Our Privacy Notice; How We Use and Share Your Information

Think CBT Ltd. is committed to making sure that Your data is securely protected and that you are aware of the rights you hold when your data is being processed by us.

Our privacy policy is compliant with the principles of General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). We are registered with the Information Commissioner’s Office (ICO) under the Data Protection Register, our registration number is ZA050075.

Think CBT Ltd. is the Data Controller of the data it holds about its clients, associates and staff. You can contact the data protection officer by emailing datacontrol@thinkcbt.com.

 

Glossary of Terms:

GDPR; General Data Protection Regulation. New data privacy and protection regulations replacing the individual data protection laws in all EU countries on 25th May 2018.

Therapy Notes; anonymised notes securely kept by your therapist to support continuity and progress through the therapeutic process.

Consent; Freely given, specific, informed and explicit consent by statement or action by the patient, staff member or any person signifying agreement to the processing of their personal data.

Controller; The Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor; A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Subject; Any individual we deal with such as a client, patient, therapist or Doctor whom the particular personal data is about.

Data Protection Officer (DPO); An expert on data privacy who works independently to ensure the business is adhering to the policies and procedures set forth in the GDPR.

Personal Data; Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Processing; Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.

Right to be Forgotten (RTBF); Also known as 'right to erasure'. Entitles the data subject to have the clinic erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.

 

Why We Maintain Personal Data:

We need to collect and maintain a record of the care you receive to ensure that:

  • Professionals involved in your care have accurate and up-to-date information.
  • We have all the information necessary for assessing your needs and providing excellent care.
  • Your concerns can be properly investigated if you raise a complaint.
  • Accurate information about you is available if you need to transfer to another therapy provider or request a referral to an alied health professional.

 

Your Record:

We have a duty to:

  • Maintain full and accurate records of the therapy we provide to you.
  • Ensure that your records are confidential, secure and accurate.
  • Provide a copy at your request in an accessible format.

Your record may include some or all of the following:

  • Your name, address and date of birth;
  • Contact we have had with you, such as appointments;
  • Therapy notes, test results and reports kept confidentially by your own therapist.
  • Relevant information from referrers such as health professionals or relatives.

 

Identifying You As An Individual:

We have many patients with similar names so it vitally important for all patients to be properly identified as individuals. In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:

  • Full name
  • Date of birth
  • Permanent address
  • Email address
  • Contact number

 

How Think CBT Ltd. Uses Your Contact Details:

We take your privacy seriously so please let us know if you have any specific contact instructions.

Telephone:

If you provide a mobile phone number: we may ring, leave a message or text you, please inform us if you do not want us to do so.
If you provide a landline: we may leave a message, please inform us if you do not want us to do so.

Email:

If you provide us with your email address: we may use it to send confidential information, unless you have instructed us not to do so.
Please read the following before providing us with your email address:

Email Encryption:

For the purpose of sending sensitive and confidential information such as therapy reports, referrals and test results we use password protection on all documents transmitted.

This additional level of security allows us to stop further access to your content, prevent data breaches, and control your data at all times.

Further Email Information:

  • Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet. Be aware also that if you share your computer, others may read your emails.
  • You can use email as a method to contact our main office or your designated therapist in relation to a query or to ask about an appointment.
  • Do not give more personal information than we need to process your request.
  • Do not ask us to send you personal details that you would not want seen by other people.
  • If you have an urgent question or feel at risk after going home after treatment contact an emergency service e.g. 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email Think CBT Ltd. in an emergency.

 

How Your Records Are Kept:

Our guiding principle is that we hold your records in strict confidence. We use appropriate technical and organisational measures to ensure this.

Think CBT Ltd. is registered under the Data Protection Act 1998. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security. We will fulfil its obligations to the fullest extent, including ensuring that the following 8 principles governing the processing of personal data are observed.

  1. Personal data shall be processed fairly and lawfully;
  2. Personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes;
  3. Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed;
  4. Personal data shall be accurate and, where necessary, kept up to date;
  5. Personal data shall be kept for no longer than is necessary for the purposes for which it is processed;
  6. Personal data shall be processed in accordance with the rights of data subjects under the Act;
  7. Personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage;
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.

Information about you and the services you receive may be held in written and electronic formats and will be kept for the specific retention periods outlined by the relevant professional bodies. Data held on paper or disk will be processed in accordance with the Data Protection Act and destroyed using secure documented procedures after the time periods set out by the Department of Health.

 

How Your Records Are Used:

We use your records to:

  • Ensure that any treatment or advisory services we provide to you are based on accurate information.
  • Send a letter about your care to your GP or other health professional unless you tell us not to do so.
  • Work effectively with other services providing you with treatment or advice.
  • Monitor the quality of our care and help us to understand the outcomes of therapy.
  • Investigate any relevant concerns or complaints you or your family have.
  • Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. For private patients this may include details shared with your insurance company. If you have any concerns about this, please contact your insurance provider.

 

Passing Your Intake Information to Your Designated Therapist:

Think CBT associate therapists are members of our wider team and are checked for relevant training, experience, qualifications, accreditation status and professional indemnity. Our associate therapists are self-employed, however they are required to strictly comply with our service conditions and practice standards.

When your personal intake data is passed to your designated therapist, direct responsibility for the secure maintenance of your personal information is transferred to this therapist. This helps to ensure that your information is not shared more widely within our team and that only your designated therapist has access to your personal data.

The designated associate therapist is required to comply with the standards laid out in the GDPR and maintain the principles outlined in this privacy statement.

We may also share information that identifies you where:

  • You ask us to do so;
  • We ask for specific permission and you agree to this;
  • We are required to do this by law;
  • We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed).

Think CBT Ltd. will not provide client information to other organisations except under the circumstances described in this Privacy Notice.

 

Sharing information with Other Healthcare Professionals and Family:

You must specifically name other people, with whom you would like us to share information about you. We make best efforts to ensure that information provided over the telephone is restricted to those you have named and we share on a need-to-know basis. Sometimes this means refusing to disclose information about you to someone who feels they should know about your treatment and progress. Please make your family and friends aware of this.

 

Special Situations:

Sometimes we have a legal duty to provide information about people;, e.g. where personal risk is a factor and when a court order instructs us to do so. Records may also be shared without the patient's consent in exceptional situations, such as to safeguard adults or children.

 

Sharing Your Records Outside the EU:

If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU specifically to promote your ongoing care. This would normally be the doctor who referred you to us for treatment. If you wish, we can give you the documents so that you have physical control over this information.

In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions with regard to confidentiality and security in addition to the obligations imposed by the Data Protection Act 1998.

Exceptionally we may use suppliers who are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.

 

How Can I Stop My Information From Being Shared?

If you do not want us to share your information with your GP, other healthcare providers or carers, please tell your designated therapist. But please note that not sharing your information may affect the care that can be provided for you.

You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given Think CBT Ltd. to process information about you.

If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your therapist.

 

Your Legal Rights:

You have the right to confidentiality under the Data Protection Act 1998 (DPA), the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.

You have the right to request the erasing of your data under the policy Right to Erasure (‘right to be forgotten’) in article 17 of Chapter 3 of the GDPR (EU) 2016/679.

You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:

  • The right to obtain a copy of your records in permanent form;
  • The right to have the information provided to you in a way you can understand, and explained where necessary, for example where abbreviations have been used. You would not be entitled to see information that:
    • Has been provided about you by someone else if they haven’t given permission for you to see it.
    • Identifies another person who has not given permission for you to see the information about them.
    • Relates to criminal offences.
    • Is being used to detect or prevent crime.
    • Could cause physical or mental harm to you or someone else. If you are currently receiving services from us and wish to view the record without obtaining a copy, discuss your request with the therapist providing your care.

 

Obtaining a Copy of Your Record;

If you wish to apply for access to the information we hold about you. Please note:

  • You should send your request in writing to the Think CBT Ltd. Data Protection Officer – datacontrol@thinkcbt.com. You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth.
  • We will take every reasonable step to respond to you within 40 days of receiving your request.
  • You may be required to provide a form of ID before any information is released to you. Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.

 

 

Think CBT is committed to providing access to affordable independent Cognitive Behavioural Therapy. Our aim is to support tangible improvements in the psychological health and well being of our clients, contributing to better lives worth changing for.

There are many psychotherapists and counsellors offering cognitive behavioural therapy. Always ensure that your therapist is professionally accredited with the British Association of Behavioural and Cognitive Psychotherapy (BABCP).

Cognitive Behavioural Therapy (CBT) in Sevenoaks Kent | Psychotherapy and Counselling in London SE1 | CBT in Westerham and Tunbridge Wells | Counselling and Psychotherapy in Folkestone and Canterbury | Cognitive Behaviour Therapy in Maidstone and Kingshill Kent | CBT and Counselling across Surrey and Sussex.