Privacy Notice

Lemons to Lemonade is committed to ensuring that your privacy is protected. This Privacy Notice sets out how Lemons to Lemonade uses and protects any information that you give to us, including information that you give when you use the Lemons to Lemonade website or Facebook page, and how Lemons to Lemonade complies with the General Data Protection Regulation (GDPR).

Lemons to Lemonade may change its privacy policy from time to time by updating this Privacy Notice. The current Privacy Notice will be available on the Lemons to Lemonade website. You should check this website from time to time to ensure that you are happy with any changes. This Privacy Notice is effective from July 2019.

Data Control

Dr. Stephen Skippon is the Data Controller for Lemons to Lemonade. Dr. Rachel Skippon is an additional Data Controller for the clients she works with directly and may have access to more data than Dr. Stephen Skippon in respect of these clients due to the confidential nature of her therapy work with specific clients. In such cases, she is the primary Data Controller for those clients.

What personal data we process

Lemons to Lemonade collects and processes the following personal data from therapy clients, coaching clients, workshop attendees, and where appropriate and with their written personal agreement, individuals with whom we work in the course of work for organisations:

  • Personal data: basic contact information: name, address, email, contact number, and GP contact details.
  • Sensitive personal data: Signed Client Agreement or Workshop Attendee Agreement; therapy, coaching or other contact records (therapy/coaching notes, letters, reports, questionnaires, worksheets, outcome measures, feedback sheets, emails and text messages from clients).
  • If you complete a web-based enquiry form, we will also collect any information you provide to us as well as your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. All web services used by Lemons to Lemonade are verified by themselves as GDPR compliant.

If you are referred by your health insurance provider, then we shall also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological therapy.

If we work with you in the context of our work for an organisation in which you are involved, then where appropriate and with your written personal agreement we shall also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and authorisation from the organisation for us to work with you.

The lawful basis for processing personal data

Lemons to Lemonade has a legitimate interest in using the personal data and sensitive personal data we collect to provide health treatment, therapy, coaching, workshops, or services to organisations with whom we work. Using this data is necessary for us to provide psychological therapy, coaching, workshops, and services to individual or organisation clients.

What we do with your personal information

At Lemons to Lemonade we are committed to ensuring that your privacy is protected. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you.

We will only use your personal information to:

  • Provide the services you have requested from us or, with your written personal agreement, to provide services to an organisation with which you are involved.
  • Process payment for such services.
  • Improve our services.
  • Contact you for our own market research purposes by email, text message, or phone.
  • Customise the Lemons to Lemonade website and/or Facebook page according to your interests.
  • Send promotional emails about new services, special offers or other information from Lemons to Lemonade which we think you may find interesting.

If you do not provide the personal information requested, then we may be unable to provide a therapy, coaching, workshop, or other service to you.

What we will NOT do with your personal information

No information you provide will be passed on to others without your prior written consent unless we are required by law to do so.

We shall never sell, lease, or distribute your information to third parties for commercial purposes.

Where we are working with your employer or any other organisation with which you are connected, we will not share any information we have about you unless you have given us your explicit personal written consent to do so. This also applies if we are providing you with individual therapy paid for by your employer.

We will not share information about you that we obtain from your employer or other organisation with whom we are working, without your explicit personal written consent to do so.

How long we store personal information

We will only store your personal information for as long as it is required. Basic contact information held on a therapist’s mobile phone is deleted within 6 months of the end of therapy.

The sensitive personal data defined above is stored for a period of 7 years after the end of therapy, coaching, or other services. After this time, this data is destroyed at the end of each calendar year.

Who we might share personal information with

We hold information about each of our clients and the therapy, coaching, or other services they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:

  • Where you give us written personal consent and authorisation to liaise with a third party for a specific purpose.
  • If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
  • In cases where therapy has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
  • Where we are working with your employer or another organisation with which you are connected, and have information about you arising from that work, and you have given us your explicit personal written consent to do so.

In exceptional circumstances, we might need to share personal information with relevant authorities:

  • When there is need-to-know information for another health provider, such as your General Practitioner (GP).
  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
  • When the information concerns risk of harm to the client or anyone else. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.

How we ensure the security of personal information

Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. Lemons to Lemonade will never use an open or unsecure Wi-Fi network to send any personal data.

Personal information is also stored on a password protected office computer owned by Lemons to Lemonade. Mobile devices are protected with a passcode/fingerprint scanner/face recognition scanner, mobile security and antivirus software.

Written records are kept in a locked filing cabinet in our consulting room, which itself is locked except when we are present. The consulting room is located within the Regus Express business centre at Broughton Retail Park, which is locked when unoccupied. The Regus Express centre is located adjacent to the Security Office which provides 24 hour, 7 day security for the Retail Park.

How we use cookies on the Lemons to Lemonade website

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links from the Lemons to Lemonade website to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Your right to access the personal information we hold about you

You have a right to access the information we hold about youunder the General Data Protection Regulations 2018. A fee of £15 will be payable. We will usually share this with you within 30 days of receiving a request. We may request further evidence from you to check your identity. A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy), If you would like a copy of the information held on you, please write to:

Lemons to Lemonade
1st Floor Management Suite
Regus Express
Broughton Retail Park

Chester CH4 0DE

Or email contact@lemonstolemonade.co.uk

You have the right at any time to request that your personal contact information is deleted, except where this relates to therapy records (see Your right to access the personal information we hold about you below). If you wish to make such a request, please write to the address or email address above.

You have a right to have your personal information corrected if it is inaccurate. If you believe that any information that we are holding on you is incorrect or incomplete, please write to the address or email address above. We shall correct promptly any information found to be incorrect.

Lemons to Lemonade reserves the right to refuse a request to delete a client’s personal information where this relates to therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS, 2000) and The Health and Care Professions Council (HCPC, 2017).

If you think that we have not complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.

Dr. Stephen Skippon and Dr. Rachel Skippon July 2019

References

British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.

Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.