Updated January 2021
Dr Jaclyne Di Croce, CPsychol., HCPC Reg.
What type of information is gathered
Upon initial enquiry to the service, the client’s name, e-mail address, contact telephone number, and a brief summary of the client’s query are required. This information is gathered to enable a response to initial enquiries.
Further information is collected and stored at the assessment appointment. This includes a full name, residential address, date of birth, phone number, e-mail address, emergency contact details, GP information and details of any other professional involved in the client’s mental health care. Insurer details are collected if applicable.
As a professional psychologist, clinical note taking is required. Clinical notes contain sensitive information relevant to therapy. All clinical notes are typically taken and stored electronically during therapy and supervision sessions. Such notes are stored on an encrypted device that is password protected; Dr Jaclyne Di Croce is the sole person who posses the password to access this device. All electronic clinical notes are backed-up online using a secure cloud-based storage provider. In the event that hand written clinical notes are taken, these are stored in a locked cabinet which Dr Jaclyne Di Croce is the sole person with access.
How is the information gathered and why
Most of the personal information that is processed is provided directly by you for one of the following reasons:
To register for the professional services offered;
To provide the professional services offered;
To provide payment information for the the professional services offered;
Contact information with regards to the professional services offered.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We have a legitimate interest.
What is done with the information gathered
Dr Jaclyne Di Croce uses the information that you have provided in order to contact clients about appointment scheduling or other arrangements pertaining to organising service delivery. Dr Jaclyne Di Croce will use the client’s e-mail address as the primary mode of contact for matters relating to appointments.
N.B. E-mail is vulnerable to viruses, as well as human error. Therefore, Dr Jaclyne Di Croce advises clients to be very considerate about what is included in e-mails with regards to our therapeutic work and to consider which e-mail is chosen to make contact.
Dr Jaclyne Di Croce will use e-mail to provide any necessary login details for online sessions. For self-funding clients, e-mail is used to provide a record of payment for services.
GP details are required to allow Dr Jaclyne Di Croce to share information with a client’s GP should it be assessed that this is required to safeguard physical and/or emotional health.
Emergency contact details are stored should an emergency situation related to a client’s health and wellbeing arise during an appointment, and notification is deemed essential to the client’s wellbeing and safety.
If applicable, details of the client’s insurance policy are collected in order to allow verification of the client’s insurance cover and process payment from the insurance provider.
How your information is stored
All client information is held in password-protected documents, on an encrypted device, to which only Dr Jaclyne Di Croce has access. Any client information held in hard copy (e.g. signed contract) is held in a locked filing cabinet.
In the event of information relating to a client being provided by a third party (e.g. if referred by another professional) only information pertinent to assessment and therapy will be kept. This information will be password protected and stored on an encrypted system. Clients are made aware that this information is held, and that they have the right to access it.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact email@example.com if you wish to make a request.
N.B. GDRP legislation states that individuals have the right to be ‘forgotten’ ,i.e. for their information to be erased should they request that. However, as Dr Jaclyne Di Croce is a Practitioner Psychologist and registrant of the HCPC , and information gathered for the purposes of psychological assessment and treatment form part of a client’s health record. HCPC guidelines require practitioners to store health records for seven years. Records are held for seven years from the completion of therapy or supervision. Records are destroyed at the end of the calendar year once seven years have expired.
How to complain
You can also complain to the ICO if you are unhappy with how your data has been used.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113