PRIVACY AND COOKIE POLICY

​

In this policy we will explain how and why we use your information, so that you know what to expect and can feel confident that your privacy will be protected.

 

 

Who are you?

 

Dr Danielle Crane LTD is a Limited Company (referred to as 'we', 'us' or 'our' in this policy), established by Dr Danielle Crane in 2024.  We use your information in accordance with the Data Protection Act 1998, the General Data Protection Regulation (GDPR) 2016 and the Information Commissioners Office (ICO) guidelines. As part of these guidelines, Dr Danielle Crane is considered to be the ‘Data Controller’, which means that she chooses what data to collect and how it is used. She is also the ‘Data Protection Officer’ which means that she takes responsibility for ensuring that your data is protected.

​​

Why do you need to collect my personal data?

 

We need to collect your personal information so that we can know who you are and communicate with you; the legal basis for this is a legitimate interest. It also allows us to provide you with services and process payment for these services; the legal basis for this is the contract with you.

​

What personal information do you collect and when do you collect it?

​

To provide you with therapy services, we need to collect your name, date of birth, gender, address, telephone number, email address and an overview of what has brought you to therapy. This data will be collected on your initial registration form. We may also collect data from third parties if we receive referrals from other health professionals.

​

We also gather information about your history and wellbeing through direct observation and discussion in appointments and telephone calls with you. This is part of the process of therapy. You can decline to answer any of the questions we ask; however, this may reduce the effectiveness of therapy.

 

If you want to download one of our online workbooks via the https://direct.me/drdaniellecrane link on social media, then we will need to collect your name and email address.

​

If you are browsing our website, Facebook, Instagram, Youtube or Tiktok page then your information will be stored in the form of cookies. You can opt out of this from the website when the pop up message appears. To change your Facebook, Tiktok, Youtube or Instagram privacy preference please do this directly on these platforms. Please note that, if you disable or refuse cookies, then some parts of this website may become inaccessible or not function properly. For more information on cookies, visit https://allaboutcookies.org

 

What if I don’t want to provide my personal data?

 

Sometimes we need to collect personal data by law or under the terms of the contract we have with you. If you choose not to provide your information then we may not be able to provide you with a service. We will discuss this with you to help you make an informed decision.

 

How do you use the information that you collect?

 

• To register you as a client we will need

• To contact you about appointments, we will use your name, telephone number, address or email address.

• To create your invoice, we will use your name, address, email address. We may also use your health insurance details if they are funding your therapy.

• If you request assessment reports or therapy summary letters, we will use your clinical notes to write these and then your name, address, email address to send these to you.

• To provide effective therapy sessions, we will keep any clinical notes arising from therapy sessions and related cancellations or communications between us.

• To comply with HM Revenue & Customs reviews, we will need to use copies of your invoices.

• To deliver relevant content and provide a good experience of our website, we will collect website use data through Wix cookies and analytics.

 

The lawful basis for processing this data is that is is necessary for our legitimate interests, performance of a contract with you, necessary to comply with a legal obligation and explicit consent in the case of sensitive data.

 

We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a different reason then we will contact you regarding this.

 

Where do you keep the information?

 

Online records: We use Protonmail and Clinix, which are GDPR compliant email and electronic records systems. These accounts are accessed on a password protected laptop, which has antivirus software and is stored in a locked office. Only Dr Danielle Crane has access to this office and these accounts.

 

Your contact details, session notes and any messages you send us through Clinix will be recorded as part of your client record on Clinix. If you email us on Protonmail, your emails will be stored in our inbox until we have responded to them. If they contain important information, this will then be recorded on your client record on Clinix before the email is deleted.

 

We will not store any of your bank details.

 

Offline records: ​A copy of your records will be stored on an encrypted hard drive inside a locked filing cabinet that only Dr Danielle Crane has access to.

 

How long do you keep the information?

 

Any email enquiries will be deleted after 6 months if you do not become a client. If you do become a client, your information will be stored securely for the duration of your therapy. Following completion of therapy, your details and session notes will be stored securely for 7 years to fulfil our legal, regulatory and accounting requirements. Following this, your records will be securely deleted.

 

​In the case of a child under the age of 13, records will be kept for 7 years after they reach 18 years of age. After this date, all data will be securely deleted.

 

Who do you send the information to?

 

Your information will remain confidential. The only person Dr Danielle Crane will discuss your case with is her Clinical Supervisor, who is an experienced Clinical Psychologist and bound by the same confidentiality rules. Supervision is a requirement of our profession and an important part of maintaining good practice. Your full name will not be disclosed and only clinically relevant information will be shared.

 

We will not contact your GP as a matter of course; however, we can provide a letter for them if you request this. All letters will be sent as encrypted and password protected documents by protonmail.

 

The only occasion where we will breach confidentiality is if we have safeguarding concerns that you or someone else is at the risk of significant harm. In that instance, we may have to talk to social care, police, ambulance services or other relevant agencies to protect you or others; wherever possible, we will try to discuss this with you first.

 

What happens if there’s a data breach?

 

We have security measures in place to protect your personal data from being lost or accessed in an unauthorised way. However, in the unlikely event that there is a data breach, you will be immediately informed of this and every effort will be taken to resolve the issue.

 

What are my rights regarding the information you hold about me?

 

You have the right to request a copy of your records so that you can check the accuracy of the information we hold about you. You can also request to have them corrected, deleted or transferred to another individual or company. It’s important that the personal data we hold about you is accurate and current so please keep us informed if your personal details change.

 

If you would like a copy of some or all your personal information, please make a Subject Access Request (SAR) by using the contact form on our website: https://drdaniellecrane.wixsite.com/psychology. Once we have confirmed your identity, we will process your request and provide a copy of your information within one month without any charge. This can be extended to 2 months if the information requested is complex or there are multiple requests. There may be a small processing fee if you make repetitive or excessive requests. Please note that we are legally permitted to withhold aspects of your personal information if we feel that providing this information will violate your vital interests.

 

If you want to withdraw your consent, have your personal information transferred to a third party or removed then we will do our best to help with this in a timely manner. There may be some occasions where we need to keep the data, such as for HM Revenue & Customs reviews; however we will discuss this with you.

​

How will my data be dealt with in the event that you are critically unwell?

​

In the unlikely event of my death or critical illness, there is a ‘Therapeutic Will’ in place to ensure that you are informed and receive appropriate support. The Therapeutic Executor, who is a qualified Clinical Psychologist, will access your clinical records in order to contact you. They would then either offer sessions themselves or would signpost you to an appropriate therapist.

 

Will you send me emails and text messages?

​

We will send you appointment reminders and resources via email. Where you have consented to it, we may also send text messages.

​

What about third-party links?

 

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

 

Will there be changes to the privacy policy?

 

We keep our privacy policy under regular review and will update you if there are any changes. This version was last updated in April 2024. 

 

Providing your consent

 

When you sign our consent form, you are also confirming that you have seen a copy of this policy and that you consent.

 

Further information:

 

If you have any further questions, please contact us using the contact form on our website: https://drdaniellecrane.wixsite.com/psychology.

​

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

​

​