Skip to main content

Privacy Policy

I, James Cogan, am the Data Controller and Data Processor for YouFusion Therapy.

Data held:

The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide you with therapy), and that it is data that you would reasonably expect me to hold and use.

Some of the data you provide may fall under the definition of “Special Category Data” as defined by the General Data Protection Regulation. The condition for processing Special Category Data is that “processing is necessary […] for the provision of health care or treatment […] or pursuant to contract with a health professional”.

I will only hold as much data as is necessary for me to fulfil our therapy contract, in line with GDPR compliance and the jurisdiction of the United Kingdom. If an enquiry is sent, I will hold any data which is contained in the email or message. If a booking is made and a session is attended, the data held may include:

  • Basic information such as name, email address and phone number
  • Other contact details such as next of kin and GP details
  • Information provided during our work together, including medical information and medical history
  • Records of interventions and methods used in our sessions
  • Emails/texts that are sent
  • Information sent from any external agency, e.g. your GP or an insurance company.

Information sharing:

Personal data is not shared with anyone apart from, in some circumstances, your GP, and for any reasons requiring disclosure (these will be discussed during our first session together).

Information regarding our sessions may be shared with a trained supervisor, for professional purposes, to assist in our therapy sessions. The supervisor will also be GDPR compliant.

I may use an accountant who will have access to my bookkeeping records (processed using Xero accounting software), and will view my bank and credit card records which will contain your provided payment information. If you would like me to redact any identifiable data before sending it to my accountant, please state this at the time of payment. If you use your name as a payment “reference”, this will be viewed by the bank and my accountant. Xero will have access to your email address and name for the purpose of invoicing you.

Information storage:

  • Emails sent between us will be held on my professional email account which is password protected. My mobile phone access to email is also password protected.
  • Text messages sent between us are stored on my mobile phone which is password protected.
  • Our session notes will be handwritten and kept in a locked filing cabinet. A coding system will make it possible to pair notes with client details if necessary, via my supervisor, but no one else would be able to connect the session notes to client data.
  • Credit card information is deleted as soon as it has been processed.
  • If you use online banking, the bank will also hold this data. Password protection will be used to pass banking details to my accountant if necessary.

Compliance with GDPR:

  • Your data will be kept for seven years as stipulated by my insurer. After this time, paper records will be shredded and computer records will be permanently deleted.
  • All data is held securely (see details of where data is held above).
  • Any data transmitted is sent via encryption where possible.

If there is any breach of data security, YouFusion Therapy will provide all details to the information Commissioner’s Office (ICO) and will inform any affected clients as soon as possible, taking measures to minimise the potential impact.

Your rights:

  • You have the right of a Subject Access Request (SAR) to request that I send all information that I hold about you.
  • You have the right to rectification if any data I hold about you is incorrect.
  • You have the right to erasure if you would like me to erase your data (in line with my insurance).
  • You have the right to data portability, which may be relevant if you want your notes sent to another therapist.

[NB: in each of the above cases, I will fulfil your request within 30 days unless this is impossible due to illness].

  • You have the right to object to direct marketing.

Cookies:

I do not currently use cookies on this website.

A cookie is a small amount of data that is sent to your computer or mobile phone browser from a website you visit, and which is then stored on your hard drive.

I may use cookies in the future to help me to understand how potential clients engage with my site, enabling me to make improvements. If that happens this policy and page will be updated to provide disclosure. I will never use cookies to collect personal information.

For more information about cookies, visit www.aboutcookies.org.