PRIVACY NOTICE

Wolds Psychology Data Protection Policy

Effective Date: 12/10/25

Review Date: 1/10/26

Policy Owner: Dr Tracy Richardson

________________________________________

1. Introduction

Wolds Psychology is committed to protecting the privacy and security of personal data. This policy outlines how we collect, use, store, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

________________________________________

2. Scope

This policy applies to all personal data processed by Wolds Psychology, including data from clients, staff, contractors, and website visitors.

________________________________________

3. Definitions

•Personal Data: Any information relating to an identifiable person.

•Special Category Data: Sensitive data such as health information.

•Data Controller: Wolds Psychology.

•Data Processor: Any third party processing data on our behalf (e.g., Microsoft 365 Family).

•Data Subject: The individual whose data is being processed.

________________________________________

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

•Consent (e.g., for marketing communications).

•Contractual necessity (e.g., therapy sessions).

•Legal obligation (e.g., safeguarding).

•Legitimate interests (e.g., service improvement).

________________________________________

5. Data We Collect

•Contact details (name, email, phone)

•Health and psychological information

•Appointment history

•Payment and billing information

•Website usage data (via cookies)We use your personal data to:

•Provide psychological services and respond to enquiries.

•Manage appointments and communicate with you.

•Maintain records in accordance with legal and professional obligations.

•Improve our website and services.

•Comply with legal requirements. Wolds Psychology is registered with the Information Commissioner's Office (ICO) as a data controller under the Data Protection Act 2018. Our registration number is ZB755824 This confirms our commitment to handling personal data in accordance with UK GDPR and data protection legislation.

________________________________________

6. Data Storage and Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, or misuse.

We use Microsoft 365 to securely store and manage personal data.

•OneDrive Personal Vault: Used for storing sensitive documents with an extra layer of security.

•Password Protection and Encryption: All files are encrypted in transit and at rest.

•Multi-Factor Authentication (MFA): Enabled for all accounts accessing sensitive data.

•Device Security: All devices used to access data are protected with antivirus software, firewalls, and automatic updates.

•Access Control: Data access is restricted to authorized personnel only.

WriteUpp.com

WriteUpp is a cloud-based practice management system designed for healthcare professionals. It is used for:

•Secure storage of clinical notes and client records

•Appointment scheduling and invoicing

•GDPR-compliant data handling

•UK-based hosting with ISO 27001 certification

•Role-based access control and audit trails

•Encrypted data transmission and storageWriteUpp is compliant with NHS and UK data protection standards and is specifically designed for clinical environments.

Encrypted Windows PC (BitLocker)

•BitLocker full-disk encryption enabled

•Used for accessing and storing sensitive documents locally

•Protected by strong passwords and automatic lock settings

•Regularly updated antivirus and firewall software

Apple Devices (iMac, iPad, iPhone)

•All devices secured with passcodes and biometric authentication

•iCloud disabled for sensitive data

•Files stored locally or via encrypted apps (e.g., WriteUpp, OneDrive)

•Device encryption enabled by default (FileVault on iMac)

•Remote wipe enabled in case of loss or theft

Email Hosting

•We use IONOS (by 1&1 IONOS SE) as our secure email hosting provider. Emails and related communications may be stored on IONOS servers, which are located within the UK or EU and are compliant with GDPR standards.

________________________________________

7. Data Retention

We retain personal data only as long as necessary:

•Clinical records: 7 years after last contact (or until age 25 for minors)

•Financial records: 6 years

•Website data: 12 months

Data is securely deleted or anonymised after the retention period.

________________________________________

8. Data Sharing

We do not share personal data with third parties unless:

•Required by law (e.g., safeguarding concerns)

•With explicit consent

•For secure processing (e.g., Microsoft 365 Family storage)

________________________________________

9. Data Subject Rights

You have the right to:

•Access your data

•Rectify inaccurate data

•Erase data (“right to be forgotten”)

•Restrict processing

•Object to processing

•Data portability

Requests can be made via email to Tracy@woldspsychology.co.uk

________________________________________

10. Breach Notification

In the event of a data breach, we will:

•Notify affected individuals within 72 hours

•Report to the Information Commissioner’s Office (ICO) if required

•Take remedial action to prevent recurrence

________________________________________

11. Policy Review

This policy is reviewed annually or when significant changes occur in data handling practices.

________________________________________

12. Contact

For questions or concerns about this policy, please contact:

Dr Tracy RichardsonEmail: tracy@woldspsychology.uk

Cookie Policy for www.woldspsychology.co.uk

Effective Date: 12/10/25
Review Date: 1/10/26
Policy Owner: Dr Tracy Richardson
Contact: tracy@woldspsychology.co.uk

1. What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They help the website function properly, improve user experience, and provide analytical data to help us understand how our site is used.

2. How We Use Cookies

We use cookies to:

Ensure the website functions correctly
Remember your preferences (e.g., language, accessibility settings)
Analyse website traffic and usage patterns
Improve website performance and content
Enable social media features (if applicable

3. Types of Cookies We Use

Strictly Necessary - Required for core website functionality (e.g., security, navigation)

Performance - Collect anonymous data on how visitors use the site

Functionality- Remember user preferences and settings

Analytics - Help us understand visitor behaviour using tools like Google Analytics

Third-Party - May be set by embedded content (e.g., YouTube, social media plugins)

4. Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

View which cookies are stored
Delete cookies
Block cookies from specific sites
Block all cookies

Please note that disabling cookies may affect the functionality of our website.

5. Consent

When you first visit our website, you will be presented with a cookie banner requesting your consent to use non-essential cookies. You can update your preferences at any time by revisiting the banner or adjusting your browser settings.

6. Third-Party Services

We may use third-party services such as:

Google Analytics – to collect anonymised usage data
Embedded content – such as videos or maps that may set cookies from external domains

These services have their own cookie and privacy policies, which we encourage you to review.

7. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our practices. The latest version will always be available on our website.

8. Contact

If you have any questions about our use of cookies, please contact:

Dr Tracy Richardson
Email: tracy@woldspsychology.co.uk

Privacy Information: Text