Dr Paul Wendon-Blixrud
Clinical Psychologist
GDPR
PRIVACY POLICY
I have updated the terms and conditions alongside my data protection policy adhering to the newly developed EU General Data Protection Regulation (GDPR). For further information please visit: https://www.eugdpr.org
I (Dr Paul Wendon-Blixrud) aim to be as clear as possible about how and why I use information about you / your chid so that you can be confident that your privacy is protected. This policy describes the information that I collect when you work with me. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill 2018.
The policy describes how I manage your information when working with me, if you contact me or I contact you. It also provides extra details to accompany specific statements about privacy that you may see when using my website.
I use the information I collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, I, Dr Paul Wendon-Blixrud, am the data controller;
paul.wendonblixrud@gmail.com
mobile number 07909987461
SportMed East
36-38 Woodbridge Rd,
Rushmere St Andrew,
Ipswich
IP5 1BH
​
If another party has access to your data I will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why we need to provide them with the information. If your questions are not fully answered by this policy, please contact our Data Protection Officer, as above.
1. Why do I need to collect your personal data?
I need to collect information about you so that I can:
• Know who you are so that I can communicate with you in a personal way. The legal basis for this is a legitimate interest.
• Deliver services to you. The legal basis for this is the contract with you.
• Process your payment for services. The legal basis for this is the contract with you.
• Verify your identity so that I can be sure I am dealing with the right person. The legal basis for this is a legitimate interest to prevent identity theft and ensure I provide services to the correct person.
2. What personal information do I collect and when do I collect it?
For me to provide you with services, I need to collect the following information:
• Your name (if under 18 parent’s name also).
• Your contact details including a postal address, telephone number(s) and electronic contact such as email address.
• Relevant educational provision, work details
• Potentially your GP and / or additional healthcare provider
• Clinical Information
I collect this information directly from you. If you do not provide me with this information I am not able to provide you with my services. I may also collect information about you from third parties; for example, if I need to gather information from another health professional (such as your GP) to provide a complete assessment. This will be discussed with you if needed.
3. How do I use the information that I collect?
I use the data that I collect from you in the following ways:
• To communicate with you so that I can inform you about your appointments with me, I use your name, your contact details such as your telephone number, email address or postal address. Also, so reception staff know who to expect.
• To deliver the correct service to you I use your name, your contact details and the details about your intervention plan
• To create your invoice I use your name and email address
• To process your payment, I may use your BACS payment details
• To optimise my website so that users can find the information they need
4. Where do I keep the information?
I keep your information in the stores described below. Please note that I do not store your payment card details in any of our systems; these are passed straight through to my payment provider, via your BACS payment system.
4.1. On our computers
I use a personal computer that is located in my office and clinic premises. The computer is password protected. Passwords are stored securely and are not shared. I use Google Drive to store your data, this is a secure storage area.
Your client record:
I use a Windows computer program that stores the information on a computer in my office.
Your report:
I create a report that contains pertinent information that I gather and our findings and conclusions.
4.2. I take hand written notes when I meet you. These notes are used to create the report that I provide to you. Paper copies are destroyed once pertinent information is added to my computer record.
5. How long do I keep the information?
I keep electronic invoices for seven years as this is the required length to comply with the HMRC requirements. After seven years I delete the invoices. Clinical records will be held electronically for children until their 25th birthday, and 7 years for adults, in accordance with the British Psychological Society advice.
6. Who do I send the information to?
I send your report to you and anyone I am required by law to inform. All reports are sent through the postal system. Any reports that are sent electronically are sent as attachments that are encrypted and password protected.
​
7. How can I see all the information you have about me?
You can make a subject access request (SAR) by contacting the Data Protection Officer. We may require additional verification that you are who you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests or affect the rights of others.
8. What if my information is incorrect or I wish to be removed from your system?
Please contact the Data Protection Officer. We may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information in the same format at the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed it is our duty to determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.
10. Will we send emails and text messages to you?
As part of providing our service to you, we may send your report to you via email. The report will be encrypted, and password protected. Also, as part of this service, we need to send details of your appointments to you. To protect your information, we prefer to use an end-to end encrypted messaging service. If you are not able to use such a service, we may use SMS (text messages); however, this does increase the risk of someone intercepting the message.
​