Privacy Policy

Confidentiality and Data Protection Policy for Clients

Lancara Ltd. has a duty of confidentiality and compliance with GDPR, and insurance obligations and abides by the Complimentary Therapists Association (CThA) Code of Practice (www.ctha.com).

1. Introduction

This Confidentiality and Data Protection Policy for Clients explains how Lancara Ltd ("we," "our," or "us") collects, uses, stores, and protects personal information in the course of providing therapeutic services. We are committed to maintaining the confidentiality and security of our clients’ personal information in compliance with GDPR and other applicable data protection regulations.

2. Data Collection and Purpose

In order to provide safe and effective therapeutic services, we collect personal and sensitive information. By submitting your information, you agree to its use as specified in this policy.

If at any point you wish to withdraw consent, you may do so by contacting us, using the email below, and we will ensure your data is no longer processed for purposes that depend on consent.The types of information we collect may include, but are not limited to:

Personal Identification Information:
such as name, address, phone number, email, and date of birth.

Health and Medical Information: including doctor’s name, medications, diagnoses, and relevant medical history.

Personal History and Background: trauma history, relationships, family dynamics, and other sensitive personal details shared in the course of our work.

Assessment Data: data gathered through forms and questionnaires completed via Google Docs, PDF forms and in-person (or online).

Session Notes: hand-written notes taken during client sessions.

The purpose of collecting this information is to deliver high-quality therapy tailored to individual needs, assess therapeutic progress, and meet insurance and legal obligations.

Third-Party Links

Note also that in the course of our work I may send to you links or you may access them from the online training course (GrooveMember) to other websites which provide access to products and services offered by third parties, whose privacy policies we do not control. When you access another website or purchase third-party products or services through the Site, use of any information you provide is governed by the privacy policy of the operator of the site you are visiting or the provider of such products or services.

3. Legal Basis for Processing

We collect and process personal data on the following legal bases:

Performance of a Contract:
Personal data is required to provide services as agreed upon with each client, specifically to inform the Practitioner (Gemma Keaney, Lancara Ltd) of the most effective way to support the client(s).

Legitimate Interest:
Processing information to maintain accurate records for therapy and uphold our professional duty of care.

Legal Obligation:
We retain client records for 7 years to meet insurance and professional regulatory requirements.

4. Data Retention and Security

We are committed to ensuring that client data remains confidential and secure:

Retention:
We retain client records for a minimum of 7 years after the end of therapy, as required by insurance policies and professional regulations. After this period, data will be securely disposed of.

Security Measures:
Digital records, such as assessment data collected via Google Docs, are stored in a secure, password-protected account. Handwritten notes are stored in locked files with restricted access. We implement encryption and secure storage practices to prevent unauthorised access.

5. Data Sharing and Confidentiality

Client information is treated with the utmost confidentiality and is only shared under specific conditions:

Insurance or Legal Requirements:
Information may be shared if required by law or insurance policies:

1. Where information was shared that alerted me to a risk of serious harm to the client or someone else, especially a child, Lancara Ltd reserves the right to break confidentiality in order to prevent harm. I would do this only in extreme circumstances and would always try and discuss it with the client first before taking any action. 
2. If required by a court of law to give evidence (e.g. in criminal proceedings). 
3. If I received any information relating to an act of terrorism. 
4. Professional Consultation: If necessary, non-identifiable information may be shared with colleagues for supervision or consultation purposes to enhance therapeutic care. To improve the quality of my work I (Gemma Keaney) have regular supervision where client sessions are discussed. This is standard practice and is done anonymously. Client identity will not be disclosed to my supervisor. 

We will never share identifiable client information with third parties for marketing purposes.

6. Client Rights Under GDPR

As a client, you have the following rights regarding your personal data:

Right to be Informed: You have the right to know how your data is collected, used, and stored.
Right of Access: You can request a copy of any personal data we hold about you.
Right to Rectification: You may request corrections if any personal data is inaccurate or incomplete.
Right to Erasure: After the legally required retention period (5 years), you may request deletion of your data.
Right to Restrict Processing: You may request that we limit the use of your data in certain circumstances.
Right to Data Portability: You may request a transfer of your data to another provider in a structured format.
Right to Object: You may object to the processing of your data based on legitimate interests or other grounds.
Rights Related to Automated Decision-Making and Profiling: This applies if automated processing affects you, though we do not use this type of processing in our practice.
Right to Withdraw Consent - see details below.

You have the right to withdraw your consent for us to process your personal information at any time. If you decide to do this, please follow these simple steps:

Contact Us: Send us an email at [email protected] or use the contact form on our website.

Specify Your Request: In your message, let us know that you wish to withdraw your consent and mention which specific information you want us to stop processing.

Confirmation: We will acknowledge your request and confirm that your data will no longer be processed for purposes based on your consent, unless we are legally required to retain it.

Once consent is withdrawn, we will stop processing your data for purposes based on consent, except where legally required otherwise.

7. Contact Information

If you have any questions regarding this policy or your rights, please contact us at:

Email: [email protected] (at Lancara Ltd.)

8. Changes to This Policy

We may update this policy periodically to reflect changes in our practices or legal obligations. Any changes will be posted on our website, and we encourage you to review our Privacy Policy from time to time.

This policy was last updated o 31 October 2024.