What is the General Data Protection Regulations, 2018 (GDPR) and how does it affect me?
The GDPR ensure your confidential data is kept private and held securely and is being processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, emails or text messages we exchange.
Jacqui Jomain is the named data controller of this website and email viewing is password protected.
Why do you need to record this information?
Your data is required to form a working agreement between us in order for you to use the services of this website. You can sent an initial email enquiry to email@example.com. on the contact page. During this correspondence the user is required to give certain information, like their name and email address. This information is used to contact you about the services on this site in which you have expressed an interest in.
I also collect and record information so that I am able to deliver quality services to you. I use your name, address, phone number, email to communicate with you during out therapy work together. I will ensure that your contact details / address and Doctor's details will only be used with your explicit consent.
During consultation personal data would include: Your name and your child's name, home address, email address, phone number, email, school address, child's age, gender, ethnicity, Goodman's strengths and difficulties, the referral reason, name and contact details of other professionals involved, and any other informations that may prove helpful.
My regulator body is PTUK and all PTUK play and creative arts therapists are obliged to collect and use client data in order to apply for membership renewal with the Register of Play and Creative Arts Therapists for yearly validation.
This register is accredited and managed by PTUK and is also accredited by the Professional Standards Authority for Health and Social Care (PSA).
The System used by PTUK and registrars to collect and analyse some of the data is called Fortuna, this helps monitor how effective the services are for different types of children and young people, to provide evidence based research. Your child's age, gender, ethnic background, reasons why they have been referred and strengths and difficulties questionnaire measures are stored anonymously so that neither your child or you can be identified.
Should you have any queries regarding this Privacy Notice, about PTUK's processing of your personal data or wish to exercise your rights, you can contact PTUK’s Data Controller using this email address:
If you are not happy with their response, you can contact the Information Commissioner's Office:
I also have some third party services that collect information.
When an individual visits www.jmjomain.co.uk I use Google analytics who are considered a third party service, they let me know how many visitors visit my website, what country they are from, and how long they spend visiting my website. Google analytics only collect non-identifiable data which means I or they cannot identify who is visiting. Google analytics privacy notice can be found here:
34SP is a third-party service that hosts my website. 34SP collects IP addresses of anyone visiting and stores it in my site log for 28 days for security purposes. 34SP security and privacy notice can be found here for further information:
I use third-party providers, Instagram and Twitter. To manage their social media interactions any messages sent to the inbox of social media accounts are stored by Instagram and Twitter and may not be permanently deleted at any one time. Therefore you are strongly advised to not contact me via this method in order to protect your confidentiality.
Their Privacy notice's can be found here:
How do I store the information?
To protect all personal or sensitive information, all hard copy documents are stored in a locked cabinet in a locked room, computer and other electronic devices have user name and password protection, text messaging is secured with a pin code, my email account requires a user name and password, the Fortuna system has password protection, email attachments will be password protected and will be accompanied by a password sent via text message or telephone call. Letters to GP would also have a password. All client session notes are kept to a minimum and anonymised, they are also stored separately from client contact details.
All email communications and text messages will be deleted every January of each year after therapeutic sessions have come to an end.
What are your right with regard to your data?
Under the GDPR you can make a request in writing to me: For a copy of your data, Request corrections to your data when inaccurate; Request the transfer of data to another controller and Withdraw consent for the processing of data.
In accordance with PTUK, clinical records need to be kept for the lifetime of the therapist: Jacqui Jomain, which is for the protection of both client and therapist, after which they will can be destroyed. If a client/parent retracts permission, digital records can be deleted, but I am still required to store paper records. I would also have to record the request for retracting permission / deletion made.
Is what we discuss kept confidential?
Everything we talk about during our sessions is strictly confidential between you and me, but there are some exceptions required by law detailed below under
Confidentiality and supervision:
To ensure I am doing my job effectively and that I have the right support. I may discuss elements of our sessions with my supervisor. During these discussions I do not disclose any details that may identify you and my supervisor also adheres to the GDPR.
Confidentiality outside of sessions and social media:
GDPR law requires me to ensure your confidentiality is protected. Please ensure you do not sharing any content of our therapy sessions on any public networking sites, or use SMS, texting on social networks sites to contact me about your session content, these sites are not secure and your privacy could be compromised. As this will be a professional relationship, I am also not able to accept “follow” and “friend” requests on social media sites at any time, including before, during or after therapy has ended.
Confidentiality and other Health and Social Care Professionals?
As I adhere to GDPR any contact, relating to you, with other health care professionals would only be made with your signed consent. For example: If I were to write to your GP to notify them of your treatment with me, and then notify them of the treatment ending, I would only do this if you were to sign a specific consent form.
In order to safeguard you and the people around you, if you were to disclose that you were going to carry out harm to yourself or someone else, then under my “Duty of Care” I am obligated by law to inform the relevant authorities. This is to support you to live well, and I would always aim to discuss this with you prior to contacting anyone.
If I was issued with a police warrant or court order for your information, by law I would also have to provide them with your information.