Privacy Policy
Registered office: TW12 3JU Hampton
Cookies
Like many websites, I use cookies. A cookie is a small amount of data that is sent to your computer or mobile phone browser from a website’s computer and is stored on your device’s hard drive.
Cookies record information about your online preferences. They help me understand how visitors engage with my sites so that I can improve your online experience with me at Sirin Therapy. I do not use cookies to collect personally identifiable information about you.
Each website you visit can send its own cookie to your browser if your browser’s preferences allow it. To protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
How to control and delete cookies;
You may restrict or block the cookies which are set by our website, or any other website through your browser settings. You can also ask your browser to alert you when a cookie is issued.
More information about cookies and how to manage them is available at www.aboutcookies.org
I use Google Analytics to understand how visitors engage with my websites. It collects information anonymously and reports website trends without identifying individual visitors. For more information, visit Google Analytics privacy and security information.
Data
I, Dorota Kalinska, am the Data Controller and Processor of Sirin Therapy. The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e., to provide therapy) and that it is data that you would reasonably expect me to hold and use. For those who enquire about therapy, the data I hold includes any information you have sent me by email/text/message. For those who book and attend at least one session, the data I hold includes:
-Basic information such as name, email address, phone number
-Information that you give me as part of the work we do together
-Records of what interventions that I use (or potentially do not use) in our sessions
-Emails, texts and/or messages that are sent between us
-Information sent from any third party, e.g., GP, insurance company, EAP, occupational health provider.
Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, except possibly your GP, and for any reasons covered by the Requirements for Disclosure, which are detailed and discussed when we first meet. My accountant will see bank, credit card and PayPal records, which will contain any information that you submit when making a payment. If you would like me to redact your identifiable data before sending it to the accountants, then please let me know.
The data is primarily used to enable me to provide therapy or supervision for you. It may also be used for scientific research purposes and statistical purposes.
How data is held
Any emails sent between us are held either on my computer’s hard drive or exchange server or if archived, in Dropbox which is secure cloud-based storage which is itself GDPR compliant. Any that may be held on my mobile phone are fingerprint/code protected.
Any texts/WhatsApp messages/Messenger messages sent between us (See Social Media and Electronic Information section) are held on my mobile phone which is fingerprint/code protected.
Your notes are handwritten and are kept in a locked filing cabinet. A coding system enables the therapist to know whose notes are whose, but a stranger seeing the notes would not be able to identify who they referred to.
Credit card information is shredded as soon as processed.
If you use PayPal or online banking, then clearly, these systems will hold your data. I will download from these systems for accounting purposes, and the resulting spreadsheets are held in Dropbox. When sent to my accountants, they will be password protected.
The security of data
- All data is held securely (see details of where data is held above)
- Any data transmitted is sent encrypted where possible
- For accounting purposes, Excel spreadsheets are used.
However:
- I am not in control of the data (including emails and texts) which you send me
- Apps such as Facebook routinely access any information held and this is beyond my control.
- If there is any breach of data security, I will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
How long we retain your data
The data is kept for seven years. The length of time is based on the stipulation of my insurer. After this time, any paper records are shredded, and computer records are permanently deleted.
You have rights with regard to the data held:
The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include case notes or data such as address/email/phone
The right to restrict processing. This would usually be a stop-gap measure before the correction of any errors or before the erasure.
The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
The right to object to:
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). Sirin Therapy does not engage in these things.
Direct marketing.
Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
Social Media and Electronic Information Policy
This outlines the policy of Sirin Therapy with regard to the use of social media and electronic information. If you, as a client, have questions about any aspect please do ask. As the world of technology is constantly changing this document is likely to be updated regularly.
Friending
I do not accept friend or contact requests from former or current clients on any social networking site as this can not only compromise your confidentiality (e.g., if another of my friends saw that you were a friend, they may wonder how we know each other) but would also blur the boundary of the therapeutic relationship.
Following
I tweet on a very occasional basis as an individual, not as a business. I would suggest not following me and if I notice that you have, I would suggest we discuss this. I will not follow you on Twitter as this can cause confusion around the purpose of this: would it be part of your therapy, or would I just be being curious?
Interacting
Please do not use public ways of contact (e.g. @replies or tagging) again because of the potential for this to compromise your confidentiality. You may use Facebook messenger, WhatsApp or text to discuss appointment times or other logistics but not therapeutic issues. The latter cannot be kept secure.
Use of search engines
I do not routinely Google my clients but may very occasionally in a time of crisis. For example, if you had failed to attend a session and I was concerned for your safety I may try to find out about you this way. If I did so, I would tell you about it the next time we met.
Business review sites
You may find my name on business review sites, but I have not asked to be on these. Businesses do not get a choice. Clients are free to post whatever they choose and due to confidentiality, I cannot comment on anything that is posted. Indeed, anyone (including a competitor) can post anything so it is advisable to be aware that reviews (good or bad) may not be representative of the views of real clients.
It is considered unethical by some of my professional bodies (the National Society for Hypnosis, Psychotherapy & Mindfulness) to publish testimonials and so you will not find any testimonials coming from me although it is always nice to receive private messages from clients who have completed their therapy.
Location-based services
If you use location-based services on your phone you should be aware that others may surmise that you are a therapy client if you are seen as “checking in” at my address.
It is preferable to use email only for logistical contact (e.g., to get a reminder of an appointment time) due to the inherent insecurity of email. If you wish to engage in “email therapy” then, please use a password protected word document to contain what you wish to say. I can set this up for you if you need it.
Phone
As above, texting may be used for contact about appointment times. This is preferable to making a phone call as it is easier to respond as I cannot answer the phone if I am with another client. Whether phoning or texting, please only do so between the hours of 9am and 8pm.