Privacy

We are committed to protecting and respecting your privacy. This Privacy Statement explains when and why we collect information about visitors to our website, personal information about people who use our services, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Data Controller

Dr Amanda E. Smith, trading as Peak MPST

Information Commissioner’s Office (ICO) registration no: ZB225224

Use of Cookies on our website

Our website uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics which give us anonymous data on usage of our website.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or visiting the About Cookies website which offers guidance for all modern browsers.

Use of Website Analytics

When someone visits our website, we use a third-party service (Wix/Google) to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.

If we do want to collect personally identifiable information through our website e.g. if you wish to communicate with us, we will let you know. We will make it clear when we collect personal information and will explain what we intend to do with it.

We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here: https://policies.google.com/privacy?hl=en

If you’d like to opt out of tracking by Google Analytics, visit the Google analytics opt out page.

Personal Data

We may collect the following personal information in electronic and / or paper format about clients / patients who decide to use our services:

Name
Address
Email Address
Telephone number (s)
Date of Birth

We collect this data for the following reasons:

To communicate with you regarding eligibility to use our services (we are registered to provide services to people 16 and over and living in the UK)
To communicate with you about appointments / advice you have asked for
To communicate with services providing investigations / treatment we have agreed with you
To communicate with you regarding payment transactions (we use Square and Zettle platforms)

We may collect the following sensitive information about clients / patients who decide to use our services in electronic and / or paper format:

Gender, ethnicity and marital status
Religious or other cultural beliefs
Physical or mental health or condition
Sexuality
Offences (including alleged offences)

We collect this information for the following reasons:

To enable us to tailor the help we give you to your personal needs
To ensure we are accessible to all people we are eligible to help

Data sharing

We generally do not share any personal data about you but there are occasional exceptions:

If you request a blood test, we share your name, date of birth and postcode with 'Medichecks', who take and process the sample.
For some clients / patients it may be beneficial to share some information with other professionals, for example, GP, social workers, probation services etc. If we felt this would be beneficial in your situation, we would discuss this with you at the time and obtain your consent in each case.
On occasion we may be required to share some information with government agencies on a need to know basis, e.g. for safeguarding, client safety or criminal matters. We would discuss this with you if, and when the situation arose.
Rarely for client / patient safety and safeguarding we may have to share some information with government agencies e.g. social services, police on a need to know basis without consent.

Data Storage

We are committed to keeping your personal data secure by using encrypted files and devices.

Email / website-based communication is carried out on a password and firewall protected computer.

All electronic transactions containing personal details that you make to or receive from us will be encrypted using SSL technology.

It must however be noted that data transmission over the internet is potentially insecure, and we cannot guarantee the security of data sent over the internet.

Personal data (listed above) given to us by patients / clients who decide to use our services is stored within each individual electronic patient record (EPR). The cloud based electronic patient record system we use is called WriteUpp which complies with General Data Protection Regulations.

Consultation records of Menopause / PMS patients are also stored within each individual patient’s EPR.

Consultation records of Sexual and Relationship Therapy clients are kept in paper format only and are safely stored in a locked cabinet in an alarmed building.

Data Disposal

The Records Management Code of Practice for Health and Social Care, Information Governance Alliance, July 2016 will be used to determine the minimum retention period for Menopause and PMS service records (generally 8 years from last entry in the record if 18+, 9 years if 17 and 10 years from last entry if 16 years old).

College of Sexual and Relationship Therapists (CoSRT) guidance will be used to determine the minimum retention period for Sexual and Relationship Therapy Records (generally 7 years from last entry in the record.)

Hard copy paper records of interactions will be disposed of by shredding.

Computerised records of interactions will be disposed of by deletion.

Access to data and / or request to be “forgotten’’

Any client / patient who wishes to access / amend their data, or have it destroyed before the recommended retention period has elapsed, will need to submit a request in writing to the Data Controller.

The data controller will ensure that it is the subject requesting this information and not a third party. They will respond to the request within a month and there will not be a charge for providing any information.

Each application will be considered on an individual basis and any decision to provide access to or destroy personal data will be the clinical decision of the clinician / therapist. Safeguarding will always be a priority over personal freedom. Information about third parties will need to be removed and will never be disclosed without their express consent.

Where information about subjects is deleted, the data controller will need to keep a suppression list to evidence that they have complied with the request.

Data Breaches

All breaches will be reported immediately to the data controller.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will notify the ICO within 72 hours and inform those individuals without undue delay.

A record of any personal data breaches will be kept confidentially in the same way as any other personal data.

Supervision of Sexual and Relationship Therapy

Supervision is part of our professional duty of care to our clients undergoing therapy. It is a confidential discussion between supervisor and supervisee who are both therapists. The aim is to ensure the supervisee is conforming to the code of practice of the accrediting body i.e. College of Sexual and Relationship Therapists (CoSRT). It also helps to ensure the therapist covers all areas in assessing and managing clients. Records are stored with the same degree of security as other clinical data but separate from clinical records. Limited personal data is kept in the supervision record (eg initial, age, gender).

Case studies

Occasionally we may ask if we can use some information about your case to educate other clinicians / therapists. This information will not include any personal identifiable data and we will specifically ask your permission before using your data in this way.

Testimonials / Feedback

Occasionally we may ask if we can share on our website any feedback about our service you give. This information will not include any personal identifiable data and we will specifically ask your permission before using your data in this way.

This statement is kept under regular review.

This statement was last updated on 22nd January 2023.

Privacy

Data Controller

Dr Amanda E. Smith, trading as Peak MPST

Information Commissioner’s Office (ICO) registration no: ZB225224

Use of Cookies on our website

Use of Website Analytics

If we do want to collect personally identifiable information through our website e.g. if you wish to communicate with us, we will let you know. We will make it clear when we collect personal information and will explain what we intend to do with it.

We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here: https://policies.google.com/privacy?hl=en

If you’d like to opt out of tracking by Google Analytics, visit the Google analytics opt out page.

Personal Data

We may collect the following personal information in electronic and / or paper format about clients / patients who decide to use our services:

Name

Address

Email Address

Telephone number (s)

Date of Birth

We collect this data for the following reasons:

To communicate with you regarding eligibility to use our services (we are registered to provide services to people 16 and over and living in the UK)

To communicate with you about appointments / advice you have asked for

To communicate with services providing investigations / treatment we have agreed with you

To communicate with you regarding payment transactions (we use Square and Zettle platforms)

We may collect the following sensitive information about clients / patients who decide to use our services in electronic and / or paper format:

Gender, ethnicity and marital status

Religious or other cultural beliefs

Physical or mental health or condition

Sexuality

Offences (including alleged offences)

We collect this information for the following reasons:

To enable us to tailor the help we give you to your personal needs

To ensure we are accessible to all people we are eligible to help

Data sharing

We generally do not share any personal data about you but there are occasional exceptions:

If you request a blood test, we share your name, date of birth and postcode with 'Medichecks', who take and process the sample.

For some clients / patients it may be beneficial to share some information with other professionals, for example, GP, social workers, probation services etc. If we felt this would be beneficial in your situation, we would discuss this with you at the time and obtain your consent in each case.

On occasion we may be required to share some information with government agencies on a need to know basis, e.g. for safeguarding, client safety or criminal matters. We would discuss this with you if, and when the situation arose.

Rarely for client / patient safety and safeguarding we may have to share some information with government agencies e.g. social services, police on a need to know basis without consent.

Data Storage

We are committed to keeping your personal data secure by using encrypted files and devices.

Email / website-based communication is carried out on a password and firewall protected computer.

All electronic transactions containing personal details that you make to or receive from us will be encrypted using SSL technology.

It must however be noted that data transmission over the internet is potentially insecure, and we cannot guarantee the security of data sent over the internet.

Personal data (listed above) given to us by patients / clients who decide to use our services is stored within each individual electronic patient record (EPR). The cloud based electronic patient record system we use is called WriteUpp which complies with General Data Protection Regulations.

Consultation records of Menopause / PMS patients are also stored within each individual patient’s EPR.

Consultation records of Sexual and Relationship Therapy clients are kept in paper format only and are safely stored in a locked cabinet in an alarmed building.

Data Disposal

College of Sexual and Relationship Therapists (CoSRT) guidance will be used to determine the minimum retention period for Sexual and Relationship Therapy Records (generally 7 years from last entry in the record.)

Hard copy paper records of interactions will be disposed of by shredding.

Computerised records of interactions will be disposed of by deletion.

Access to data and / or request to be “forgotten’’

Any client / patient who wishes to access / amend their data, or have it destroyed before the recommended retention period has elapsed, will need to submit a request in writing to the Data Controller.

The data controller will ensure that it is the subject requesting this information and not a third party. They will respond to the request within a month and there will not be a charge for providing any information.

Where information about subjects is deleted, the data controller will need to keep a suppression list to evidence that they have complied with the request.

Data Breaches

All breaches will be reported immediately to the data controller.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will notify the ICO within 72 hours and inform those individuals without undue delay.

A record of any personal data breaches will be kept confidentially in the same way as any other personal data.

Supervision of Sexual and Relationship Therapy

Case studies

Occasionally we may ask if we can use some information about your case to educate other clinicians / therapists. This information will not include any personal identifiable data and we will specifically ask your permission before using your data in this way.

Testimonials / Feedback

Occasionally we may ask if we can share on our website any feedback about our service you give. This information will not include any personal identifiable data and we will specifically ask your permission before using your data in this way.

​

This statement is kept under regular review.

This statement was last updated on 22nd January 2023.