Severnside Institute for Psychotherapy (SIP) will ensure that it complies with both the law and ethical practice in all its dealings with personal data which it holds on individuals. In particular, SIP will respect the rights of individuals and be open and honest with those whose data is held, provide appropriate training and support for staff and members who handle personal data and follow the data protection principles of good information handling which are set out in the General Data Protection Regulation (GDPR) (EU) regulation on data protection and privacy.
- Data Protection principles:
- Why we keep data on:
- Links to other websites and third party content
- How to contact us
|SIP||means Severnside Initiative for Psychotherapy, a registered charity (1079390) and Severnside Institute for Psychotherapy, a limited company (03799698).|
|GDPR||means the General Data Protection Regulation.|
|Register of Systems||means a register of all systems or contexts in which personal data is processed by SIP.|
Data protection principles
SIP is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
- This policy applies to all personal data processed by SIP.
- This policy shall be reviewed at least annually.
- SIP shall register with the Information Commissioner’s Office as an organisation that processes personal data; our ICO Registration number is ZA065119.
Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, SIP shall maintain a Register of Systems.
- The Register of Systems shall be reviewed at least annually.
- Individuals have the right to access their personal data and any such requests made to SIP shall be dealt with in a timely manner.
- All data processed by SIP must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
- SIP shall note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in SIP’s systems.
- SIP shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- SIP shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
Archiving / removal
- To ensure that personal data is kept for no longer than necessary, SIP shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- SIP shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, SIP shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
Why we keep data
Members and Associates
SIP keeps personal data, including names, addresses, and contact details, in order to process members’ professional accreditation and academic journal subscriptions, as well as contacting members and associates with professional development opportunities and opportunities within SIP. We also keep information on insurance details and clinical trustees for purposes of good governance.
If membership of SIP ceases, we retain this information for up to seven years in case of a professional complaint.
The legal base for processing this information is Contractual. That is, processing is necessary in order to meet the contractual obligations to our membership. If, as a member or associate, you have concerns about the safety or inappropriate use of your data please address your concerns to the Chair of Membership.
SIP keeps personal data, including names, addresses, and other contact details, in order to meet training commitments, invoicing for training as necessary, processing academic journal subscriptions, and circulating professional development opportunities and opportunities within SIP.
When trainees graduate and become members of SIP, we will retain personal contact information to meet our new obligations under membership as in the previous section. Student Associates (that is, trainees who undertake clinical work as part of their training) who do not become members of SIP for any reason, will have their personal data retained for up to seven years (including name and dates of training) in case of a professional complaint.
The legal base for processing this information is Contractual. That is, it is necessary in order to meet SIP’s contractual obligations to each trainee. If, as a trainee, you have concerns about the safety of your data or its inappropriate use please address your concerns to the Chair of Education.
Friends of Severnside Mailing List
This is made up of previous attendees at events, former members and trainees who have expressed an interest in SIP’s work, as well as selected staff members at relevant partner organisations. It is used to publicise events run by SIP. The mailing list is stored on the Mailchimp email marketing platform, with an option for recipients to unsubscribe at any point included in all communications.
The legal base for processing this data is Legitimate Interests.
Prospective training patients referred through SIP’s CRS
Trainee psychotherapists work with patients, assessed for suitability, who have agreed to see a trainee at lower cost.
Trainee therapists make anonymised clinical notes which will be shared with their supervisor, and occasionally other clinical trainees during a supervision meeting. Trainees also write anonymised clinical reports for the purposes of continuous assessment and final qualification. Training patients’ personal data will also be held by the Clinical Trustees of the trainee for purposes of ensuring continuity of care and responsible governance in cases where a trainee is unable to carry out their duties.
The legal base for processing Training Patients’ data is by Consent; Training patients who have come through SIP’s Consultation & Referral Service (CRS) provide consent to the above use of their information when the Training Patient completes SIP’s referral request form.
Prospective patients referred through SIP’s CRS
SIP requires prospective patients to provide personal information including names, address, and details relating to their requests for consultation. This information is passed on to an Area Representative (a fully qualified therapist and Member of SIP), who may use it if referring the patient onto a therapist. This information is retained by SIP for a maximum of twelve months from the first date of contact, after which any identifying data is destroyed. Area Representatives will also destroy personal information after twelve months.
The legal base for processing prospective patients’ data is by Consent; which is obtained when the prospective patient completes SIP’s referral request form.
SIP keeps data including tax and salary records for employees, HR records including supervision, together with disciplinary and grievance records. If an employee has concerns about the safety of their data or its inappropriate use they should address their concerns to the Executive Committee. Tax and salary records are held for up to seven years. Other HR information is deleted within three years of the staff member leaving the organisation.
The legal base for processing this information is Contractual.
SIP keeps data including names and address and other relevant information of its trustees and other officers and may pass this information to legal bodies such as the Charity Commission and Companies House. This information may be held in the official company records while the company is still active and operating.
The legal base for processing this information is Public Tasks.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
The table below explains the types of cookies we use on our website and why we use them.
|Category of cookies||Why we use these cookies|
|Strictly Necessary||These cookies are essential for websites on our services to perform their basic functions. These include those required to allow registered users to authenticate and perform account related functions.|
|Functionality||These cookies are used to store preferences set by users such as account name, language, and location.|
|Security||We use these cookies to help identify and prevent potential security risks.|
|Analytics and Performance||Performance cookies collect information on how users interact with our websites, including what pages are visited most, as well as other analytical data. We use these details to improve how our websites function and to understand how users interact with them.|
Links to other websites and third party content
Please note that SIP does not endorse, or hold any responsibility for, the content (or information contained within) any linked website.
How to contact us
If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint, you can contact us; by email email@example.com, by calling us on 0117 9273898 or by writing to us at the address below:
11 Orchard Street
Bristol BS1 5EH