinician all texts will be noted, replied to and deleted immediately. Patients are requested to use WhatsApp where possible as this information is end-to-end encrypted.
All Psychometric Tests are copyrighted and responses will be scanned and password protected. All notes and documentation will be destroyed eight years after the end of our contact, (or until a patient is aged 26, if they were under 18 at the end of our contact.) Any known data breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours.
Your Data Protection rights
Under the GDPR you have the right to access your personal data to rectify, erase or restrict your personal data or object to the processing of your personal data.
Request for access to your data
You have the right to request access to your files and this will be provided to you within one month of the date of a request. You would be able to access session notes and any psychometric scales results will be summarised in a table format as the raw data forms are copyrighted. If you would like to see the information Mindalot Ltd holds about you or would like to correct, update or delete any records please email firstname.lastname@example.org.
You can contact the ICO via their website www.ICO.org.uk should you wish to request any information from the ICO or to make a complaint about the way Mindalot Ltd processes your data. Mindalot Ltd’s registration number with the ICO is A8155205, registered 14 December 2016. There is a legal requirement for Mindalot Ltd to hold your files for 8 years, or until a patient is aged 26, if they were under 18 at the end of our contact. This is regulated by the HCPC and also is recommended by the BPS.
Changes to this policy
Mindalot Ltd may edit this policy from time to time. If any substantial changes are made, Mindalot Ltd will notify you by sending you a copy of the amendments.