Privacy Policy

I, Amanda Tidman, am the Data Controller and Processor of Wildwood Therapy.

Privacy Notice

The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together for me to provide therapy, and that it is data that you would reasonably expect me to hold and use.

The data I hold includes:

  • Basic information such as name, email address, and phone number

  • Information that you give me as part of the work we do together

  • Records of what interventions I use in our appointments

  • Emails, texts and/or messages that are sent between us

  • Information sent from any third party, e.g. GP

Some of the information that you give me may fall under the definition of a special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment under contract with a health professional”. However, data on any criminal offences (including allegations, proceedings and convictions) is even more tightly controlled, and so I need your specific consent in order to hold any such information.

Data is not shared with anyone, except possibly your GP and my supervisor, to ensure your continued care, and for any reasons covered by the Requirements for Disclosure section below. However, if you were to make a complaint about me to my professional body, I would be entitled to share your notes with any investigation procedures. The data is primarily used to enable me to provide therapy for you. It may also be used for scientific research and statistical purposes, but additional specific informed consent would be sought from you for any involvement in research.

Details of where the data is held:

Any emails sent between us are held either on my computer’s hard drive or Exchange server, or in Dropbox if archived, which is a secure cloud-based storage which is itself GDPR compliant. Any data that may be held on my mobile phone is code-protected. Any texts/WhatsApp messages/Messenger messages sent between us (see Social Media and Electronic Information section) are held on my mobile phone, which is code-protected.

Your appointment notes are handwritten and are kept in a locked filing cabinet. A coding system enables me to know whose notes are whose, but a stranger seeing the notes would not be able to identify who they refer to.

If you use PayPal or online banking, then these systems will hold your data. I will download from these systems for accounting purposes, and the resulting spreadsheets are held in Dropbox. When sent to my accountants, they will be password protected. Any banking information on statements is redacted so that you and your details are not identifiable to my accountant.

Your data is kept for 7 years. The length of time is based on the requirements of my insurer. After this time, any paper records are shredded, and computer records are permanently deleted.

Wildwood Therapy takes the security of data seriously and as such:-

  • All data is held securely (see details of where data is held above)

  • Any data transmitted is sent encrypted, where possible

  • For accounting purposes, Excel spreadsheets are used, and information on bank statements is redacted

However, I am not in control of the data (including emails, texts and other messages) which you send me. Apps such as Facebook routinely access any information held, and this is beyond my control.

If there is any breach of data security, I, Amanda Tidman at Wildwood Therapy, will give full details to the Information Commissioner’s Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.

You have rights to the data held:

The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).

The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).

The right to erasure. If you wish me to erase your data, just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).

The right to restrict processing. This would usually be a stop-gap measure before the correction of any errors or before erasure.

The right to data portability. This might apply if you want your notes sent to another therapist, for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.

The right to object to: Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). Wildwood Therapy does not engage in:-

  • Direct marketing.

  • Processing for purposes of scientific/historical research and statistics, without your specific informed consent.

  • Automated decision making and profiling.

I am fully insured through Balens Ltd.