Privacy Policy

Thank you for reviewing my privacy policy. 

Who is in charge of your data?

I take my client’s privacy seriously.  I am committed to protecting your privacy and handling your information in a responsible way while you use my website and services. I want you to feel my practice and our sessions are a safe place for you to discuss your feelings and concerns, and I operate my practice in a highly confidential manner. This policy sets out how data is collected and processed through the use of my website and when you use my services.

I encourage you to read this policy alongside the consent form I provide if we agree to proceed with an appointment. These provide information about data collection, retention, storage and your rights regarding your data.

The controller of your data is Dr Kim Kemp and I can be contacted at drkimkemp@protonmail.com

Not happy with something?

I encourage you to bring any concerns or questions to me in the first instance. You also have the right to talk to the Information Commissioner’s Office (ICO) at (www.ico.gov.org.uk), but I hope to resolve any issues directly.

What type of data is collected?

‘Personal data’ is information that identifies you. If I have removed your identity (by making the data anonymous), it won’t be classed as personal data. I might collect, use, store, and share various types of personal data about you as follows:

  • Identity details such as first and last name, date of birth and gender.
  • Contact details such as your billing address and delivery address, email address and telephone number.
  • Information about transactions like details about payments to and from you, and other details of products and services you have purchased from us.
  • Special category data includes information about your health, including information about your existing and previous medical health conditions, medication details, psychiatric history and any other relevant health information to enable me to carry out services to you. 

Consents for Health Data:  I require your specific consent to process Special Category Data and will ask for this when you complete my intake form prior to our first appointment.

How do I collect your personal data?

I use different methods to collect data from and about you. The majority of the time, my information is collected directly when you contact us in the following ways:

  • When you fill in my onboarding forms, i.e. intake and consent forms;
  • When you complete any forms before or during an appointment;
  • Verbally during discussions;
  • Correspondence with me via phone, email or otherwise;
  • When you give me feedback or contact me. 

Data may also be gathered via cookies on how you use my website. For more information, please refer to my website Cookie Policy, which can be found here.

What happens if you don’t provide me with the required data?

Where I need to collect personal data by law, or under the terms of a contract I have with you, and you fail to provide that data when requested, I may not be able to perform the contract we have or are trying to enter into with you. In this case, I may have to cancel the service you have with me and will inform you of this.

What are the purposes for which I use your personal data?

The purposes for which we will be using your data include:

  • To register you as a new client.
  • To provide services and process transactions, including: a) managing payments, fees and charges and b) collecting and recovering money owed.
  • To manage my relationship with you for example, to notify you about changes to this privacy policy or other aspects of running my practice.

I rely on one or more of the following lawful conditions to process your data as outlined above:

  • To fulfil my contract with you;
  • For legitimate interests; or
  • To comply with legal obligations.

Do I use cookies?

Cookies help make my website work better for you, remembering your preferences and improving your experience. You can control cookie settings in your browser.  Cookies make your browsing experience on our site as smooth as possible, because they remember your preferences.

My website uses cookies to distinguish you from other users of my website. Please refer to my cookie policy here to learn more.

Do I ever share your personal data?

I take your data’s security seriously and only allow certain people to access it. I may share personal data with the parties below for the purposes as stated above.

  • Professional advisors such as accountants as required for the lawful running of my practice.
  • If you are referred by your health insurance provider then we may need to share details about your appointment schedule with your insurer for the purposes of billing and to provide treatment updates.
  • As an HCPC accredited clinician, I am obliged to consult with another mental health professional for supervision purposes.  This is to ensure we reflect and improve on our clinical skills.  When discussing clients in supervision I only refer to clients by their initials and identifiable information is minimised.
  • Sometimes I may need to share details with your GP or other NHS or social care service.  I will always get your consent prior to doing this.  When the information concerns risk of harm to you or another person then I may need to disclose information about you without your consent for your own safety or for the safety of someone else. 
  • HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
  • Debt collection agencies or courts in the event that payment is not received for services rendered. This will be done to recover any outstanding debts, and they will process your data solely for this purpose.
  • I may need to share your personal data with courts, legal representatives, or other relevant authorities for medico-legal purposes. This includes situations where I are required to do so by law, or where it is necessary to protect your vital interests or the interests of another person. I ensure that this data sharing is conducted lawfully and with due regard for your privacy rights.

All of the above third parties have a requirement to respect the security of your personal data. I do not permit them to use your personal data for their own purposes – they are only permitted to process your data for specified purposes in line with my instructions.

Do I ever transfer your date internationally?

I do not transfer your data outside the United Kingdom and European Economic Area (EEA).

How secure is your data?

I have strong security measures in place to keep your personal information safe. In ordinary circumstances, only I have access to your personal data. If I was to become critically unwell or die, my Clinical Supervisor would have access to current clients’ data to make you aware of this and options for further support.

In the rare circumstances that there is a personal data breach, I have procedures in place and will notify you, along with any applicable regulator, when I’m legally required to.

What is my process for retaining your data?

I only keep your data as long as necessary for the reasons we collected it.

By law I have to keep medical information about clients for 7 years after treatment has finished. By law I also have to keep basic information about clients (including contact, identity, financial and transaction data) for six years after they cease being patients for tax purposes.

For information that does not fall under the definition of basic, to determine the appropriate retention time, I look at what kind of data it is, how sensitive it is, the risks if it is misused, why I need it, and if there are other ways to achieve the same goals. I also consider applicable legal, regulatory, tax, accounting and other requirements.

What are your legal rights in relation to your data?

You have the following rights regarding your personal data:

Access: You can request a copy of the personal data I hold about you. This is known as a “data subject access request.”

Correction: If the personal data I have about you is incomplete or incorrect, you can ask me to correct it.

Erasure:  You can ask me to delete your personal data. It’s important to note, however, that there might be legal reasons that prevent me from fulfilling this request. If such reasons exist, I will inform you when you make your request.

Objection: In certain situations, you have the right to object to the processing of your personal data.

Restriction of Processing: You can request that I restrict the processing of your personal data under specific circumstances.

Data Portability: You have the right to request the transfer of your personal data directly to you or to a third party of your choice.

Withdrawal of Consent: At any point where I rely on your consent to process your personal data, you have the right to withdraw this consent. Withdrawal of consent will not affect the legality of the processing done before the consent was withdrawn. Should you withdraw your consent, I might be unable to provide you with certain products or services. I will inform you if that is the case when you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact me.

I won’t charge any fees for you to request access to your personal data. However, a reasonable fee may be charged if your request is clearly unjustified, repetitive or excessive. I also reserve the right to not comply in this scenario. I try to respond to all legitimate requests within one month. Occasionally it could take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.

Changes and Contact

I regularly review my privacy policy. Please keep me updated if your personal data changes. If you have any questions or need to exercise your rights, just get in touch.

Thanks for reading my privacy policy. If you have any questions please don’t hesitate to contact me.