Person First Solutions abides by the General Data Protection Regulation (GDPR) and has a nominated data controller and processor. You can find out more about the GDPR from the ICO (Information Commissioner’s Office - https://ico.org.uk/) 

Under the GDPR the each practitioner needs to make clients and supervisees aware of the following:

 

Person First Solutions collects relevant personal information from patients, clients and training participants to enable a working record of contact information, in case of emergencies (explained below) and for ongoing work in the therapeutic relationship.

In the case of our training services, any personal data collected about training participants is gathered via attendance registers for the purposes of certification following course completion. Any health data that is required for the completion of courses involving physical activity, and is required for insurance purposes, is collected for health screening purposes.

 

Our physiotherapists are bound by the Code of Members' Professional Values. Our podiatrists are bound by Standards for Clinical Podiatric Practice. Our psychotherapists are bound by the BACP Ethical Framework for the Counselling Professions, and also the BACP Ethical Framework for the Counselling Professions Supplementary Guidance: Working Online (GPiA 047). All our practitioners provide confidentiality within these guidelines.

Your sessions are strictly confidential, and the contents will not be disclosed beyond good practice guidelines. These guidelines dictate the following exceptions to the confidentiality rule:

In the case of your physiotherapy/ podiatry, were you have been referred by via a third-party medico-legal intermediary and/ or your insurer, it is necessary to provided written reports detailing your recovery. This information is stored securely (see below) and sent via a password protected portal and/ or encrypted email. This will be explained in more detail during your appointment for an initial assessment.

In the case of your psychotherapy/ counselling, you psychotherapist/ counsellor is required by the British Association for Counselling and Psychotherapy (BACP) to engage in regular supervision, which is a minimum of 1.5 hours per month. You may be discussed during the supervision; however your identity will remain anonymous. Clinical supervision is in place to ensure that your counsellor/ psychotherapist is working ethically and safely, and to ensure that you receive the best practice. Your psychotherapist must abide by the BACP Ethical Framework for the Counselling Professions. More details about this can be found at BACP Ethical Framework for the Counselling Professions, and also the BACP Ethical Framework for the Counselling Professions Supplementary Guidance: Working Online (GPiA 047). 

In addition, counsellors/ psychotherapists are required to break confidentiality if they assess you are a risk of harm to yourself or to others. If at all possible they would always discuss a potential breach of confidentiality with you in advance. They would break confidentiality only to the relevant persons or authorities for the purpose of assisting your well being or the safety of others.  

If at any point during the counselling you were in need of emergency, medical, or additional support, your psychotherapist/ counsellor may ask for your consent to contact your GP or other appropriate services.  If at any point during your psychotherapy/ counselling you reveal intent to cause risk of harm to others all psychotherapist/ counsellors are then legally bound to make disclosure to authorities. 

Under the GDPR the counsellor/ psychotherapist also has a legal requirement to disclose data if you are involved in drug money laundering, planning terrorist’s offences or if a Court Order has been made. 

With regard to online counselling via email, SMS text/ message, and webcam, the police and other authorities can ask for access to an individual’s email account or synchronous messaging account where there is suspicion of illegal or terrorist activities. They can also ask counsellors/ psychotherapists for access to stored records.  Counsellors/ psychotherapists are not able to guarantee confidentiality in these circumstances.

In the case of our training services attendance registers are transmitted as scanned copies to your employer via encrypted email.

Personal data pertaining to your sessions/ training course and will be as minimal as is possible and will be stored under a coded client ID, password protected, and encrypted. Any handwritten information will be coded and stored under lock and key.  Personal data/ records of your sessions will be kept for up to 7 years after your treatment has ended. Your personal data will be disposed of by wiping the electronic files and shredding any handwritten information. You can also request (in writing) that this data is destroyed: during your treatment, once your treatment has ended, or at any time thereafter.

Your telephone number will be stored on a password protected and encrypted database. Your telephone number will be stored only for contact purposes, until such time as our contact ceases. Then it will be completely deleted.

In the case of our training services, attendance registers and health screening questionnaires will be or stored as physical copies stored under lock and key are routinely shredded after 12 months.

You have the right to request access to your client record and receive an explanation of what is held within it.  

You have the right to request erasure or correction of your client record, or to object to or restrict collection and processing of your data.

You have the right to know the source/s of personal data not originating from yourself.

You have the right to be made aware of any companies automatic decision making processes (e.g, profiling) and any significance and consequence for yourself.  

You will be made aware of any data breaches within 72 hours. You will be compensated for any damage or distress caused by the data breach. 

You have the right to complain to the ICO (Information Commissioners Office) if you are unhappy with the data processing arrangements, and to engage representation from a not-for-profit body in doing so. 

To summarise:

Person First Solutions collect, stores and process personal information about you to enable us to operate out physiotherapy/ podiatry/ sports therapy and counselling/ psychotherapy practices and our training services. This information can include contact information, as well as information about your age, health (mental and physical), sexuality (where relevant to the treatment), domestic and financial arrangements (where relevant) and other special category data. We are able to collect this information upon the legal basis of "Legitimate Interests", as per GDPR regulations.

Your information is stored anonymously, under lock and key and/ or password and encryption protected.  We may use this information to track the progress of your work treatment or, in the case of counselling/ psychotherapy, to receive reflection and guidance from a supervisor. We will keep this information for up to 7 years. This will be deleted by wiping electronic files and shredding any handwritten information.

With regards to how this information is used, you have the right to have information about you deleted, have inaccuracies corrected, the right to access information about you  - free of charge - within 1 month, the right not to receive any unsolicited marketing, the right to determine how information about you is processed and the right to complain if you are unhappy about any of the above by contacting the Information Commissioners Office here: https://ico.org.uk/concerns/, although we trust that you will try to discuss this with us in the first instance.

Should anything happen to your physiotherapist/ podiatrist/ sports therapist or counsellor/ psychotherapist/ trainer that prevents them from attending a session or course and from communicating with you directly - such as illness or death - then our Practice Manager would be able to access your contact details to inform you should this situation arise.

 

Your signed consent of the Privacy Statement & Personal Information form will acknowledge that you fully understand and accept the policy for records held, and also gives your consent to use of personal and sensitive personal data for the stated purposes.

Please protect your confidentiality when identifying yourself as the sender of payment. Your privacy within bank records is beyond our control, apart from the secure account password details we hold.

Links to other websites: our website may contain links to other websites of interest or additional support. However, once you have used these links to leave this site, you should note that we do not have any control over those other websites or the privacy and protection of information you are provided with whilst visiting those websites. Other sites may or may not have their own privacy policy and are not governed by this privacy policy.