Privacy Policy

I have to provide certain information to you under the General Data Protection Regulation including how I collect and process your personal information and your rights in relation to your personal information. This Privacy Notice sets out the information that is legally required to be given to you.

This privacy notice explains how the therapist uses your personal information where you contact her about a service or are a client. Please read it carefully. The notice may be updated every now and again – if it changes I will update the website with the new privacy notice.

For the purposes of data protection law, Helen Zacharias is the controller of your personal information and the therapist will use the personal information you provide to her in accordance with this Privacy Notice.

If you need to contact me in connection with the use or processing of your personal information or to gain access to it the please get in touch with me by emailing info@helenzacharias.co.uk

WHAT PERSONAL INFORMATION DO I COLLECT?

I collect personal information like:

  • your title, name, date of birth, age, contact details, occupation;

  • your next of kin and relationship with next of kin;

  • clinical / health information including relating to your current or former physical or mental health. This may include information about any healthcare you have received from other healthcare professionals such as GPs and details of clinic and hospital visits

I also create personal information about you, for example, when I create clinical records of sessions and clinical letters or reports.

I may collect sensitive personal information such as health data, data about your sexual history or data revealing your racial or ethnic origins or religious beliefs (also called ‘special categories of personal data’). This may be the case, for example, if I am providing therapeutic input for psychological distress for an issue like sexual abuse and trauma and you tell me about certain personal matters in our sessions.

I will not collect any information about criminal convictions and offences, unless you disclose this information to me.

WHERE DO I GET IT FROM?

I obtain your personal information form the following sources:

Directly from you, either in person, via email or telephone. This includes personal information you provide when you complete our patient information form, contract with me for services, use of service or correspond with me.

Indirectly from other third parties if required:

  • you are referred to us by a third party for the provision of services such as through your workplace, GP or specialist medical consultant. These may include your medical records;

  • I may liaise with a health professional or your GP or other treatment provider.

  • With family members 

WHAT I DO WITH IT?

I will use your personal information to:

  • send you information that you have requested from me or to deal with your enquires;

  • register you as a patient and arrange appointments for you

  • provide you with treatment and services;

  • comply with my legal obligations, for example in respect of disclosing non-recent/ historical abuse or child sexual abuse. This is a complex area and I would be happy to discuss if you have any queries.

  • send you important notices or communications;

  • invoice for the treatment / services I provide and for account settlement purposes;

  • administer and manage business operations, such as maintaining accounting records and receiving professional advice.

WHAT IS OUR LEGAL BASIS FOR USING IT?

When “processing” your personal information (this is the legal terminology and essentially means using your personal data) I must have a legal justification for doing so. The particular justification depends on the proposed use of your personal information. Where I  state below that I am relying on my legitimate interests to use your personal information then I will only do so in a way which does not overly prejudice your privacy rights. In addition where I am using your sensitive personal information (special category data) like health data, I am also required to have an additional legal justification to do so. I have set out the general legal bases together with any additional special condition I am relying on below for each anticipated use of your personal data.

  • To register you as a patient. The processing is necessary to perform a contract with you and to provide you with healthcare or treatment.

  • To provide you or the relevant party (if you are not the client) with healthcare and related services. The processing is necessary to perform a contract with you and for my legitimate interests in providing healthcare services to you. Additionally, the processing may be necessary to protect your vital interests where you are physically or legally incapable of giving your consent and/or for me to establish, exercise or defend any legal claims.

  • To communicate with you about your treatment and my services to you and update any person you wish us to about your care. The processing is necessary to perform a contract with you and for my legitimate interests in providing healthcare services to you. Additionally, the processing may be necessary to protect your vital interests where you are physically or legally incapable of giving your consent and/or for us to establish, exercise or defend any legal claims.

  • For invoicing and account settlement purposes. The processing is necessary to perform a contract with you, for my legitimate interests in managing your contract. Additionally the processing is necessary for the provision of healthcare or treatment by me and may be necessary for me to establish, exercise or defend any legal claims.

  • For the operation of my business including protecting it from fraud. The processing is necessary for my legitimate interests in managing your contract. Additionally the processing is necessary for the provision of healthcare or treatment by me and may be necessary for me to establish, exercise or defend any legal claims.

  • For medical audit purposes. The processing is necessary for my legitimate interests to monitor and improve the way I offer services and the public interest in statistical and scientific research.

  • To comply with my own legal and regulatory obligations and defend or exercise my legal rights. The processing is necessary for me to comply with a legal obligation to which I am subject and for my legitimate interest to protect my business and reputation. Additionally the processing is necessary for the provision of health care services by me and may be necessary to establish, exercise or defend any legal claims.

DO YOU HAVE TO AGREE TO OUR USE OF IT?

It is your choice whether to give me personal information so that I can take you on as a client or provide a service but if you do not provide certain personal information (such as personal details) I may be unable to provide a service.

Where my legal basis for using your personal information is consent, you can choose to withdraw your consent at any time by contacting me using the details in this privacy notice.

WHO DO I SHARE IT WITH?

If you agree, I may contact your GP, the referrer or relevant medical professionals with certain personal information.

I may disclose your personal information to:

  • anyone that you ask us to communicate with or provide as an emergency contact e.g. your next of kin;

  • any healthcare professional involved in your care or treatment;

  • private sector healthcare providers;

  • my regulator;

  • my insurer;

  • the police and other third parties where reasonably necessary for the prevention or detection of crime;

  • relevant bodies, authorities or other entities where required in order to comply with anti-terrorism legislation.

I will have to share your personal information with others if I think that you or others may be at serious risk of harm or if I am required to so by law. I will discuss this with you first unless it places you or someone else at risk.

Invoices will go to the person that you identify is responsible for your treatment.

HOW LONG DO I KEEP IT FOR?

I will keep your personal information (such as contact details) until our service to you has ended and all financial obligations have been completed. However, please note that by law some medical records have to be kept for up to 20 years.

WHAT ARE YOUR RIGHTS?

You may have a number of rights in connection with the use of your personal information including:

  • the right to access to your personal information held or controller by us;

  • the right to have any inaccuracies in your personal information corrected or gaps completed;

  • the right to have your personal information deleted or the use of it restricted (on the grounds specified by law);

  • the right to object, on legitimate grounds as specified in law, to the processing of your personal data;

  • the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law.

Some of the above rights only applicable in specific circumstances. You may find the Information Commissioner’s Office’s (ICO) website www.ico.org.uk useful in understanding when the different rights apply.

If you wish to raise a complaint on how I have handled your personal data you can contact me using the contact details set out at the beginning of this notice and I will consider your complaint. If you believe I am not processing your personal information in accordance with the law you can complain to the ICO. Please see the ICO’s website for how to do this.

HOW DO I PROTECT IT?

Your privacy is important to me and I take a range of technical and organisational measures to keep your personal information secure including password protected emails and encryption.