Horsham Psychology Privacy Notice
Your general rights under GDPR:
Below is a summary of basic rights as denoted by the new GDPR governance. Please note that these are general rights for the GDPR process as a whole. There are additional specific considerations for those providing a health related service to the public, which includes Horsham Psychology.
• The right to be informed.
• The right of access-to request information held about you.
• The right of rectification-were there is a despite in relation to the accuracy or processing of personal data.
• The right to erasure- the right to request your data is erased when it is no longer necessary for Horsham Psychology to retain it (within boundaries of professional guidance and legislation for retention of clinical notes).
• The right to restrict processing- to request a restriction is placed on further processing of your data.
• The right to data portability- the right to request that the data controller provide the data subject with his/her personal data and where possible to transmit data directly to another data controller (data portability).
• The right to object to the processing of personal data- withdrawing consent at any time (There are exceptions to this for those providing a health related service to the public).
• The right not to be subject to automated decision making.
• The right to lodge a complaint with the Information Commissioners Office (ICO).
What is your personal data?
Personal data is information that can identify an individual. The processing of such personal data is governed by the General Data Protection Regulation (GDPR) and comes in to effect on the 25th May 2018.
Who is Horsham Psychology?
Dr Tara Quinn-Cirillo is a Counselling Psychologist and Sole Trader who conducts psychological assessment and treatment. In order to provide this service safely and effectively, Dr Quinn-Cirillo needs to collect personal data on you including demographic data and information pertaining to clinical presentation and history. This makes Dr Quinn-Cirillo both a data controller and a processor under the new GDPR governance. This means I decide how your personal data is processed, for what purposes and how it is stored. At present there are no other employees of Horsham Psychology and therefore no one else is responsible for handling patient data.
Making a referral via email
Please note that by emailing firstname.lastname@example.org you are consenting to share personal data with Dr Tara Quinn-Cirillo, Horsham Psychology. This includes your return email address. I would advise not to send sensitive patient information through email when making initial contact. Sensitive patient information should be sent through the secure email provider. Upon receipt of your initial contact email, you will be sent instructions on how to use a secure email channel where you are able to send patient sensitive information should you wish to do so. Please see below section on ‘what data I collect and hold’ for types of personal and sensitive patient data. Dr Tara Quinn-Cirillo is not responsible for information that you choose to send outside of the secure email channel.
Why does Horsham Psychology collect and will use your personal data?
Horsham Psychology has a number of lawful reasons that it can use or ‘process’ your personal information. One of the lawful reasons is called ‘legitimate interests’. This means that we can process your personal information if we have a genuine an legitimate reason and we are not harming any of your rights and interests. In other words, Horsham psychology will collect relevant personal data about you solely for the purposes of providing a heath service that offers psychological assessment and treatment.
Another lawful reason for us processing your data may be legal obligation, this is likely to apply if you are being assessed as part of a legitimate claim. We will need to process your personal data to comply with a common law or statutory obligation.
• We collect personal information on you so that we can communicate with you in a personal way. The legal basis for this is legitimate interest.
• Deliver a psychological service to you and process your payment for this service (where appropriate). The legal basis for this is the contract with you.
What data I will collect and hold?
Horsham Psychology collects and processes the following data from patients:
• Full Name
• Date of birth
• GP details
• Contact details e.g. mobile telephone/email
• Relationships and children
Sensitive personal data:
• Information gathered at the time of assessment including: medial conditions (if relevant), medication, psychological history and current difficulties, sexuality, offences (including alleged offences), risk information (including suicidal ideation or intent).
• Signed therapy contracts, therapy records including session notes, formulations, letters, reports and outcome measures. We may collect this data ourselves or you may provide us with information in the format of previous psychological or medical reports. Sometimes referrers such as GP’s or Psychiatrists will send a report to us which contains personal information. We are not responsible for how third parties send this information, but we are responsible for what we do with it once we receive it.
• Where appropriate- Private Health Provider membership number/activation number, referral information and authorisation for psychological treatment.
• The name your bank account is in when paying by bank transfer (I am not able to see your sort code or account number when a payment is made).
Patient Information sent to Horsham Psychology
Horsham Psychology is NOT responsible for patient information sent by third parties including patients themselves, referring agencies, G.P’s, agencies involved in patients care such as psychiatrists and Healthcare Providers such as AXAPPP and Bupa. Once received, this information will be stored by Horsham Psychology in a secure format and Horsham Psychology is then responsible for the continued storage of this information.
How I process your personal data?
Horsham Psychology complies with obligations under the new GDPR, by keeping personal data up to date, securely stored and destroyed where appropriate. I do not collate or keep information that is not clinically relevant for the purposes of psychological assessment or treatment. Horsham Psychology is also responsible for protecting against data loss, misuse and unauthorised disclosure or access. This is achieved by ensuring that appropriate GDPR complaint protection methods are in place to protect patients personal data in both electronic and paper format.
What is the legal basis for processing your personal information?
Horsham Psychology has a legitimate interest in using the personal information you supply/health insurers supply to provide an effective and ethical psychological assessment and treatment service. It is necessary for Horsham psychology to provide Psychological therapy as a health provider, to patients wishing to use the service.
No information that you provide will ever be passed on to another party without your consent. I do not sell your information to others.
What we do with your information?:
• Horsham Psychology takes your privacy very seriously. I will only ever use your personal information to provide the psychological services you have requested from me.
• Your personal information will be used in order to conduct psychological assessment and treatments requested by you when being referred to Horsham Psychology. This includes being able to provide you with a clinical service and to collect electronic payment from you for this service.
• If you are not able to provide the personal information I request, then please be aware that I may not be able to provide you with the psychological services you have requested.
• Horsham psychology does not send information to patients regarding other services offered and I DO NOT share any information for marketing purposes.
Horsham Psychology uses both paper and secure electronic storage of patient data. This is in order to provide the most effective clinical service to you. Paper and electronic data is stored using GDPR complaint systems. These include, paper storage in a filing cabinet a encrypted electronic file server storage, also use of a secure email and 6 pin log in smartphone for contacting patients and other providers involved in your care.
How long I will hold it and why
Horsham Psychology will only store your personal and sensitive information for as long as it is required in line with professional guidance and legislation- The British Psychological Society (BPS) and The Health Care Professionals Council (HCPC). Further information on data retention will be supplied in the patient privacy notice and contract but a summary is as follows:
• 6 months for referral enquiries that do not result in a person becoming a patient (termed “potential patients”).
• 7 years for for adults who are patients of Horsham Psychology.
• Age 18 + 7 years for children under the age of 18.
• For those individuals with a learning disability/neuropsychological information/court information should be stored for the lifetime of the client.
• There is a requirement by the HMRC Revenue and Customs that financial information including patient invoices to be stored for 7 years.
1. The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology. BPS.
2. Health and Care Professions Council (2017).Confidentiality Guidance for Registrants: London:HCPC.
Sharing data with third parties
Patient data will be held by Horsham Psychology for the purposes of assessment and treatment. Information will only be shared with a third party with consent of the patient. The exception being for purposes of safeguarding or risk to patient or others. Dr Quinn-Cirillo reserves the right to break confidentiality and share information with relevant safeguarding parties should a risk be identified. Dr Quinn-Cirillo will always inform patients should this occur and a discussion about informing other parties will take place.
For those patients who are referred via private health providers such as Bupa and AXAPPP, Horsham Psychology will share information about appointments with the provider in order to bill the provider for each treatment session. I may also share treatment updates with the provider for example, where the attention has requested to extend treatment. This is a prerequisite for many health providers in order to approve further treatment. Horsham Psychology will always discuss this with the patient before updating the healthcare provider.
Your right to access the personal information we hold about you.
You have the right to access the information I hold about you. This is called a ‘subject access request” or “right of access” under the data protection act and the general data protection regulation. I will then supply you with:
1) A description of the data I hold about you.
2) Inform you how it was obtained (if not supplied by you).
3) Inform you why and what purpose I am holding it.
4) What categories of personal data are concerned.
5) Inform you who this could be disclosed to.
6) Inform you of the retention periods of the data.
7) Inform you of any automated decision making including profiling.
8) Let you have a copy of the information an an intelligible format.
You must inform a Horsham Psychology in writing to access the information I hold about you. I want to ensure your information is correct and up to date. You can ask me to correct or remove information to think is inaccurate.
• I will provide your patient information within 30 days of your initial request being received..
• Please note that Horsham Psychology reserves the right to refuse a request to delete patient therapy records. These have to be kept for a period of 7 years for adults and different lengths for others as outlined above in accordance with the British Psychological Society (BPS) and Health Care Professions Council (HCPC).
• I may ask for identify documents to verify your identity.
• You have the right to get your information corrected if there are inaccuracies in the data we hold.
You have a the right to complain to a regulator (the Information Commissioners Office ICO) if you think that we have not complied with data protection laws.
Telephone: 0303 123 1113
Dr Tara Quinn-Cirillo (CPsychol, AFBPsS)
Chartered Counselling Psychologist
Use of the website http://www.horshampsychology.com
Horsham Psychology uses a WordPress website so potential patients and referrers can learn about me and the Psychological service that I offer.
The website Horsham Psychology is operated by WordPress. The Horsham Psychology website does not include a function for web based enquiry/self referrals to be made via the site. Therefore none of your personal information is stored in the form of cookies.
All referrals are made using the separate contact details provided on the page (telephone and email address). This website version of WordPress is a clean version without the use of plugins and
The Horsham Psychology website does contain links to third party sites including the HCPC (Health Care Professions Council) and the BPS (British Psychological Society). Horsham Psychology is not responsible for the operation of third party sites and by following these links you are accepting liability for doing so.
I would urge you to refer to the privacy and cookie policies of these third party websites.
It is possible to turn off cookies on the devise you use to access a website. For some websites this can affect the performance of the website.
For further information visit http://www.allaboutcookies.org.
Dr Tara Quinn-Cirillo (CPsychol, AFBPsS)
Chartered Counselling Psychologist