Privacy and Processing
We are committed to protecting and respecting any personal information you share with us. This statement describes what types of information we collect from you, how it is used by us, how we share it with others, how you can manage the information we hold and how you can contact us.
1. What information do we collect?
a. Names, postal addresses, email addresses, contact telephone numbers that
you have given us, GP and/or emergency contact details
b. For people who apply for 8-week mindfulness courses and practice days information you provide on the registration form, mid-course review and feedback forms and/or facilitator notes following the sessions, outcome measures
c. Feedback forms from our courses and events
d. Emails we exchange
e. For adults receiving psychological therapy and/or psychiatric services: therapy records including therapist notes, reports, letters, outcome measures/questionnaires
f. For children receiving psychological therapy and/or psychiatric services: therapy records including therapist notes, reports, letters, outcome measures/questionnaires and any other information provided to us by the parent/guardian(s) of that child including the name and contact details for the parent/guardian(s)
2. What is our lawful basis for collecting and processing personal data?
a. New Forest Mindfulness Ltd has a legitimate interest in using the personal data and sensitive personal data we collect to provide health treatment. It is necessary for us to provide psychological therapy, psychiatric services and mindfulness courses/events to clients
b. We may also ask for information on how you found our service for the purpose of our own marketing research
c. We may add your details to our email mailing list to let you know of future courses / events but only if you have explicitly consented to this and you have the right to opt-out of this at any time
3. How do we use this information and for what purpose?
a. To provide you with psychological therapy, psychiatric services, 8-week mindfulness courses and/or events if you have requested these
c. To process payment for our services
c. By using your feedback to assess the efficacy of what we offer and to make
improvements to our services
d. By adding your details to our database to let you know of our services and events but only with your consent
e. We take your privacy seriously. We will only use your personal information to provide the services you have requested from us
4. How do we share this information?
a. We do not share any of your information with third parties except for in
exceptional circumstances e.g.:
with our Professional Indemnity Insurers, regulatory body or legal advisers in the event of a claim – see 5b
if you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also be required by the terms and conditions of the health insurance provider to share treatment updates with them
in cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required with your written consent
If you request us to share information with other health and social care professionals involved in your care we will do so with your written consent
when disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order
when the information concerns risk of harm to the client, or risk of harm to another adult or child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else
b. We will never sell your information for marketing purposes
5. How long do we keep information for?
a. Records for adults receiving psychological therapy and/or mindfulness services from us are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000)and The Health and Care Professions Council (HCPC; 2017)
b. Records for adults receiving psychiatric services from us are retained for 20 years in accordance with the General Medical Council (GMC) guidelines
c. Records for children receiving psychological therapy, mindfulness or psychiatric services from us are retained until they reach the legal age of maturation (currently age 18) plus the period in 5a and/or 5b above
d. After this time, this data is deleted at the end of each calendar year
e. If you have not received a service from us such psychological therapy, a mindfulness course/practice session or psychiatric services from us you can request for the personal information we hold for you to be deleted immediately
6. How do we keep information and files secure?
a. Our laptops, iPads and phones are password/thumbprint protected. Malware, firewalls and antivirus protection is installed on our computers
b. We use a secure cloud based practice management software to store your data, including electronic therapy and psychiatric records. It is encrypted and password protected and states that it is GDPR compliant
c. Our email provider states that it is GDPR compliant. Personal information is minimised in phone / email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected
d. Our digital media provider states that it is GDPR compliant
f. Paper records of therapeutic and psychiatric services and mindfulness courses are kept in a locked filing cabinet.
7. How can you manage the information we hold about you?
a. For the purposes of GDPR, the processors of all information collected are New Forest Mindfulness Ltd with Dr. Maret Dymond-Bassett being the named data controller with the exception of the provision in 7b
b. Other psychologists and psychiatrists taking on clients with New Forest Mindfulness Ltd may have access to more information than Dr Dymond-Bassett due to the confidential nature of their therapy work with a specific client. In such cases, these psychologists and psychiatrists will be the primary data controller for those clients they work with directly
c. If you wish to view, amend or delete (with exception of 5b) any information we hold on you, please write to us at the address given below, or email us at firstname.lastname@example.org
8. What happens in the event of a data breach?
a. If it is something simple like an incorrectly addressed email and we are made aware of the breach, we will take appropriate action to correct it
b. If there is a serious breach, such as a hacking attack, we will let you know and at the same time notify the Information Commissioner’s Office (ICO).
9. Do I have the right to access the personal information we hold about you?
a. You have a right to access the information we hold about you
b. We will usually share this with you within 30 days of receiving a request
c. There may be an admin fee for supplying the information to you
d. We may request further evidence from you to check your identity
e. a copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy)
f. You have a right to get your personal information corrected if it is inaccurate
g. You can complain to a regulator. If you think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office:
Thank you for reading this!
The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.
c. We also use Google analytics tracking in our website to understand how users are interacting with our site. Details which cookies google uses, and how can be found here: www.google.com/policies/privacy/partners/,
d. If you wish to opt out of cookies you need to disable them in your web browser.
The following links explain how to access cookie settings in various browsers:
To opt out of being tracked by Google Analytics across all websites, visit this link: http://tools.google.com/dlpage/gaoptout.