Purpose of Policy
Mind Resolve needs to gather and use information about certain individuals. These include existing and potential clients, employees and other people we have a relationship with or may need to contact.
We are committed to protecting the rights and privacy of clients and others in accordance with GDPR.
Mind Resolve will:
a) Process data lawfully, fairly and in a transparent manner.
b) Collect data for specific, explicit and legitimate purposes.
c) Collect data that is adequate, relevant and limited to what is necessary for the purpose for which it
has been collected.
d) Ensure that data is accurate, up to date and is not kept for longer than necessary for the purpose for
which it has been collected.
e) Process data in accordance with the rights of the consumer, GDPR, Data Protection Act 2018 and other
laws and legislations that govern the rights of individuals regarding their personal data.
f) Protect data using appropriate technical and organisational methods to ensure that data is not being
processed unlawfully, or without authority and is protected from accidental loss or misuse.
g) Ensure that all data processing undertaken by third-party data controllers, data processors and/or data
sub controllers is the subject of written instructions. Sufficient contractual protection will be put in
place and will protect the rights and freedoms of our client’s personal data.
h) Provide training and support to staff handling personal data, so they can act confidently, consistently
What Information We Collect About You, and Our Purpose For Data Collection.
Mind Resolve collects data for the following purposes:
a) Appointment bookings, cancellations and reschedules
b) Contacting your GP for medical history pertaining your mental health and medication.
c) Marketing purposes.
d) To collect testimonials and case studies
e) Improving your experience of our website
The information we obtain about you is as follows:
a) Full name, date of birth (booking stage) – basic information stored for lawful and safeguarding purposes. By
providing your date of birth, you warrant that you are 18 years of age or older.
b) Email address and telephone number (booking stage) – recorded as a means of contacting you for session
scheduling, feedback or case studies and marketing purposes if your consent has been given,
c) GP details (after booking stage) – we may contact your GP with your consent to discuss your diagnosis and
medical history pertaining your mental health and other health concerns that may impact your sessions and the
medication which you are taking. This will help us to tailor your sessions according to your requirements.
d) Payment information (booking stage) – this is collected to securely pay for your sessions.
e) Session notes (during sessions) – notes will be taken by your therapist for their personal use to support the work
in the session.
f) Website Data User – when you visit our website, we will collect information about your visit such as: IP address,
location, search engine, web pages visited, operating systems and devices. These are collected to help us improve
yours and our potential clients experience of our website.
If you deem your personal data as inaccurate, we will rectify this and complete any incomplete information. You MUST update us if your personal details have changed so we can update them on our system.
You have the right to opt-out of data collection. If you wish to do so, please make a request in writing, however some data cannot be erased and will be retained for lawful purposes.
You have the right to object to any personal data being collected and this must be made known prior to the commencement of your therapy. Please note that if this does happen, any therapeutic work may be terminated as Mind Resolve are required to keep appropriate records in line with ethical bodies as well as legal and safeguarding matters.
Data Security & Storage
Storing Data Securley
Mind Resolve stores your data electronically onto our database, accessed by authorized personnel only. Our database is protected by a strong password, which we often change. All possible and recommended measures by our data controller will be put in place to keep your data secure.
Client data will remain on our system for a maximum of 5 years after therapy for the following reasons:
a) For a follow-up assessment to check in on how you are doing since your therapy.
b) We may ask you to provide us with a testimonial for our website, or to share your journey with potential clients in
our ‘client stories’ email.
c) For legal reasons.
Mind Resolve keeps client data secure against loss and misuse. We will implement any specific additional security as recommended by our data controller.
All information collected and shared with us by our clients will not be shared with anyone else. However, Mind Resolve may share your details with third parties (e.g. the police) if required. Mind Resolve will not share personal information for unlawful purposes and will only use your personal data for the purpose(s) is has been collected.
Data Controller and Processor
Shushila Ganger is the data controller and processor for all personal data held by Mind Resolve and is responsible for:
a) Storing data in a safe and secure way
b) Assessing the risks that could be posed to individual rights and freedom should their data be compromised,
c) Ensuring consent procedures are lawful
d) Checking procedures to ensure they cover all the rights of the individual
e) Identifying the lawful basis for processing data
f) Analysing and documenting the type of personal data Mind Resolve holds
g) Implementing and reviewing procedures to detect and report personal data breaches.
As a data controller and processor, we will have written contracts in place with any third-party data controllers and/or processors that we might use. These contain specific clauses which set out their responsibilities, obligations and liabilities.
As a data controller and processor, we acknowledge our responsibilities as a data processor under GDPR and we will respect the rights of data subjects.
Data Subject Access Request
Under Data Protection Regulations, you have the right to have access to your personal data and receive confirmation that we are processing your data.
Mind Resolve will provide you with a copy of the information you have requested free of charge. After you have made your request Mind Resolve will ask you to provide proof of identification and will call you and ask if you had made a Subject Access Request to minimize the risk of fraud and unlawfulness.
If someone is making a request on your behalf, you will both be required to provide your ID and you will both be required to sign a form stating that you have given your consent for this to happen and that you are acting at your own will and not by force or under threat.
We can refuse to respond to certain requests if:
a) Someone is making a request on your behalf without providing proof of your consent.
b) Your request is manifestly unfounded or excessive.
c) You are requesting information about another service-user.
Mind Resolve has the right to withhold some, or all of your personal information because of an exemption in data protection law.
Requests should be made via email and should include:
a) Use “Subject Access Request” as your email subject line.
b) The date of your request.
c) Your name
d) Your up-to-date contact details
e) A comprehensive list of what personal data you want access to, based on what you need.
f) How you would like to receive the information (by email or printed out).
When making a Subject Access Request via email, you must not include:
a) Other information with your request, such as details of a wider customer service complaint.
b) A request for all the information Mind Resolve holds of you.
c) Threatening or offensive language.
Mind Resolve will respond to your request within one month starting from the date of your request. If you request is complex or you make more than one, we will respond within a maximum of three months, starting from the date of your receipt.
Disclosure of Information Without Consent or Authorization
As stated in our Terms and Conditions, there are some cases wherein Mind Resolve is required to disclose a client’s information without their consent or authorisation. These include, but are not limited to:
a) Court order for information about your psychotherapy if you are involved with litigation.
b) If you are under arrest or under investigation by the police.
c) If you have intent to cause harm or are an enemy of state.
d) Government agency requesting information for health oversight activities.
e) If a client files a complaint or lawsuit against a therapist, they may disclose information about that client in
order to defend themselves.
f) Workers compensation claim requires disclosure to the insurer or third-party administrator.
g) Filling for an insurance claim requires Mind Resolve to reveal a client’s clinical diagnosis, other clinical
information such as treatment plans, summaries, or copies of your entire clinical record.
h) If the client is a vulnerable adult, the parents or guardian have the right to information.
Mind Resolve will comply with the Data Protection laws, the Privacy and Electronic Communications Regulation 2003 (amended 2011), the Data & Marketing Association Code set out by the Data & Marketing Commission and other laws and regulations that ensures lawful, ethical and responsible marketing practices.
Our clients will not receive any form of electronic marketing from us if they have not granted their consent. If you would like to receive electronic marketing, please check the box before you complete your payment of your chosen service.
You have the right to opt-out if you do not wish to continue to receive electronic marketing, please send this to us in writing and we will take you off our marketing list.
Once you have completed your therapy and your details have been wiped off our system, you will no longer receive electronic marketing emails from Mind Resolve.
If this policy or any data protection laws is breached, this will be reported as soon as we become aware of the breach.
Mind Resolve has a legal obligation to report breaches of our data and data protection laws to the Information Commissioners Office (IOC) within 72 hours.
Mind Resolve does not tolerate the misuse, loss and unlawful handling of client’s personal information. All current and future staff who handle client data on our database will receive the appropriate training and will be required to sign a contract which states of their responsibility, obligation and liability towards the handling of client data and our database.