Dr Hannah Odendaal & Associates Privacy Policy & GDPR Notice

Version: November 2022

 Dr Hannah Odendaal & Associates ICO registration number is ZB438530

This privacy policy and GDPR notice sets out how Dr Hannah Odendaal & Associates LTD, using the website https://www.drhannahodendaal.uk/, will store and use information provided by you to us. Any mention of, "I", "our", "us", or "we" refers to Dr Hannah Odendaal & Associates LTD and "you" refers to the person using and interacting with this website.

Dr Hannah Odendaal & Associates LTD is committed to guarding your privacy and personal data. Your personal data and data which identifies you will only be used in accordance with this Privacy Policy. We may update this Privacy Policy as required for means of the business and/or to ensure any changes in legal requirements.

By ticking boxes or clicking submit buttons, you provide consent that you are agreeing that we can process the data provided through such interactions for the requirements of Dr Hannah Odendaal & Associates LTD and its website.

Dr Hannah Odendaal (Clinical Psychologist & LTD Company Director) offers clinical psychology services to any persons under the registered private limited company Dr Hannah Odendaal & Associates - Company number: 14456690. 

This privacy policy explains how Dr Hannah Odendaal & Associates LTD (as a data controller) and the listed Company Director and Data Processor, Christian Odendaal, process and store personal information collected about clients, in compliance with the General Data Protection Regulation (GDPR). Any doctoral associates working under will follow the company data policies and only record client information using approved methods to ensure data compliance and security.  Dr Hannah Odendaal & Associates website (https://www.drhannahodendaal.uk/) uses SSL (secure sockets layer) as a website security measure often seen as the ‘padlock’ on the browser address. That website experience is secured to high industry standards by Squarespace and more can be read about this here: https://support.squarespace.com/hc/en-us/articles/205815898-Understanding-SSL-certificates

In addition, client data is secured on enterprise level solutions such as Google Workspace by passwords that take trillions of years for computers to break, changed periodically and where possible, 2-factor authentication security is also used.

 1. What are your rights? 

Dr Odendaal herself and Dr Hannah Odendaal & Associates LTD are committed to protecting your rights to privacy. Your rights include: 

  • Right to be informed about what happens to your personal data; 

  • Right to have a copy of all the personal information collected, with the exclusion of the practitioner’s personal process notes. This is standard practice. 

  • Right to rectification of any inaccurate data processed, and to add to the information held about you if it is incomplete; 

  • Right to be forgotten and your personal data destroyed; 

  • Right to restrict the processing of your personal data; 

  • Right to object to the processing carried out based on our legitimate interest. 

2. Why will we collect information about you? 

We process personal data and sensitive personal data because we have a legitimate interest to do so when providing you or your family member with a clinical psychology service. It is necessary when providing psychological assessment and therapy to clients. Our lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment. We may also ask for information on how you found our service for the purpose of our own marketing research. 

3. What information do we collect about you? 

We collect information about you that may include personal or sensitive information about you or a family member who is involved in the work, such as: 

  • First name or given name

  • Family name or surname

  • Date of birth 

  • Gender (or preferred identity) 

  • Email address 

  • Address

  • Telephone numbers

  • Relationships & children

  • Occupation 

  • GP name and contact details 

  • Name of health insurance provider, if relevant, and any data provided by the insurer. 

To make sure that you are assessed and/or treated safely and appropriately, we record your personal information, such as your name, address, as well as all contacts you have with the Company such as appointments and the results of assessments and letters relating to your care. Your data is always kept confidential. As a client, we record details of your appointments and all notes made during telephone calls and face to face appointments during the course of your therapy. This may include the following information: 

  • Current and previous medical conditions 

  • Prescribed medication 

  • Family and relationship history 

  • Psychological history 

  • Current psychological difficulties 

  • Goals for therapy

  • Therapist notes

  • Therapist reports/letters

  • Outcome measures

  • Signed therapy agreement

We also process personal data pursuant to our legitimate interests in running the business such as: 

  • Invoices and receipts 

  • Accounts and tax returns

  • General feedback to improve our service and website 

4. How do we store information about you? 

We take your privacy very seriously. We are committed to taking reasonable steps to protect any identifying information that you provide to us. Once we receive your data, we make best efforts to ensure its security on our systems. All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules. This includes:

Email: your email address and correspondence will be stored in our email accounts (currently Google Workspace) by nature of you contacting us. It is your choice as to whether or not you share personal information over email. We will avoid sending sensitive information over email, unless you consent to us doing so. 

Any hardcopy therapy notes, letters or reports will be stored securely.

5. How long do we keep your information?

We do not keep your data for longer than is necessary. Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible. Clinical records (both electronic and hardcopies) will be held for up to ten years from the end of treatment. This is so that we have a record of what we have done together in the event you return to therapy or any questions arise as to what happened during treatment. At the end of this period, the clinical record will be destroyed. The position is different for children where, in some cases, best practice is for records to be retained until the child reaches their 25th birthday. 

  • Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC.

  • Clinical records (both electronic and hardcopy) will be held for up to ten years from the end of treatment.

6. With whom do we share your personal information? 

We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally or routinely share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties: 

If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates. 

In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

For the purposes of clinical supervision. As an HCPC accredited clinician, Dr Odendaal & any associate doctors working for the clinic are obliged to consult with other Clinical Psychologists to support treatment and develop/reflect on clinical skills. When discussing clients with Clinical Psychologists in this supervisory capacity, they will only refer to clients by an alias to minimise revealing other identifiable information. 

In exceptional circumstances, we might need to share personal information with relevant authorities: 

  • When consent is given by a client for us to contact a third party e.g. a school teacher. 

  • When there is need-to-know information for another health provider, such as your GP. 

  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order. 

  • When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will aim to discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else. 

7. How can you access your information and correct it, if necessary? 

Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. Within 30 days of receiving your request, we will then supply to you: 

  • A description of all data we hold about you 

  • Inform you how it was obtained (if not supplied by you) 

  • Inform you why, what purposes, we are holding it 

  • What categories of personal data is concerned 

  • Inform you who it could be disclosed to 

  • Inform you of the retention periods of the data 

  • Let you have a copy of the information in an intelligible electronic form unless otherwise requested. 

  • To make a request for any personal information we may hold you need to put the request in writing. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

8. Complaints or queries

We try to meet the highest standards when collecting and using personal information. For this reason, we take seriously any complaints we receive about this. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. 

If you do have a complaint, please do contact Dr Odendaal who will investigate the matter on your behalf. If you are not satisfied with the response or believe we are not processing your personal data in accordance with the law, you have the right to raise your complaint with the Information Commissioner’s Office (ICO).

Contact information ICO: Website: https://ico.org.uk/concerns/ Email: casework@ico.org.uk Telephone: +44 (0) 303 123 1113 

9. The anonymous data processed & payment information handling

Dr Hannah Odendaal & Associates LTD, using the website https://www.drhannahodendaal.uk/ uses industry standard digital analytics platforms which may record user interactions with the stated website. These interactions are anonymised by design and are used for the legitimate business purposes such as:

  • Discovering broken pages on the website 

  • Discovering loading issues across different brands of web browser

  • Improving website user experience for every visitor

  • Ensuring the website loads correctly on a variety of screen sizes from mobile, PC and tablet.

  • Viewing general statistics of how my online users visit vs how many enquire

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the site, and information about how you interact with the site. We refer to this automatically-collected information as “Device Information.” We collect Device Information using the following technologies “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

Additionally when you make a purchase or attempt to make a purchase through the site, we collect certain information from you, including your name, billing address, payment information (including debit/credit card numbers), email address, and phone number. We refer to this information as “Order Information.”When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

10. How do we use payment information?

We use the appointment information that we collect generally to fulfil any appointments placed through the Site (including processing your payment information, and providing you with invoices and/or order confirmations). Additionally, we use this appointment information to:

  • Communicate with you;

  • Screen our orders for potential risk or fraud; and

  • We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the site, and to assess the success of any advertising campaign.

11. More about data processing 

Certain data analytics which are anonymized by design are shared with third parties to help us improve the business. They do not, however, contain any identifying or sensitive client information.

For example, we use Squarespace to power our website - you can read more about how SquareSpace uses your processes information here: https://www.squarespace.com/privacy. We also use Google Analytics to help us understand how our website visitors and new potential clients use the site in an anonymous way -you can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/. You can opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout. You can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/

Dr Hannah Odendaal & Associates Ltd.