Privacy Policy
Introduction
Kalhar Therapy is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This is done in accordance with current data protection laws (GDPR, 2018) and ethical guidelines outlined by The British Association for Behavioural and Cognitive Psychotherapists (BABCP), The British Psychological Society (BPS) and The Heath and Care Professions Council (HCPC) regulatory bodies. This privacy policy outlines how your information is collected, used, disclosed and safeguarded. By using this website and accessing the therapy services of Kalhar Therapy, you consent to the practices described in this policy.
What information is collected?
We collect and process the following types of personal data, which are obtained through you accessing the website ‘kalhartherapy.com’, completing forms (for e.g. contact form on website, consent form, first appointment assessment form, questionnaires), communication via mobile and email, payment transactions and undertaking the therapy sessions.
Personal data
Identification information: Name, gender, date of birth, address, phone number, email address, emergency contact.
Health information: GP details, information related to your mental and physical health, risk to self and others, treatment history and any other data you voluntarily provide.
Therapy notes: Brief notes taken by the therapist in your therapy sessions.
Payment information: Payment information which is processed through bank transfer (Bacs) or via private insurers.
Technical data
Usage data: Information about how you use this website, such as IP address, browser type, pages visited, and access times. This includes the use of cookies. When you access the website ‘kalhartherapy.com’ which is hosted by squarespace.com, the use of functional or necessary cookies are required to allow you to navigate and use key features on the site. You have the option to consent or opt out of non-essential cookies. You can do this by clicking on the ‘manage cookies’ option on the cookie banner when you access the website. You can find further information on cookies here.
How is your information used?
The data collected is used for the following purposes:
Service delivery: To provide you with therapy services and to fulfil supervision requirements of the therapist.
Communication: To communicate with you regarding appointments, treatment, and updates.
Billing and payments: To process payments for services provided.
Improvement: To understand how our website is used and to enhance the user experience.
Legal compliance: To comply with legal obligations and resolve disputes.
Sharing your information
We do not sell, trade, or otherwise transfer your personal data to outside parties except in the following circumstances:
Confidentiality policy: As part of the confidentiality policy, if there is risk of harm to self or others this information will need to be shared with other parties (for e.g. GP).
Therapist supervision: Clinical supervision is a professional requirement for therapists. The therapist will request your consent if they wish to make an audio recording of your therapy session. This will only be heard by their supervisor and no client identifiable information will be used.
Legal requirements: We may disclose your data when required by law or to protect our legal rights.
Service providers: We may share your data with third-party service providers who assist us in operating our website, conducting our business, or providing services to you. For example, necessary information shared with your private health insurance provider.
Data security
A variety of security measures have been implemented to maintain the safety of your personal information. Please note although secure measures have been implemented, we cannot be held responsible for any breaches that occur due to failures in the technology.
The ‘Kalhartherapy.com’ website is protected with an SSL certificate. SSL secures connections and prevents impersonation or stealing of visitors’ information. The website host ‘Squarespace’ has implemented solutions to protect against and mitigate effects of Denial of Service (DoS) attacks. Two-factor authentication is required for login and login activity can be monitored to identify any suspicious login activity. Squarespace has a Security Operations Centre (SOC) which monitors for threats and vulnerabilities 24/7 to ensure the website is protected.
Your contact details, completed forms, questionnaires and therapy notes will be stored on a secure database called ‘WriteUpp’. Private health insurers may request use of their own specific databases, so please consult your specific privacy agreement with them for further information.
Only your therapist will have access to WriteUpp, using two-factor authentication. Emails sent from the system are encrypted in flight using Transport Layer Security (TLS). The developer of WriteUpp, called ‘Pathway Software’, is registered with the Information Commissioners Office (ICO).
Emails sent from the ‘Kalhartherapy.com’ email address are encrypted from a secure Microsoft 365 business premium account. Access to this account requires multifactor authentication.
The mobile phone used for communication is password protected.
Video calls and any recordings (done only for therapy purposes and with your consent) will be conducted through Microsoft Teams, which, by default, encrypts all communication using industry-standard technologies such as TLS and Secure Real-Time Transport Protocol (SRTP).
Any audio recordings for the therapist’s clinical supervision (done with your consent) will be made with a dictaphone, using no client identifiable information.
Payment information is processed securely when self-funding through bank transfer (Bacs). If you are paying via private insurer, the therapist will use encryption and secure transmission methods to protect payment-related data before it reaches the insurance provider. Please consult your privacy agreement with your insurer, for information on the security measures they use for processing payments.
Data retention
Your initial website contact form details will be deleted immediately if you do not proceed with therapy.
Your email and mobile phone communication will be deleted at the end of the therapy sessions.
Clinical notes (including therapy contract, information submitted on forms, questionnaires, brief therapy notes) will be stored for 7 years in line with the therapist’s insurance requirements. After this date, your data will be securely deleted. If you are being funded by private health insurance companies, please note they sometimes request use of their own databases for storing clinical notes which have different requirements, so please check your individual privacy agreement with them.
Audio recordings made for supervision purposes will be deleted immediately after the supervision session.
Microsoft Teams video recordings made for therapy purposes, will be deleted immediately after their required use in the therapy session.
Your data protection rights (GDPR)
Under General Data Protection Regulation (GDPR), you have the following rights regarding your personal data. If you need to exercise any of these rights, please contact your therapist directly through email.
1. Right to access: You have the right to request copies of your personal data that we hold about you.
2. Right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete any information you believe is incomplete.
3. Right to erasure (Right to be forgotten): You have the right to request that we erase your personal data, under certain conditions. This includes situations where the data is no longer necessary for the purposes for which it was collected, or you withdraw your consent. Instances where we would not be able to comply with your request are as follows:
It is necessary for us to retain these records to continue providing an effective service.
We are compelled to retain these records by a Court of Law.
We require to keep these records for mandatory periods to establish, exercise or defend legal claims.
4. Right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions. This means we would store your data but not use it further.
5. Right to data portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions. This is typically done in a machine-readable format.
6. Right to object: You have the right to object to our processing of your personal data, under certain conditions. This includes situations where we are processing your data based on our legitimate interests.
7. Right to withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Please note that when withdrawing your consent, Kalhar Therapy may not be able to provide you with their service.
8. Right to lodge a complaint: If you believe that we are not complying with data protection regulations, please notify your therapist via email. They will acknowledge receipt of your complaint with 5 business days and do their best to resolve it within 1 month. If a response requires longer, they will notify you and inform you of the relevant reason. If you are not satisfied, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).
Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We recommend that you review this Privacy Policy periodically.
Breaches of data protection
In the event of any breach our data protection policies, we will notify you and the Information Commissioner’s Office (ICO) within 72 hours and will seek to rectify this immediately.