Brighton Therapy Centre (BTC) understands that privacy is important to our clients, service providers, and all other stakeholders.
Who we are:
BTC is a registered charity organisation, (Reg no: 1150032) offering a variety of talking therapy and psychoeducation, accessible to all parts of community. We are based on 23A New Road, Brighton, East Sussex, BN1 1UG. All our practitioners, director, staff and managers are aware of the privacy regulations and responsible for the safeguarding of all data collected.
Our web-site, www.brightontherapycentre.org.uk is owned and maintained by Brighton Therapy Centre.
Our marketing tool, Mailchimp is also managed and maintained by BTC. We respect the consent of our stakeholders and we have obtained consent from all stakeholders on our mailing list as per guidance given by GDPR.
BTC is registered and committed to Information Commissioner’s Office (ICO) and does appropriately get guidance or report to ICO where and when it is needed.
Data we collect and why we collect it:
As a part of our day to day activity we obtain, process and retain certain personal data from our service users. This includes name, date of birth, contact details, GP details, financial details, current issues leading to seeking mental health services, ethnicity, gender and sexual orientation, medical and psychiatric conditions. We collect this data for processing to protect the vital interest of our service users, service providers and staff; and with legitimate interest to ensure we offer the best possible therapy service possible.
All personal and confidential data is stored, maintained and retained in accordance with the principles of the Data Protection Act 1998 and GDPR. We only keep data for as long as we need and then 7 years after last contact, in order to offer you best performance of your contract, as long as we have your consent.
We take diligent steps to keep your data secure: our client records are electronically stored, coded with numeric and alphabetical codes, encrypted and password protected.
BTC will need to share data we process with appropriate practitioner to be able to offer the service user therapy services, if we have your consent to do so. Evidence of consent is retained with your personal data. Age restriction for personal consent is 16 in the UK. Parental/guardian consent will be taken if an individual is below the age of 16. Your data will always be kept strictly confidential and will not be shared with third parties.
In case of not being given consent to do so, BTC reserves the right to reject offering therapy services.
Due to the official authority vested in BTC, if we become aware in the course of our contact with you of a risk of serious harm or of information regarding money laundering and terrorism, we are obliged to contact relevant authorities (e.g. Adult Social Care, GP, etc) and share information without consent from the service user.
Rights of the Subject: (Clients, Practitioners, Staff, Stakeholders)
GDPR regulations include provisions for the following areas.
The right to be informed: BTC will publish a privacy notice on the web-site, in addition to explaining transparently to all service users and providers as to how they use this personal data.
The right of access: Individuals have the right to demand details of any of their data that BTC may hold. This is called a Subject Access Request. This information must be requested in writing and provided within one month of request with no charge to the individual.
The right to rectification: If a person’s data is incorrect or incomplete, they have the right to have it corrected. If BTC holds the information and has passed any of that information to third parties, BTC must inform the third party of the correction and inform the person which third parties have their personal data.
The right to erasure: A person may request the removal of their personal data in specific circumstances. BTC reserves the right to reject these requests if there is lawful basis to retain this data.
The right to restrict processing: Under certain circumstances, an individual can block the processing of their personal data.
The right to data portability: A person can obtain and reuse their personal data for their own purposes across different services.
The right to object: A person can object to the use of their personal data for most purposes.
The right not to be subject to automated decision-making including profiling.
There are lawful exemptions within the Act which may allow an organisation to refuse to comply with the subject access request, right to rectification and right to erasure where appropriate.
Data breaches and breach reporting:
GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals. This includes breaches that are likely to result in risk to the rights and freedoms of individuals, for example those that could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Any witness holds the right to report a breach to the ICO. In the case of high risk, individuals concerned directly must also be informed.
Brighton Therapy Centre has the right procedures in place to detect, investigate and report personal data breaches. Any type of risk identified above must be reported to the data protection officer immediately for an investigation. Failing to report risk will result in liability.
For further information regarding General Data Protection Regulations (GDPR) please visit below pages:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)
If you wish to learn more about what this means for you as our service users and public, please visit www.ico.org.uk/for-the-public/