Privacy Policy

At Wise Oak, we understand how important your privacy is. We take care to maintain your confidentiality in accordance with current data protection laws and ethical guidelines from the British Psychological Society (BPS).

However, it is a professional requirement that attendance records and brief written notes of contact with you are made. These are kept to a minimum and are maintained in accordance with the EU’s General Data Protection Regulations (GDPR, 2018).

Wise Oak Psychology aims to be as clear as possible about how and why information about you is used so that you can be confident that your privacy is protected. This policy describes the information that Wise Oak Psychology collects when you use the service.

1. Why do we need to collect your personal data?

Wise Oak Psychology needs to collect information about you so that we can know who you are and communicate with you in a personal way. We need to have your personal data in order to deliver services to you, process your payment for services, verify your identity to ensure we are dealing with the right person, contact you in case there is a problem, and provide you with useful information about the services provided. The legal basis for this is a legitimate interest.

2. What personal information do we collect and when do we collect it?

For Wise Oak Psychology to provide you with services, we need to collect the following information:

  • Your name
  • Your contact details including a postal address, telephone number(s) and electronic contact such as email address.
  • Your payment card/bank/insurance details
  • Your GP details
  • Diagnostic instrument data

Wise Oak Psychology collects this information directly from you. With your permission, we may also collect information about you from third parties; such as another health professional (such as your GP) to provide a complete assessment.

3. Where do we keep the information & for how long?

Wise Oak Psychology will keep your information in an encrypted, password, and 2FA protected platform (Kiku), which safely processes and stores your client data. Session notes are anonymised and password protected. Kiku is fully GDPR compliant, and secured with RSA 256 bit SSL encryption. You can also view Kiku’s privacy policy here (link https://www.wearekiku.com/privacy-notices)

We do not hold your payment information or keep a record of any of your card details once payment is made. We keep your electronic invoices for seven years as this is the required length to comply with the HMRC requirements. After seven years we delete the invoices using the Sage delete function. Wise Oak Psychology will keep your therapy notes and reports for 10 years as this is the legal requirement for clinical data.

4. How can I see all the information you have about me?

You can ask for a subject access request (SAR) form via email. Wise Oak Psychology may require additional verification that you are who you say you are to process this request.

We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.

5. What if my information is incorrect or I wish for it to be removed from your system?

Please contact us via email. Wise Oak Psychology may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems, we will send you a copy of the updated information in the same format at the subject access request in section 4.

If you want to have your data removed, Wise Oak Psychology have to determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.

6. Will we send emails and text messages to you?

As part of providing our service to you, Wise Oak Psychology will send mid-therapy and end-of-therapy letters to you and your GP/referrer via email. The report will be encrypted, and password protected. Also, as part of this service, we will need to send details of your appointments to you. To protect your information, we prefer to use an end-to end encrypted messaging service. With your permission, we may send you texts to remind you of your appointments through the Kiku system.