Tavistock Relationships is committed to protecting and respecting the privacy of our clients. We comply with the Data Protection Act 2018 and the General Data Protection Regulations.
This Policy explains when and why we collect personal information, how we use it and how we keep it secure.
We review this policy regularly and where necessary make updates to ensure it accurately reflects how we use your data. We will notify you if there are changes which affect how your data is processed.
We hope this policy helps you to understand how we use your data. If you have any questions you can contact us by one of the following methods:
Email to: firstname.lastname@example.org,
In writing to: Privacy, Tavistock Relationships, 70 Warren Street, London, W1T 5PB
Telephone 0207 380 1975
What information do we collect?
When you use our website
When you use our website we obtain information about you from cookies which tell us your IP address, when you visited our website and which pages you looked at.
It is possible to switch off cookies by setting your browser preferences. If you would like to turn cookies off you can do so by clicking ‘no’ when prompted by our cookie notice. Turning cookies off may result in a loss of functionality when using our website. As an example, if you turn off cookies, some information like anonymised ‘User ID’s’ for logging into systems will not be retained, so you will need to retype them each time.
Cookies are stored for a maximum of two years, though most expire much sooner.
If you use our website enquiry service we will ask you to provide us with your name, a method of contacting you and information about your enquiry into our clinical services. We will only use this information to respond to your enquiry.
Enquiries are kept for a maximum of 2 years.
We will collect information from you when you register and when you attend one of our clinical services. By providing this information you consent to the data being used as described below. When you register we will ask you to provide personal contact details including name and contact information (email address, postal address and phone number) and your date of birth. We use this information to identify whether you have previously attended therapy with us and to enable us to contact you regarding your therapy. We will also ask you whether you are attending with a partner and whether you have any accessibility requirements, this is to make sure we are prepared for your visit and whether it is a couple or individual consultation.
If you have been referred by another professional such as your GP, they may provide the registration information to us on your behalf. In some circumstances the referrer may also include a brief summary of why the referral is being made which, depending on the service, may include sensitive personal data relating to health or sexual relationships. If this is the case we will write to you to make you aware of, and to ensure you consent to, the referral to our therapeutic services. We will do this in our first communication to you within 30 days of receiving the referral.
When you register for our clinical service we will ask you to provide the contact details for your General Practitioner (GP). We do not make contact with the GP on a regular basis. In some circumstances it may be helpful to contact your GP to arrange better coordinated care. We would usually discuss this with you beforehand.
Due to the nature of therapy, during the consultation and ongoing sessions you will discuss with your therapist personal and sensitive information relating to your relationships and your family. Your therapist will record a brief summary of each therapy session and any key themes in the therapy. The records may also reference sensitive personal data such as information on health and sexual relationships which is relevant to the relationship therapy. Sensitive and personal information is kept under strictly confidential procedures, designed to satisfy both strict data protection and professional bodies’ regulations.
Correspondence between you and Tavistock Relationships will usually be retained as part of your clinical file.
We do not contact clients in our clinical services for marketing purposes. When you end therapy you will be given the option to be contacted as a Service User to give feedback to help us develop our clinical services. We will only contact you regarding service development if you have given your consent.
During the course of therapy you will be asked to complete clinical questionnaires which are part of the therapy. Your responses to the clinical measures can also alert your clinician about issues that may need to be talked about in therapy (such as distressing thoughts or actions).
We have a legitimate interest in research which shows the benefits of couple therapy to funders or to further develop our services. Your responses to the clinical measures may be used as part of a class of service user data and would not be used in any way that identifies you as an individual. The answers you give on your questionnaires are entered into a research database along with those from all the other people that have used our clinical services. We do not record your names on this database. We do statistical analyses on this large dataset to see how well we are doing on average. You have the right to ask that your data is removed from this dataset, if you wish.
How long do you keep my data?
The data belonging to clients in our clinical service will usually be retained for 8 years after which time it is confidentially destroyed. In exceptional circumstances, for example where clients return for further therapy, we may retain your clinical information for longer- in which case we will notify you.
Who do you share my information with?
We will never sell or rent your information to third parties for marketing purposes.
In relation to your therapy, Tavistock Relationships adheres to a professional code of ethical standards which includes the principle of confidentiality. This means that we would not disclose information about you to a third party without your agreement, except in situations where there was significant concern about harm to you or someone else and this would normally be discussed with you beforehand.
If you come as a couple we would normally expect that information can be shared between you. If you have any questions about confidentiality you can discuss them with your therapist.
Your data is stored in a customer management system called Salesforce which helps us to keep your details up to date and manage your appointments. Access to your data is restricted so it is only accessed by authorised staff members. Salesforce itself complies with GDPR requirements
Tavistock Relationships offers online couple and individual therapy via the ZOOM platform which is a secure, confidential and reliable video software platform. Tavistock Relationships aims to provide the highest practical levels of client confidentiality protection by using Zoom which uses end to end encryption and is GDPR and HIPAA compliant. We regret we are unable to guarantee complete confidentiality under all circumstances. Monitoring or intrusion by state agencies or by computer service providers operating under state direction may in certain jurisdictions pose a threat to client confidentiality.
When joining by computer or phone there is some device information which is collected for technical delivery purposes only and this is retained for 7 days. Information provided by the telephone service provider when participants connect via phone is retained for 24 hours only for technical delivery purposes. During these retention periods this information can only be accessed with the express written permission of Tavistock Relationships.
- Participant name (as entered by the participant when joining zoom)/ phone number
- Device type e.g. Mac/ Windows
- Public IP address
- Location (20 mile radius)
- Network Type e.g. wifi or wired
- Microphone type e.g. built in
- Speaker type e.g. built in
- Camera type
- Data Centre
- Connection Time
- Join and leave time
Online clients are asked to complete questionnaires via a platform called Survey Monkey which is GDPR compliant. When completing your questionnaires you are asked to use a unique identifier in order to protect your identity. Once the measures are completed they are downloaded and deleted from the Survey Monkey system.
Some of our clinical services receive government money to support the provision of therapy for couples. As part of delivery of funding contracts we sometimes work with partner organisations such as Family Action and Relate.
We are required to report on the number of clients we have seen and whether clients have improved as result of attending therapy. No identifiable client information is routinely reported. We may be subject to audits in order to ensure that we are fulfilling our contractual obligations in a fair and truthful manner.
Keeping your data secure
When you use our website we ensure that we keep your data (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
We ensure that access to your personal data is restricted to members of staff who require access as part of delivering our therapeutic service. Where possible Tavistock Relationships will use unique identification numbers rather than names this is in order to protect your identity.
Transferring your information outside Europe
In general Tavistock Relationships does not transfer your data outside the EU and we use partner organisations that are GDPR compliant. Our CRM system saves your data in cloud servers based in the EU.
Exceptions may apply to clients in our online therapy service. Where international clients are based outside the EU/EEA there will be data transfer outside Europe in order to deliver you online therapy.
Zoom and Survey monkey used in the delivery of online therapy use servers based outside the EU. TR does not use either platform to process your name or contact information and unique identifying numbers are used when processing data to protect your identity.
Links to other websites
The GDPR gives you certain rights in relation to the data we hold about you. You can exercise the rights outlined below by contacting us:
Email to email@example.com
In writing to Privacy, Tavistock Relationships, 70 Warren Street, London, W1T 5PB Telephone 0207 380 1975
Under the GDPR you can:
- Find out what information we hold about you
- Access a copy of the information we hold about you
- Rectify any inaccurate or incomplete personal data
- Have the right to object to our processing of your personal information
- Ask us to delete or restrict how we use your personal information, but this right is determined by applicable law
- Have your registration information (if registering using our online booking system) sent to another provider
- Have the right to appropriate decision making (TR does not use automated profiling or decision making)
- Complain to a regulator if you think we have not complied with data protection laws. You can lodge a complaint with the Information Commissioners Office https://ico.org.uk/concerns/
Review of this Policy
We keep this Policy under regular review. This Policy was last updated on 21 May 2018