I understand that your personal data is entrusted to me and appreciate the importance of protecting your privacy. I comply fully with UK-GDPR (United Kingdom General Data Protection Regulation).

This Privacy Policy sets out the basis on which I collect and process personal data about you including our practices regarding the collection, use, storage, disclosure and erasure of personal data that I collect from you and/or hold about you, and your rights in relation to that data. This notice does not provide exhaustive detail.

By providing your personal data to me or by using my services, website or other online platforms you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

For the purpose of Data Protection Laws, the Data Controller is Rebecca McHale, Trading as Clear Journeys, at: 3B The Mall, Park Street, St Albans, Herts, AL2 2HT.

What I Do:

I provide psychology services to clients, including the following modalities: Developmental Psychology, Emotional Freedom Technique, Clinical Hypnosis, Mindfulness and Life Coaching.

What personal data may I collect from you?

By the term ‘personal data’ in this policy, I refer to information that can or has the potential to identify you as an individual. Accordingly, I may hold and use personal data about you as a client or in any other capacity, for example, when you visit my websites, complete a form, access our services or speak to me.  If you book an Initial Consultation with me, or engage in 1-1 or group sessions, this may include sensitive personal data such as information relating to your physical and mental health.

Personal data I collect from you may include the following:

• Your name, address, contact details (including email address and phone number)
• the name and contact details (including phone number) of your next of kin
• details of referrals, quotes and other contact and correspondence I may have had with you
• details of services you have received from me or which have been received from a third party and referred on to me
• recordings of calls or video content that I have received or made with your consent
• notes and reports about any services and care you have received and/or need
• client feedback provided by you
• information about complaints and incidents
• information you give me when you make a payment to me, such as financial or credit card information
• information received from other sources, including from your use of my websites and other online platforms, or the other services I provide. Where you have named someone as your next of kin and provided me with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.

Where you use any of my websites, I may automatically collect personal data about you including:

• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

The data that I request from you may include sensitive personal data. By providing me with sensitive personal data, you give your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Policy. I may use this information in order to provide you with direct support, the legal basis for my handling of your personal data is for legitimate interest.

When do I collect personal data about you?

I may collect personal data about you if you:

• visit one of my websites
• enquire about any of my services
• register to be a client with me or book to receive any of my services
• fill in a form or survey for me
• carry out a transaction for services with me
• complete a consultation with me
• contact me, for example by email, telephone or social media
• participate in interactive features on any of my websites.

What personal data I may receive from third parties and other sources?

I may collect personal data about you from third parties such as:

• I may be passed your name, contact number and email address, in order to get in touch with you to arrange an appointment or collect further information from you.
• Insurance providers will pass me personal data of clients who have commenced a claim and require psychology services with me. This will normally be in the form of a referral and may consist of basic details e.g full name, date of birth, address, contact number and email address and the type of procedure/services they require.

How do I use your personal data?

I act as a data controller in regard to the processing of your personal data in order to provide direct psychology services.  I also act as a controller and processor in regard to the processing of your data from third parties, such as a referral.  Additionally, I act as a data controller and processor in regard to the processing of payments.

I undertake to ensure that personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with both UK-GDPR law and also regulatory guidance pertaining to clinical data retention, erasure and clinical confidentiality.

Sensitive personal data related to you will only be disclosed in accordance with UK-GDPR laws and the guidance of professional bodies. I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime, or where there is a legal requirement such as a formal court order.

Further details on how I use personal data are given below.  Please note that, although I have set out the purposes for which I may use your personal data below, I will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.

I may use your personal data to:

• enable me to carry out my obligations to you arising from any contract entered into between you and I, including relating to the provision by me of services to you and related matters such as, billing, accounting and audit, credit or other payment card verification and anti-fraud screening
• provide you with information, products or services that you request from me
• provide you with information about products or services I offer that I feel may interest you.
• allow you to participate in interactive features of my services when you choose to do so
• notify you about changes to my products or services
• respond to requests where I have a legal or regulatory obligation to do so.
• check the accuracy of information about you and the quality of your services or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process
• support other professionals relating to your care
• assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
• to conduct and analyse market research

The security of your personal data

I protect all personal data I hold about you by ensuring that I have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. I conduct assessments to ensure the ongoing security of my information systems.

Any personal data you provide will be held for as long as is necessary in accordance with all applicable UK GDPR laws.

The transmission of information via the internet cannot be guaranteed as completely secure.  However, I ensure that any information transferred to my websites is via an encrypted connection. Once I have received your information, I will use strict procedures and security features for prevention of unauthorised access.

At your request, I may occasionally transfer personal information to you via email, or you may choose to transfer information to me via email.  Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.

Disclosure of your personal data

In the usual course of my business I may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of my services. This may include the following:

• Any legal or crime prevention agencies and/or to satisfy any regulatory request (e.g. ICO) if I have a duty to do so or if the law requires me to do so

I will seek your express consent to share your information with your GP or other healthcare providers. You can ask me not to do this, in which case I will respect that request if I am legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your history.

In all cases, where I believe that your life is in danger then I may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests

• I may share your case history in an anonymised form with my peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites.  I will seek your explicit consent before processing your data in this way
• Organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
• Third party service providers for the purposes of storage of information and confidential destruction, third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.

Where a third party data processor is used, I ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

I will never disclose your personal data to third parties other than where we are required by law to do so.

Information collected during provision of services or services

Sensitive personal data will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your services or care, or in accordance with UK-GDPR laws and guidelines of appropriate professional bodies. Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your service needs. It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.

• External referrals: If I refer you externally for services, I will share with the person or organisation that I refer you to, the clinical and administrative information I consider necessary for that referral.  It will always be clear when I do this.
• Your insurer: I share with your medical insurer information about your services, its clinical necessity and its cost, only if they are paying for all or part of your services with me.  I provide only the information to which they are entitled. If you raise a complaint or a claim I may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.

Information I Collect and How I Use It

I collect certain information from and about its users three ways: directly from our Web Server logs, the user, and with Cookies. When you visit my websites, I may track information to administer the site and analyse its usage for the purpose of serving visitors and clients better.

I will not disclose personally identifiable information I collect from you to third parties without your permission except to the extent necessary including:

• To fulfil your requests for services.
• To protect myself from liability.
• To respond to legal process or comply with law, or in connection with a merger, acquisition, or liquidation of the company.
• I may send out by mail, information on offers or future products or services. If you do not wish for this to be the case, please simply let me know by contacting me.

Third Party Websites

Related services and offerings with links from this website, including all other websites, have their own privacy statements that can be viewed by clicking on the corresponding links within each respective website. I am not responsible for the privacy practices or contents of third-party or client websites. I recommend and encourage that you always review the privacy policies of merchants and other third parties before you provide any personal information or complete any transaction with such parties.

If you no longer wish to receive web based marketing information you can unsubscribe by emailing rebecca@clearjourneystherapies.com

Accessing and updating your information

Under UK GDPR law, subject to some exemptions, you may request access a copy of the personal data that I hold about you via a Subject Access Request (SAR). I will comply with the information request, as UK-GDPR requires, within one month from the day that I receive the SAR. I am within my rights, under UK-GDPR guidance, to extend this response period to 2 months where the information request is complex or where I have received a number of requests from the same individual simultaneously. I may ask for further clarification about the information that you require, in which case the one month response period will begin once I have received the necessary clarification.

You have the right, subject to exemptions, to ask to:

• Have your information corrected or updated where it is no longer factually accurate. Please contact me to ensure that personal data is regularly updated, especially contact information such as: email address, phone number and home address.
• Ask me to stop processing information about you, where I am not required to do so by law or in accordance with the CNHC and ICO guidelines.
• Object at any time to the processing of personal data concerning you

Information or Complaints:

If you want to exercise your rights in respect of your personal data, the best way to do so is to contact me by email on rebecca@clearjourneystherapies.com, or to write to me for the attention of the data protection officer at the address below. In order to protect your privacy, I may ask you to prove your identity before I take any steps in response to such a request.

Data Protection Officer, Clear Journeys, 3B The Mall, Park Street, St Albans, Herts, AL2 2HT.

If you are not satisfied with how I handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).

Changes to my Privacy Policy

I keep my Privacy Policy under regular review and as a result it may be amended from time to time without notice.