BE . Psychology
Confidentiality, Data Protection, and Record Keeping Policy
Be Psychology Ltd provides psychological services including assessments, reports, consultancy, supervision, and psychotherapy. This policy outlines how we collect, store, use, and share personal data in accordance with the UK General Data Protection Regulation (UK GDPR).
1. Why Do We Collect Information About You?
We collect personal data, including special category data, to deliver psychological services safely and effectively. The lawful bases under the UK GDPR for processing personal data include:
- Legitimate interests
- Legal obligation
- Consent (particularly for special category data under Article 9(2)(a))
2. What Information Do We Collect About You?
We may collect:
- Personal identifiers (name, date of birth, address, contact details)
- Demographics (gender, occupation, family info)
- Health and psychological information
- Appointment and attendance records
- Information for legal/court reports
- Employment or associate-related data
3. How Do We Store the Information About You?
We store all personal information securely using encrypted systems in compliance with the UK GDPR. Access is restricted to authorised personnel. Clinicians must complete client records within 24 hours of appointments.
4. How Long Do We Keep Your Information?
- Clients accessing psychological assessments or treatment: 7 years after end of treatment or 7 years after 18th birthday for minors
- Legal/court reports: retained until case concludes, subject to solicitor instruction
- Job applicants: 12 months; employees: as per retention schedule post-employment
5. Who Do We Share Your Personal Information With?
Your data is shared only when necessary and in accordance with confidentiality policies. We may share with:
- Insurers, GPs, emergency services (with consent or under legal obligation)
- Courts and solicitors (legal reports)
- Supervisors (under professional obligations)
6. Accessing and Correcting Your Information
You have the right to access, correct, transfer, or request deletion of your data. Requests must be submitted in writing. Requests involving legal reports should be directed to your solicitor.
7. Your Rights
You have rights including:
- Access to your data
- Correction of inaccuracies
- Objection to processing
- Data portability
- Erasure of data (right to be forgotten)
8. Complaints or Queries
For concerns or complaints, contact the Data Protection Officer. If unsatisfied, you may contact the Information Commissioner’s Office (ICO).
9. Other Websites
This policy applies to the Be Psychology website only. We encourage users to review privacy policies of other sites linked from ours.
10. Data Breaches
In the event of a data breach, BE Psychology will follow ICO procedures and notify affected individuals and the ICO when required.
11. Supervision and Confidentiality
Supervision records are kept confidential unless disclosure is required by law. Clinicians retain clinical responsibility for their clients.
12. Data Controller and Processor Roles
Be Psychology Ltd is the data controller. Associate Clinicians are data processors and must comply with this policy.
13. Contact Information and Policy Updates
Dr Brittni Jones is the Data Protection Officer. Contact via drbrittnijones@bepsychology.co.uk.
This policy is reviewed annually. Last updated on: 23 May 2025.