Why do we collect information about you?
We have a number of lawful reasons that we can use (or ‘process’) your personal information. One of the lawful reasons is called ‘legitimate interests’.
Broadly speaking Legitimate Interests means that we can process your personal information if:
We have a genuine and legitimate reason and we are not harming any of your rights and interests in doing so.
So, what does this mean? When you provide your personal details to us we use your information for our legitimate business interests which is providing psychological assessment and interventions. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
Another lawful reason for us processing your data may be Legal Obligation. This is likely to apply if you are being assessed as part of a litigation claim. This means that:
We need to process your personal data to comply with a common law or statutory obligation.
2. What personal information do we collect about you?
Your first name
Gender (or preferred identity)
Date of birth and age
Telephone numbers (I will request your permission to leave voicemails and send SMS messages or contact you via WhatsApp or Skype/Zoom)
Email address (I will request your permission to contact you via email)
GP contact details
To make sure that you are assessed and/or treated safely, we record your personal information, such as your name, address, as well as all contacts you have with Olive Branch Psychology such as appointments and the results of assessments and letters relating to your care. Your health record is kept confidential within Olive Branch Psychology at all times and is only taken to clinic for your sessions. In addition to the personal information above, we may also collect information regarding:
Clinically relevant medical history
Any issues around risk such as self harm or suicidality
Contact name and number of identified members of your personal risk management team if necessary
Previous psychological/psychiatric interventions
Offences (including alleged offences)
Session notes/formulation/details of interventions during therapy
3. How your personal information will be stored
We take your privacy very seriously.
We are committed to taking reasonable steps to protect any individual identifying information that you provide to us. Once we receive your data, we make best efforts to ensure its security on our systems.
All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.
Paper – written session notes & outcome measures stored in a locked filing cabinet.
Smartphone – your number will be stored on my smartphone which is password protected.
Email – any personal information sent about you, or by you, by email will be deleted from my email system and stored on Tresorit encyrpted cloud storage.
SMS/WhatsApp/Skype – Your telephone number and our correspondence will be stored in SMS or Whatsapp if we communicate using these apps.
Skype/Zoom – We may use Skype to run sessions remotely in which case I will store your Skype ID in Skype. I am responsible for ensuring the platform we use for remote sessions is secure.
Website – if you make an enquiry via our website, your data will be passed to our email account and and will not be stored on the website.
Paper documents we hold:
Contact details form
GDPR policy form
Letters from referring agencies
Letters to referrers/GP/other relevant agencies
Client code record
Electronic data we hold:
Referral information received by email (stored on Tresorit encrypted storage and deleted from email system).
Contact details held on smartphone
Session arrangements held on SMS/Whatsapp
Occasional pieces of advice/risk management on SMS/Whatsapp/
4. How will we process or share personal information?
Your information may be shared with outside organisations if they are directly involved in your care/case, for instance, your insurer if they are funding your treatment, your GP, or others involved in your care. We will discuss with you who we would discuss your care with, and what details we would share with them.
All Clinical Psychologists receive clinical supervision from another Clinical Psychologist. I also engage in peer supervision. The clinical supervisors will only be told the first name and age of any client I discuss. The goal of supervision is to continually develop my practice. Information is discussed in a face to face or telephone meeting in a confidential setting.
I have a duty to ensure I share your information if I become concerned that you are at serious risk of harm. I will explain this at the beginning of therapy to ensure you are giving informed consent to sharing your information with me. I will ask you to sign to confirm that you understand that I will contact your GP or crisis team if I feel you are significant risk of harm to yourself or from someone else. Unless the risk is so severe that I have no choice, I will always seek your consent before sharing your information with other services.
If you are at increased risk of harm or suicide I will develop a plan with you. This will include identified people who you have agreed I will contact when I am concerned about your risk of harm. We will call this your personal risk management team.
I am also required by law to report any information regarding intent to cause harm to others (this includes terrorism). Therefore if you disclose, or I become aware that you intend to cause harm, I may share your personal information without asking your permission.
In case of my death, my therapeutic executor will have access to your name and contact details so that you can be contacted.
5. How can you access the information we hold about you?
Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. We will then supply to you the following within 30 days:
A description of all data we hold about you
Inform you how it was obtained (if not supplied by you)
Inform you why, what purposes, we are holding it
What categories of personal data is concerned
Inform you who it could be disclosed to
Inform you of the retention periods of the data
Inform you around any automated decision making including profiling
Let you have a copy of the information in an intelligible electronic form unless otherwise requested.
To make a request to Olive Branch Psychology for any personal information we may hold you need to put the request in writing. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate, please address these changes to the information security officer at [email protected]
By contacting the Information Security Officer, by email and/or using the address below you can also get more details on:
agreements we have with other organisations for sharing information;
circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
our policy on how to collect, use and delete personal data; and
how we check that the information we hold is accurate and up to date,
6. How long will your data be held?
Written notes will be kept in a locked filing cabinet for 7 years following the end of therapy. This is the length of time recommended by the British Psychological Society. This allows access to notes in case you return to therapy. It also allows notes to be available in case of legal action.
7 years after completion if therapy your written information will be shredded and any electronically stored data will be destroyed.
7. What are your rights?
You have rights around your personal data and how we handle it. Below is a list of your rights in relation to the use, storage and sharing of your personal information. Some of my professional and ethical regulations may supersede or conflict with some of these rights. If that becomes an issue I will discuss this with you, if and when such a situation arises.
1.The right to be informed (We have a duty to inform you how we will use your personal information.)
2.The right of access (You have a right to request access to the information we hold about you, free of charge)
3. The right to rectification (You have the right to ask us change any data we hold about you if you believe it is not accurate. If I am unable to do so, your request will be recorded in the notes.)
4.The right to erasure (You may request that we delete your personal information, 5.The right to restrict processing of your personal information.
6. The right to data portability.
7.The right to object to the processing I carry out based on legitimate interest.
8. Rights in relation to automated decision making and profiling.
8. How do I make complaints or queries?
Olive Branch Psychology tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. If you do have a complaint, contact the Data Protection Officer who will investigate the matter on your behalf.
If you are not satisfied with the response from Olive Branch Psychology or believe we are not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner’s Office (ICO)
Contact information ICO:
Email: [email protected]
Telephone: +44 (0) 303 123 1113
9. What will Olive Branch Psychology do if there is a data breach?
A personal data breach means that personal data has been lost, changed or disclosed unlawfully. We have policies and procedures in place to ensure this is highly unlikely. However, if a breach does happen, Olive Branch Psychology will take any possible action to rectify the situation as soon as we discover the breach. We will assess the level of risk caused by the breach and will contact the individuals involved if the assessment indicates this is necessary. All breaches will be recorded and those that increase risk of harm will be reported to the ICO.
Changes to this privacy notice
We keep our privacy notice under regular review and we will place any updates on this web page. This privacy notice was last updated on 9th May 2018.
Who we are and how to contact us
Olive Branch Psychology is the company that you are supplying your personal information to. The company Chief Information Security Officer (Rebekah Olive) is the Data Protection Officer for Olive Branch Psychology and can be contacted at:
Email: [email protected]
Post: Information Security Officer, Olive Branch Psychology, 27 Harrogate Road, Chapel Allerton, Leeds, West Yorkshire, LS7 3PD
Data Breach Policy
A data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Examples of these include:
access by an unauthorised third party;
deliberate or accidental action (or inaction) by a controller or processor;
sending personal data to an incorrect recipient;
computing devices containing personal data being lost or stolen;
alteration of personal data without permission; and
loss of availability of personal data.
Olive Branch Psychology will follow this response plan the case of a data breach:
The identified individual responsible for responding to a data breach is Rebekah Olive
We will assess the risk to individuals by considering whether the breach will cause emotional distress or physical or material damage. If it is decided that the breach is not likely to cause harm, the breach will be documented but not reported. If the loss of control over personal information is likely to cause harm, the breach will be reported.
We have identified the HCPC as the relevant advisory authority for our data processing activities
Take action to try to limit the impact of the breach on the individuals affected.
We will inform the ICO of the breach within 72 hours of becoming aware of it, even if we don’t have the full details of the breach
The information we will give the ICO regarding the breach is
Description of the type and quantity of data
Name and contact details of the data protection officer (Rebekah Olive)
Description of likely consequences
Description of action taken to try and limit the impact of the breach
We will inform individuals affected by the breach without delay when it is likely to result in high risk to their rights or freedoms
The information about the breach we must provide to individuals is:
The name of the data protection officer (Rebekah Olive)
Description of the likely consequences of the breach
Description of measures taken or planned to reduce the impact of the breach.
We will help individuals affected by the breach by informing them of information to protect themselves, for example…….
We will document all breaches even if they don’t need to be reported.
Sessions last 50-55 minutes and take place either weekly or two-weekly.
Sessions can be cancelled up to 24hours before the appointment. It may be necessary to charge up to the full session charge for a cancellation within 24 hours before the appointment.