1.     Introduction

I am dedicated to safeguarding the privacy and confidentiality of my clients' personal information. This document outlines our UK-GDPR-compliant terms and privacy policy to ensure transparency and compliance with the United Kingdom’s General Data Protection Regulation (UK-GDPR) for individuals residing in the United Kingdom, outlined in the Data Protection Act, 2018.

2.     Data Controller

The data controller responsible for the processing of your personal data is Dr James Adamson, registered with the Information Commissioner's Office (ICO), registration reference: C1325176. If you have any questions or concerns regarding your personal data, you can contact us at james@drjamesadamson.com or +44 (023) 8155 0241.

3.     Types of Personal Data I Collect

To provide you with high-quality individual therapy services, I may collect the following types of personal data:

Contact information: Name, address, phone number, email address.

Personal details: Age, gender, occupation, and other relevant demographic information.

Medical and psychological information: Health history, treatment notes, assessments, and any other relevant clinical information.

Communication data: Information exchanged during therapy sessions or via email, including text, audio and video.

Payment data: Details related to payment for therapy services.

Other relevant data: Any information you voluntarily provide to us to support your therapy journey.

4.     Legal Basis for Processing Personal Data

I process your personal data based on one or more of the following legal grounds:

Contractual necessity: Processing your data is necessary to fulfil our contractual obligations in providing therapy services.

Consent: With your explicit consent, I may process data for specific purposes not covered by contractual necessity.

Legal compliance: I may process your data to comply with legal obligations.

Vital interests: In certain circumstances, I may process your data to protect your vital interests or the vital interests of others.

5.     Purpose of Data Processing

I collect and process your personal data for the following purposes:

Providing individual therapy sessions tailored to your needs.

Assessing and monitoring your progress during therapy.

Managing appointment scheduling and communication.

Processing payments for therapy services.

Complying with legal obligations, including record-keeping requirements.

Addressing any complaints or concerns you may have.

6.     Data Retention

I will retain your personal data for as long as necessary to fulfil the purposes outlined in Section 5 above, or as required by applicable laws and regulations. I currently follow the National Health Service (NHS) guideline of 7 years following the termination of treatment. After this period, your data will be securely deleted.

7.     Data Security

I implement reasonable and appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

·      Secure storage and access controls for electronic data.

·      Regular review and update of security procedures.

I may share your personal data with the following parties for the purposes outlined in Section 5:

Third-party service providers: Secure payment processors, appointment scheduling tools, or electronic health record systems.

Legal or regulatory authorities: As required by law or to protect our legal rights.

I will never sell your personal data to third parties for marketing purposes.

8.     Your Rights

As a data subject under GDPR, you have the following rights:

Right to access: You may request access to the personal data I hold about you.

Right to rectification: You can request corrections to any inaccuracies in your personal data.

Right to erasure: You can request the deletion of your personal data, subject to legal requirements.

Right to restrict processing: You can request limitations on how I process your data under certain circumstances.

Right to data portability: You may request to receive a copy of your data in a machine-readable format.

Right to object: You can object to certain types of data processing, including direct marketing.

To exercise any of these rights, please contact us using the details provided in Section 2.

9.     Changes to the Privacy Policy

I may update this privacy policy from time to time to reflect changes in legal or regulatory requirements or our data processing practices. I will notify you of any significant changes and seek your consent if required by law.

10.  Complaints

If you have any concerns about how I handle your personal data, please contact us using the details provided in Section 2. You also have the right to lodge a complaint with the ICO, the UK's data protection supervisory authority.

By engaging in therapy with Dr James Adamson, you acknowledge that you have read, understood, and agreed to this UK-GDPR-compliant terms and privacy policy.