Privacy Policy
Who we are and what we do
I am Dr Barbara Medea and I operate www.barbaramedea.com I am a Clinical Psychologist and I offer clinical
psychological services. The Health and Care Professionals Council (HCPC) and The British Psychological Society (BPS)
regulate and inform my practice. You can find out more about my professional and legal responsibilities on their
respective websites.
www.hcpc-uk.org.uk
www.bps.org.uk
My commitment
I am committed to protecting and respecting your privacy. This policy describes the information that I collect when
you use my services and how I process this information. Please read the following carefully to understand practices
regarding your personal data and how I will treat it.
I use the information I collect in accordance with all laws concerning the protection of personal data, including the
Data Protection Act 1998, the GDPR 2016 and the UK Data Protection Bill 2018.
As per these laws, Dr Barbara Medea is the Data Controller.
Please contact Dr Barbara Medea with any questions or requests about the personal information here
process.
ICO registration number: ZB528389.
1. Information I Collect
I collect personal information from you when you fill out the contact form and when I begin to organise therapeutic
services for you.
We may collect and process the following data about you:
• Information that you provide by filling in forms on my site.
• I may also ask you for information when you report a problem with my site.
• If you contact me, I may keep a record of that correspondence.
• Details of your visits to my site including, but not limited to, traffic data, location data, weblogs, operating
system, browser usage and other communication data and the resources that you access.
For me to provide you with services, I need to collect the following information:
• Your name
• Your contact details including telephone number(s) and electronic contact such as email address.
• Your GP details
• Details of your next of kin
• Relevant data about your health
2. Why do I need to collect your personal information?
I need to collect information about you so that I can:
• Know who you are so that I can communicate with you in a personal way.
• Deliver services to you.
• Process your payment for the services.
• Verify your identity so that I can be sure I am dealing with the right person.
• Optimise your experience on my website.
3. Use of Information
I will use your personal information for the purposes for which it was provided to me, including but not limited to:
• Responding to your inquiries and providing information about my services.
• Scheduling and managing appointments.
• Improving and optimising my Site and services.
• Complying with legal obligations.
3.1 Google analytics
When someone visits this website I use a third party service, Google Analytics, to collect standard internet log
information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to
the various parts of the site. This information is only processed in a way, which does not identify anyone. I do not
make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
3.2 Links to other websites
My website may contain links to other websites of interest. However, once you have used these links to leave our site,
you should note that I do not have any control over that other website. Therefore, I cannot be responsible for the
protection and privacy of any information you provide while visiting such sites, which are not governed by this
privacy statement. You should exercise caution and look at the privacy statement applicable to the website in
question.
4. Data Security: Where do I keep the information?
I take the security of your personal information seriously. I have implemented appropriate technical and
organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or
destruction.
I keep your information in the stores described below.
4.1. Your customer record
I use an electronic Practice Management System, Clinix. This system is password-protected and stores information in a
data centre in the EU, and is GDPR compliant.
4.2. Your report
I create reports and notes that contain information that I gather, and my findings and conclusions. These are also
stored on my Clinix Practice Management System.
4.3. iPad
I keep clinical notes on the work I do with you. These are stored securely using my practice management system,
Clinix. I use an iPad to write notes during the sessions. The iPad is password-protected.
4.4. Paper record
In the event that paper records are used during an appointment (e.g. paper questionnaires, diagrams), these documents
are scanned into your electronic record and then securely shredded using a micro-cut shredder.
5. How long do I keep the information?
I keep electronic invoices for seven years as this is the required length of time to comply with HMRC requirements.
After seven years I delete the invoices using the accounts package ‘Delete’ function.
I keep your personal details for six years after the end of therapy, as required by our regulatory bodies.
6. Who do I send the information to?
Your information is kept confidential at all times. Where possible I will anonymise information so that individual
patients cannot be identified.
In exceptional circumstances, I might need to share personal information with relevant authorities:
• When there is need-to-know information for another health provider, such as your GP.
• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for
example a Court Order.
• When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will try
to discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you
or to someone else.
7. Your rights
Your principal rights under data protection law are:
(a) the right to access – you can ask for copies of your personal data;
(b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete
personal data;
(c) the right to erasure – you can ask us to erase your personal data;
(d) the right to restrict processing – you can ask use to restrict the processing of your personal data;
(e) the right to object to processing – you can object to the processing of your personal data;
(f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;
(g) the right to complain to a supervisory authority – you can complain about our processing of your personal data;
and
(h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is
consent, you can withdraw that consent.
8. How can you see all the information I have about you?
You can make a Subject Access Request (SAR) by contacting the Data Protection Officer. I may require additional
verification that you are who you say you are to process this request. I will usually share this with you within 30
days of receiving a request. There may be an admin fee for supplying the information to you.
9. What happens in case of a breach of privacy?
In the unlikely event of a breach in our privacy system, I will first act to stop the breach, and will then inform you
if your information has been affected. If it is possible that your information has allowed someone to identify you, I
will inform the Information Commissioner’s Office (ICO).
If your questions are not fully answered by this policy, please contact our Data Protection Officer. If you are not
satisfied with the answers from the Data Protection Officer, you can contact the Information Commissioner's Office
(ICO)
https://ico.org.uk.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The most current version will always be posted on this page, with
the "Last updated" date noted at the top.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact me
August 2023