Luminous Mind Therapy Ltd
Suzy McCrea, Room 199, Regents House Business Centre, 391 Kirkdale, SE26 4QD
I, Suzy McCrea am the Data Controller and Processor of Luminous Mind Therapy
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide therapy) and that it is data that you would reasonably expect me to hold and use.
For those who enquire about therapy, the data I hold includes any information you have sent me by email/text/message.
For those who book and attend at least one session, the data I hold includes:
Basic information such as name, address, email address, phone number
Information that you give me as part of the work we do together
Records of any interventions that I use (or potentially do not use) in our sessions
Emails, texts and/or messages that are sent between us
Information sent from any third party, e.g. GP, insurance company, EAP, occupational health provider.
Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, except possibly your GP, and for any reasons covered by the Requirements for Disclosure which are detailed and discussed when we first meet. My accountant will see bank, credit card and Paypal records which will contain any information that you submit when making payment. If you would like me to redact your identifiable data before sending to the accountants, then please let me know.
The data is primarily used to enable me to provide therapy or supervision for you. It may also be used for scientific research purposes and statistical purposes.
Details of where data is held:
Any emails, texts, and whatsapp messages sent between us are held either on my computer’s hard drive, my mobile phone and in Microsoft Onedrive.. My computer is password protected and my mobile phone is fingerprint / passcode protected. Microsoft Onedrive is a secure cloud-based storage facility which is GDPR compliant
Session notes are held on Microsoft Onedrive and any hand-written notes kept in a locked filing cabinet. A coding system enables me to know whose notes are whose, but a stranger seeing the notes would not be able to identify who they refer to.
If you use Paypal or online banking then clearly these systems will hold your data. I will download from these systems for accounting purposes and the resulting spreadsheets are held in Microsoft One drive. When sent to my accountants, the file will be password protected.
Your data is kept for 5 years. The length of time is based on the stipulation of my insurer. After this time any paper records are shredded, and computer records permanently deleted.
Luminous Mind Therapy takes the security of data seriously and as such:
All data is held securely (see details of where data is held above)
Any data transmitted is sent encrypted where possible
For accounting purposes Excel spreadsheets are used which are password protected when sent to my accountant.
I am not in control of data (including emails and texts) whilst it is in transit to me.
It is known that Apps (e.g Facebook), routinely monitor texts and phone calls and this is not within my control.
If there is any breach of data security at Luminous Mind Therapy I will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach, and do all possible to minimise any potential impact.
You have rights with regards to the data held:
The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing, but this would never include case notes or data such as address/email/phone.
The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure.
The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
The right to object to:
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). Luminous Mind Therapy does not engage in these things.
Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
Automated decision making and profiling. Luminous Mind Therapy does not engage in automated decision making or profiling
Facebook Business Page
Data Controller for the Facebook Business Page
The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Facebook Fan Page https://www.facebook.com/luminousmindhypnotherapy, the Company and the operator of the social network Facebook are Joint Controllers.
The Company has entered into agreements with Facebook that define the terms for use of the Facebook Business Page, among other things. These terms are mostly based on the Facebook Terms of Service: https://www.facebook.com/terms.php
We use the Facebook Insights function in connection with the operation of the Facebook Fan Page and on the basis of the GDPR, in order to obtain anonymised statistical data about Our users.
For this purpose, Facebook places a Cookie on the device of the user visiting Our Facebook Fan Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period.
Facebook receives, records and processes the information stored in the Cookie, especially when the user visits the Facebook services, services that are provided by other members of the Facebook Fan Page and services by other companies that use Facebook services.
Each website you visit can send it’s own cookie to your browser if your browser’s preferences allow it. To protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
How to control and delete cookies;
You may restrict or block the cookies which are set by my website, or any other website, through your browser settings. You can also ask your browser to alert you when a cookie is issued.
For more information about cookies and how to manage them is available at www.aboutcookies.org
I use Google Analytics to understand how visitors engage with my websites. It collects information anonymously and reports website trends without identifying individual visitors. For more information visit Google Analytics privacy and security information.
Social Media Policy
Luminous Mind Therapy Ltd
This outlines the policy of Luminous Mind Therapy with regard to the use of social media and electronic information. If you, as a client, have questions about any aspect please do ask. As the world of technology is constantly changing this document is likely to be updated regularly.
I am happy for you to contact me regarding appointment times via Email, text, or by Phone. If contacting me via phone or message, please only do so between the hours of 8am and 8pm. It is preferable that Email and messaging are used only for logistical contact (e.g. to book and appointment) and not to discuss therapeutic issues due to their inherent insecurity. If you wish to engage in “email therapy” then please discuss this with me first and we will use a password protected word document. I can set this up for you if you need it. I may send you information by email during the course of therapy, but this will always be discussed with you first.
Luminous Mind Therapy uses social media for marketing purposes. You are very welcome to follow my business accounts. However, I will not accept friend requests or follow you back as this could compromise therapy. Please do not use public methods of communication (e.g @ replies or tagging) to discuss any aspect of your therapy or for logistical reasons (e.g to arrange appointments) as this compromises your own confidentiality. Please do not use Facebook Messenger to contact me as this is not regularly checked.
I wish to keep my personal social media accounts private and will not accept follow requests, friend requests or any form of contact via these platforms from former or current clients, as this this would blur the boundary of the therapeutic relationship.
Use of search engines
I do not routinely Google my clients but may very occasionally in a time of crisis. For example, if you had failed to attend a session and I was concerned for your safety I may try to find out about you this way. If I did so, I would tell you about it the next time we met.
Business review sites
You may find my name on business review sites but I have not asked to be on these. Businesses do not get a choice. Clients are free to post whatever they choose and due to confidentiality, I cannot comment on anything that is posted. Indeed, anyone (including a competitor) can post anything so it is advisable to be aware that reviews (good or bad) may not be representative of the views of real clients.
It is considered unethical by some of my professional bodies (the National Society for Hypnosis, Psychotherapy & Mindfulness) to publish testimonials and so you will not find any testimonials coming from me.
If you use location-based services on your phone you should be aware that others may surmise that you are a therapy client if you are seen as “checking in” at my address.