GDPR information
Please take a minute to read through this statement of legal and ethical requirements of practice regarding data protection and transparency of information storage and usage.
Secure storage
I handle your data in a safe and ethical manner which is in line with EU General Data Protection Regulations (GDPR) May 2018.
Your personal information is stored securely and confidentially, either electronically, using codes with password protection or in paper format which is stored in a safe place, coded for protection. The data collected is used to enable effective communication during our work in a safe and ethical manner and is in line with EU General Data Protection Regulations (GDPR) May 2018.
It may become necessary to share your data with a third party if I feel you, or someone else close to you, is at risk of significant harm. Unless the risk is imminent, this will be discussed with you before appropriate disclosure. I do have a legal obligation to break confidentiality in compliance with a court order, concerns over child protection and information or knowledge regarding fraud, drug trafficking or acts of terrorism.
Your contact details will be held securely for 5 years after our work has ended if you receive printed bills. Without printed bills your personal data can be erased when the therapy process is over. Our session notes will be held securely and confidentially for 5 years after the therapeutic process has ended, at which point they will be deleted or destroyed accordingly.
Data administrator
Your data administrator is:
Anna Hardek
ul. Piwna 19/11
Tel: +48 609 729 082
E-mail: [email protected]
Right to access
You have the right to ask for a copy of your personal information, also the right to ask me to amend or change any incorrect information about you.
Right to erasure
You have the right to ask me to erase any information that I hold about you. This includes your personal information that is no longer relevant to original purposes, or if you wish to withdraw consent. In all cases and when considering such requests, these rights are obligatory unless it is information that I have a legal obligation to retain.
The above is based on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Article 6 1. Processing shall be lawful only if and to the extent that at least one of the following applies:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject; d) processing is necessary in order to protect the vital interests of the data subject or of another natural person; e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Please, contact me if you have any questions concerning your data protection.