Privacy Policy

As part of my professional duty of care I have to collect information about you to work with you the best I can.  It is important that you are informed about what happens to your information.  This privacy policy explains how I will use, store and protect your personal information in line with General Data Protection Regulation (GDPR).  


Data Control

Dr Jan Ferris is the data controller for North Glasgow Psychology Practice.  


What personal information is being collected?

As a clinical psychologist I need to collect a range of personal information.  This includes:

  • Personal data: basic contact information: name, address, email, contact number, GP contact details and insurers details (where applicable).
  • Sensitive personal data: Signed Therapy Agreement, therapy records (therapist notes, letters, reports and/or outcome measures).  
  • If you complete a web-based enquiry form, I will also collect any information you provide to me as well as your internet protocol (IP) address.  This is automatically supplied by the website software used to offer the form.  


If you are referred by your health insurance provider, then I will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.It is worth noting that if you do not provide the personal information requested, then I may be unable to provide a therapy service to you.


Why is this information being collected?

It is necessary to collect this information to provide psychological assessment and treatment. I require your GP details to allow me to contact them should I be sufficiently concerned about your current level of risk.  I require your contact details so that I can reach you should an appointment need to be re-arranged.  I may also ask for information on how you found this service for the purpose of marketing research. 


What I do with your personal information?

I will only use your personal information to provide the services you have requested. Your written information will be kept in a file and stored securely to which only I have access to.   Written information will be scanned and uploaded to an individual electronic casenote within a very secure and confidential practice management software system (Writeupp).  All digital information and storage will be encrypted (e.g. emails, information databases etc).  Electronic information will also be backed up regularly on an external disc drive.  In order for me to contact you via text I will store your first name and surname initial in my business mobile.  No other information will be stored about you in this format.  This information is only accessible by me and is password protected. I will delete your details from my phone as soon as we finish working together.  We will discuss if you do/do not wish to be contacted by phone and your privacy will always be respected. 


Who will your information be shared with?

The information you provide is confidential, however, there are certain circumstances where I have a duty of care to share your information:

  • if there are significant concerns regarding your own levels of risk or safety;
  • if there are significant concerns regarding significant risk of harm to others;
  • if I am asked to disclose your personal data in order to comply with any legal obligation. 

If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. I may also share information with that organisation to provide treatment updates.I can also share information if you have given explicit consent that you wish it to be shared (e.g. with another professional or family member).  I will not routinely share your information with other health professionals (e.g. your GP) unless you specifically ask.  


How long is personal information stored?

Your information will be retained in accordance with professional HCPC guidelines.  Your information will be deleted 7 years after we end working together.  After this time, this data is deleted at the end of each calendar year.  Basic contact information held on my business mobile phone will be deleted once our work is completed. 


What I will NOT do with your personal information?

I will not share your personal information with third-parties for marketing purposes.


Your right to access the personal information I hold about you

  • You have a right to access the information I hold about you.
  • I will usually share this with you within 30 days of receiving a request.
  • There may be an admin fee for supplying the information to you.
  • I may request further evidence from you to check your identity.
  • A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
  • You have a right to get your personal information corrected if it is inaccurate.
  • You can complain to a regulator. If you think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.


If you require any further information regarding privace then I am happy to discuss this further.