GDPR Data Policy
General Data Protection Regulation (GDPR) policy for
Good Thinking Psychological Services March 2021
Marianne Trent / Good Thinking Psychological Services (GTPS) and The Grief Collective Book aim to be as clear as possible about how and why she uses information about you so that you can be confident that your privacy is protected. This policy describes the information that she collects when you use her services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill dated May 2018.
The policy describes how she manages your information when you use her services, if you contact her, visit her website or when she contacts you.
Marianne Trent uses the information she collects in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, Marianne Trent is the data controller; if another party has access to your data she will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why she needs to provide them with the information.
If your questions are not fully answered by this policy, please contact Marianne Trent. If you are not satisfied with the answers from her you can contact the Information Commissioner's Office (ICO).
1. Why does she need to collect your personal data?
She needs to collect information about you so that she can:
Know who you are, so that she can communicate with you in a personal way. The legal basis for this is a legitimate interest.
Provide services to you. The legal basis for this is the contract with you.
Process your payment for services. The legal basis for this is the contract with you.
2. What personal information does she collect and when does she collect it?
2.1 For her to provide you with therapy services, she needs to collect the following information:
Your name and date of birth
Your contact details including a postal address, telephone number(s) and electronic contact such as email address. She collects this information directly from you. She may also collect information about you from third parties; for example, if she receives a referral from another health professional (such as your Doctor or Occupational Therapist).
2.2 If you are signing up for an online course and / or for her mailing list(s) she needs: Your name and your email address.
2.3 If you are buying an ‘Our Tricky Brain’ kit or a copy of The Grief Collective book directly from her then she will need:
Your name, email address and postal address.
2.4. If you are signing up for a free 5-day challenge she needs:
Your name, email address, phone number if you choose to share this and for you to join a group using your Facebook profile.
2.5. Browsing the GTPS Website, Facebook and Instagram Page and The Grief Collective Facebook & Instagram Page.
When you engage with this media your information will be stored in the form of cookies. You can opt out of this from the website when the pop up appears. To change your Facebook or Instagram privacy preference please do this directly on either of these platforms.
3. How does she use the information that she collects?
She uses the data she collects from you in the following ways:
To communicate with you so that she can inform you about your appointments with her she uses your name, your contact details such as your telephone number, email address or postal address.
To create your invoice, she uses your name and email address.
Where relevant, to process your payment, she uses your address.
To keep any clinical notes arising from therapy sessions and related cancellations or communications between us.
Where relevant, she uses your postal or email address to dispatch the products you have purchased to your nominated address / email account.
To notify you of any ongoing or LIVE content you have asked to be informed about, such as Facebook LIVES, Good Thinking LIVE shows.
To send you mailing list emails or email communications regarding key aspects of her business.
4. Where does she keep the information?
She keeps your information in the stores described below. Please note that she does not store any of your bank details in any of her systems.
4.1. Paper Records
She stores paper records including your medical records in a cabinet in a securely locked office.
4.2. On computers
She uses personal computers that are password protected and the hard drives are encrypted. She stores clinical notes on ‘WriteUpp’ which is a commercially available system specifically designed for this purpose. Passwords are changed every 90 days and it is her policy that passwords are not shared. She also uses a smartphone that is password protected and encrypted. She also uses ManyChat and Kartra electronic systems. Kartra holds her mailing list. ManyChat is used when running Facebook Challenges or notifying you about ongoing or LIVE content you have asked her to notify you about.
5. How long does she keep the information?
She keeps contact information for a period of 6 months if you do not become a client of hers and then permanently and securely deletes all information. She keeps your medical record electronically for 7 years as this is the minimum/maximum length of time for records to be retained and then permanently and securely erases. She keeps electronic invoices for seven years as this is the required length to comply with the HMRC requirements.
6. Who does she send the information to?
She sends information to you and anyone she is required by law to inform. All information that is sent electronically is sent as attachments that are encrypted and password protected.
7. How can I see all the information she has about me?
You can make a subject access request (SAR) by contacting Marianne Trent. She may require additional verification that you are who you say you are to process this request. She may withhold such personal information to the extent permitted by law. In practice, this means that she may not provide information if she considers that providing the information will violate your vital interests.
8. What if my information is incorrect or I wish to be removed from her system?
Please contact Marianne Trent. She may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide her with the correct data and after she has corrected the data in her systems, she will send you a copy of the updated information in the same format at the subject access request in section 7. If you wish to unsubscribe from any mailing list you can do this in each and every email she sends you by clicking the link which says unsubscribe. If you wish to unsubscribe from any messages regarding ongoing or LIVE content you can reply to any text or Messenger message with ‘STOP.’
9. How can I have my information removed?
If you want to have your data removed, she will have to determine if she needs to keep the data, for example in case HMRC wish to inspect her records. If she decides that she should delete the data, she will do so without undue delay.
10. Will she send emails and text messages to you?
As part of providing her service to you she will send information to you via email. She needs to send details of your appointments to you as a reminder and any relevant access links such as zoom links. Where you have consented to it, she may also use SMS (text messages). Consent for methods of communication is given by yourself on her terms and conditions sheet and via Messenger message where relevant.
11. Signing Terms and Conditions / GDPR
When you sign the Terms and Conditions Document or buy or sign up for any product from Good Thinking Psychological Services or join any GTPS or Grief Collective mailing list you are also confirming that you have seen a copy of this GDPR policy and that you consent.