Skip to main content
Making Sense Of It

Privacy Policy

“Making Sense Of It – Psychology Ltd” (MSOI) is a company offering clinical psychological services. This privacy policy explains how we use any personal information that we collect about you, as a past, present, or future service user (client or patient) or when you use our website.

1. Why do we collect information about you?

We have a number of lawful reasons that we can use (or 'process') your personal information. One of the lawful reasons is called 'legitimate interests'.

Broadly speaking Legitimate Interests means that we can process your personal information if:

  • We have a genuine and legitimate reason and we are not harming any of your rights and interests

Some of the information we may collect is classified as sensitive personal data. The reasons for collecting this information is ‘legitimate activities’ and provision of ‘health treatment’. Please see the ICO website for further information about these.

So, what does this mean? When you provide your personal details to us we use your information for our legitimate business interests. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights. MSOI have a legitimate interest in using personal data and legitimate activities to store the sensitive personal data we collect to provide health treatment. It is necessary for us to provide psychological therapy to clients.

We may also ask for information on how you found our service for the purpose of our own marketing research. No information you provide is passed on without your consent. We will never sell your information to others.

2. What information do we collect about you?

We collect information about you that may include personal or sensitive information, such as:

  • First name or given name
  • Family name or surname
  • Address
  • Telephone numbers
  • Date of birth
  • Gender (or preferred identity)
  • Age
  • Relationships & children
  • Occupation
  • Email address

To make sure that you are assessed and/or treated safely, we record your personal information, such as your name, address, as well as all contacts you have with the Company such as appointments and the results of assessments and letters relating to your care/report. Your health record is kept confidential within the Company at all times and is only shared with staff when they need it to carry out their job.

Clients

When you or your child are a client of MSOI we record all details of sessions and appointments so that your clinician can plan your intervention correctly. In addition to the personal information above, we may also collect information regarding:

  • Medical conditions (if relevant)
  • Prescribed medication.
  • Psychological history and current difficulties.
  • Sexuality (if relevant)
  • Offences (including alleged offences)
  • Financial information, including bank account details (if you are a private patient/client of MSOI)

Web access collection of information

We collect information about you when you or your child contact us about our services. We also collect information when you voluntarily complete contact forms. If you complete a web-based enquiry form, we will also collect any information you provide to us as well as your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. All web services used by MSOI are verified by themselves as GDPR compliant. MSOI always tries to minimise the amount of personal information that we require in order to provide a specific service.

3. How do we store the information about you?

We take your privacy very seriously. We will only use your personal information to provide the services you have requested from us. If you do not provide the personal information requested, then we may be unable to provide a therapy service to you.

We are committed to taking reasonable steps to protect any individual identifying information that you provide to us. Once we receive your data, we make best efforts to ensure its security on our systems. We audit and review our data asset register and compliance with the GDPR on an annual basis. We will also monitor our compliance by undertaking spot checks of our systems and staff.

All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.

All staff who join MSOI will receive a full induction to the GDPR in order that they understand their obligations under the National Data Security Standards. All staff within MSOI are aware that their use of MSOI data assets (IT systems) can be monitored to ensure compliance to the GDPR.

MSOI have systems in place to report any data security and protection breaches and near misses. Should a breach or near miss occur a redacted record is held with an action plan to address the cause of the actual or potential breach.

4. How long do we keep your information for?

Clients

We will only store your personal information for as long as it is required. Therapy records are retained for a period of 7 years (after the end of treatment or 7 years after a child has turned 18) in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) and The Health and Care Professions Council (HCPC; 2017).

The sensitive personal data defined above is stored for a period of 7 years after the end of therapy for adults, or 7 years after a child turns 18. After this time, this data is deleted at the end of each calendar year.

If you complete a web-based enquiry form, we will store the information you provide via this enquiry form. If the referral is not taken forward, we will store your personal information for 6 months and then delete this. If the referral proceeds to assessment, we will keep this information in line with the guidance described above.

5. Who do we share your personal information with?

We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. All staff are required to work to strict professional and contractual codes of confidentiality and where possible we will anonymise information so that individual patients cannot be identified.

In exceptional circumstances, we might need to share personal information with relevant authorities:

  • When there is need-to-know information for another health provider, such as your GP or Paediatrician.
  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
  • When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.

Your information may be shared with outside organisations if they are directly involved in your care/case, for instance, your GP, or others involved in your care. We will discuss with you who we would discuss your care with, and what details we would share with them.

  • If you or your child’s health is in jeopardy we may share your contact information with an emergency healthcare service (e.g. Mental Health Crisis Team).
  • If we do need to share your information, we will always try and ask for your permission for this. We may not be able to ask your permission under special circumstances where we are legally required to do so.

By contacting the Directors of MSOI by email and/or using the address below you can also get more details on:

  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
  • our instructions to staff on how to collect, use and delete personal data;
  • how we check that the information we hold is accurate and up to date; and
  • how we correct any errors in the data we hold.

6. Your rights

MSOI tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. We will then supply to you:

  • A description of all data we hold about you
  • Inform you how it was obtained (if not supplied by you)
  • Inform you why, what purposes, we are holding it
  • What categories of personal data is concerned
  • Inform you who it could be disclosed to
  • Inform you of the retention periods of the data
  • Inform you around any automated decision making including profiling

To make a request to MSOI for any personal information we may hold you need to put the request in writing.

  • You have a right to access the information we hold about you.
  • You can make a subject access request (SAR) by contacting the Directors of MSOI.
  • We may request further evidence from you to check your identity.
  • A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
  • You have a right to get your personal information corrected if it is inaccurate.
  • You can complain to a regulator. If you think that we haven't complied with data protectionlaws, you have a right to lodge a complaint with the Information Commissioner’s Office.

MSOI reserves the right to refuse a request to delete a client’s personal information where this is a therapy record. Therapy records are retained for a period of 7 years (after the end of treatment or 7 years after a child has turned 18) in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) and The Health and Care Professions Council (HCPC; 2017).

7. Complaints or queries

MSOI aims to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. If you do have a complaint, contact the Data Protection Officer who will investigate the matter on your behalf.

If you are not satisfied with the response from MSOI or believe we are not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner’s Office (ICO). The ICO registration number for Making Sense Of It Psychology Ltd is ZA267572.

Contact information ICO:

  • Website: https://ico.org.uk/concerns/
  • Email: casework@ico.org.uk
  • Telephone: +44 (0) 303 123 1113

8. Other websites

Our website contains links to other websites. Our privacy policy only applies to this website, we would encourage you to read the privacy statements on the other websites you visit.

9. Changes to this privacy notice

We keep our privacy notice under regular review and we will place any updates on this web page. This privacy notice was last updated on 20 May 2018.

10. Who we are and how to contact us

MSOI is the company that you are supplying your personal information to. The Protection Officer for MSOI and can be contacted via:

  • Email: info@makingsenseofit.org.uk
  • Senior Information Risk Owner: Dr Helena Bligh
  • Caldecott Guardian: Dr Helena Bligh
  • Data Protection Officer: Dr Helena Bligh
  • Date of Policy: 20 May 2018
  • Policy reviewed on: 16 November 2022
  • Date of Policy Review: 20 May 202