top of page

Privacy Policy

Introduction

Welcome to the privacy policy for JM Clinical Psychology Ltd, trading as Dr Jessica Matcham, a clinical psychology and EMDR therapy service provider registered as a limited company in the UK (Company number: 15815202). This privacy policy explains how I collect, use, and safeguard your personal information when you engage with this service and use this website. We understand the sensitive nature of the information you share with me and I am dedicated to ensuring its confidentiality and security. My practice complies with the General Data Protection Regulation (GDPR) and other relevant data protection laws, reflecting a commitment to protecting your personal data.
This policy outlines the types of personal information I collect, the purposes for which I use it, and the measures I take to protect your information. It also explains your rights regarding your personal data and how you can exercise these rights. Please take the time to read this privacy policy carefully. If you have any questions or concerns about our privacy practices, or if you need any further information, please do not hesitate to get in touch.

Who I am and what service I am providing

My name is Dr Jessica Matcham and I am a Clinical Psychologist registered with the Health and Care Professions Council (HCPC). I provide psychological assessment and therapy online and face to face in a clinic space in Southbourne (The Coastal Practice, 98 Broadway, Southbourne, Bournemouth BH6 4EH). 

Data Protection & Privacy

I am registered with the Information Commissioners Office (ICO), the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. As a member of the public, you can complain to the ICO if you are unhappy with how an organisation has handled your information.  For example, if your information is wrong, lost or has been disclosed to someone else, or if you have not been given access to your personal data.

In addition, I respect and comply with the EU General Data Protection Regulations (GDPR) enacted under the UK Data Protection Act 2018. This document outlines how I comply with these regulations.

How you can consent to me storing your data

In order to gain your consent, I will explain what you are consenting to and ask that you explicitly consent to contact from me. When you provide me with personal information I ask you to explicitly consent to me collecting it and using it for that specific reason only. If I ask for your personal information for a secondary reason, like marketing, I will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

If after you opt-in, you change your mind, you may withdraw your consent for me to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting me at jessicamatcham@proton.me

Why I need your personal data

As a health professional I am required to keep records of the work I do. I only collect and store information which is relevant to our therapeutic work together, and which will enhance your care. I am permitted to collect and keep this information by law.

I routinely audit the effectiveness of the service I offer and for this reason retain information about the outcomes of therapy such as scores on any questionnaires I ask you to complete, or the number of therapy sessions you have. If you do not wish me to include your anonymised data in this way, please let me know.

What information I will store

When you agree to participate in assessment or therapy sessions with me, I will ask you to complete a personal information form. This includes details such as name, age, contact details, next of kin and GP. This is the only document where your full name and contact will appear. In all subsequent documentation your initials and/or a unique number ID will be used.

At assessment and during subsequent sessions you will be sharing information with me about your life experiences, thoughts and feelings. These will be recorded in note form and any reference to you is made by using your initials. These records will also include our shared understanding of your difficulties (a formulation) and our plans for treatment.

I implement appropriate technical and organisational measures, in an effective way in order to meet regulation requirements and protect your rights. I hold and process only the data that’s absolutely necessary for the completion of our duties (data minimisation).

In general, any third-party providers used by me will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to you. I am not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

How I will use your data within my practice

I use the data I hold about you to contact you about appointments and to take notes about what we have covered together. This ensures continuity of care and means I am able to provide you a better service.

How I will store and protect your data within my practice

Although no method of transmission over the Internet or electronic storage is 100% secure, in order to protect your personal information I take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

Your data is stored in the following ways:

  • Electronic storage of client material: All electronic records that contain personal information are individually password protected and stored on a password protected computer, so that they can only be opened and amended by myself.

  • Storage of paper notes: Paper notes taken during sessions will not contain any identifiable personal information. These notes will be stored in a locked filing system which only I have access to and which is stored at my private residence.

  • Questionnaires: We may agree to use questionnaires as outcome measures during treatment. I will ask that you do not add personal information to these documents. These will be stored as password protected documents on a password protected computer, so they can only be accessed by myself.

  • Payment: I issue invoices using Mettel and accept payment by BACs transfer. 

  • Video calls: I use Psychology Today Sessions to conduct our therapy or supervision sessions online. All calls are encrypted. 

  • Emails: All our email contact will be via my publicly advertised email address jessicamatcham@proton.me. This is an encrypted email service provider.

  • Appointment scheduling: Initial appointments will be arranged via the email address you provided me when you first got in contact or via telephone.

I have allocated one other person to act on my behalf should I become incapacitated or deceased and unable to provide access to my electronic records or delete them at the appropriate time.  This is known as a Therapeutic Executor. This person will only access my records should I become incapacitated or deceased.  They are also an HCPC registered professional and are bound by the same professional guidelines as myself, including those of confidentiality.

Who else can see your information

I must treat all your information as confidential.  I can only disclose confidential information if:

  • I have your permission

  • The law allows it

  • It is in your best interests, such as preventing you from seriously harming yourself.

  • It is in the public interest, such as if it is necessary to protect public safety or prevent harm to other people.

This means that I cannot share your information unless there is a specific and valid reason for doing so.  In all the above scenario’s I would endeavour to notify you and discuss this with you first. However, there may be instances where this is not possible or practical to do so.

As a clinical psychologist and therapist I participate in supervision, which involves discussion of clinical cases with another practitioner.  This is to ensure I am continuing to practice to the best of my abilities and in accordance with professional guidelines.  It means that there is somebody who has an awareness of my practice and can raise any concerns if necessary, to me but also with the regulating organisation (HCPC).  During supervision, I will use your first name only to describe clinical involvement and treatment plans in your case.  This information will be verbally exchanged.  My supervisor(s) will not hold any clinical notes containing your personal details and will not be provided with access to the clinical records that I hold about you.  My supervisor(s) are also bound by the same rules of confidentiality and information sharing.  If you object to me using your first name for this purpose then please discuss this with me.

How long your information is stored for

In addition to the ICO rules, I am also bound by the professional guidelines of the Health and Care Professions Council (HCPC) and by The British Psychological Society (BPS).  These guidelines state that I must keep full, clear and accurate records for everyone that I care for, treat, or provide services to.  As these records form part of your medical history and may be required by you, your doctor(s) or health care team in the future I keep all patient electronic records for a full 8 years after your treatment has ended. 

How you can modify the data I hold about you

You have the right to make amendments to the data I hold for you where necessary.  You may withdraw your permission for me to hold your personal data at any time. However this must be done in a written format. 

I routinely share with my clients any letters or reports before they are finalised. There is an opportunity to request amendments at that point.

How you can access data I hold about you

You have a right to request to see the data I hold about you, including how it is being processed, where and for what purpose. Legally I am required to respond within 30 days. Please contact me if you would like to access your data.

In instances where I provide you with access to your data, I will provide it in a ‘commonly used and machine readable format’ free of charge. You have the right to transmit the data you receive to another, provided permission has been authorised in writing from any other party connected with the recording.

How you can retract consent to hold and process your records

I retain your personal information and health record for 8 years and thereafter they are destroyed. This is in line with UK best practice for adult health and social care records (IGA, 2016).  You have a right to retract consent to hold and process your records before that time if you wish. Please let me know if you wish to do so.  

What happens if there is a breach of security

If for any reason, there is a breach in the way your information is stored or shared then I must take immediate corrective action and also inform the ICO of this breach within 72hours.  I would also inform you that a breach has taken place, how that breach occurred, what information was mistakenly disclosed and the steps made to rectify the situation. If you believe I have breached data security in any way, then please notify me immediately via email, jessicamatcham@proton.me

The most frequent type of data breach occurs when an email is sent to somebody else by mistake.  In order to reduce the likelihood of this happening I ensure I check each email address before sending an email or where practical reply to an email that you have already sent.  Generally, I will only use email to correspond about appointment times or to send widely available information sheets that may be useful to you.  It is not usual for sensitive personal information to be contained in any emails.  An exception to this may be prior arrangement to use email to provide additional personal information within letters or reports. Any reports or letters containing personal information will be sent from a secure email address or password protected.

In the unlikely event that I send an email to the wrong email address I will:

  • Email the recipient as soon as possible and ask them to delete the email

  • Refer to ICO within 72hours and follow their guidance

  • Notify the intended recipient of the breach as soon as possible and within 72hours

​

Cookie Policy

This cookie policy explains how I use cookies and similar technologies to recognise you when you visit my website at www.drjessicamatcham.co.uk. It explains what these technologies are and why we use them, as well as your rights to control out use of them. In some case I may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are wildly used by website owners in order to make their websites work, or to work efficiently, as well as to provide reporting information. Cookies set by the website owner (in this case Dr Jessica Matcham) are called "first-party cookies". Cookies set by parties other than the website owner are called "third-party cookies". Third party cookies enable third-party cookie features or functionality to be provided on or through the website (e.g. advertising, interactive content, and analytics). The parties that set these third-party cookies can recognise your computer both when it visits the website in question and also when it visits certain other websites.

Why do I use cookies?

I use first- and third-party cookies for several reasons. Some cookies are required for technical reasons in order for my website to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable me to track and target the interests of users to enhance user experience. Third parties serve cookies through my website for analytics and other purposes. 

How do I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to allow you to use this website. The Cookie Consent Manager can be found in the notification banner and on the website. If you choose to reject cookies, you may still use my website though your access to some functionality and areas of the site may be restricted. You may also set or amend your web browser controls to accept or refuse cookies.

How often will I update this cookie policy?

I may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies I use or for other operational, legal or regulatory reasons. Please therefore revisit this Cookie Policy regularly to stay informed about my use of cookies and related technologies. This policy was last updated in October 2023.

​

Changes to this privacy policy

I reserve the right to modify this privacy policy at any time and changes and clarifications will take effect immediately. If I make material changes to this policy, I will notify you via email that it has been updated, so that you are aware of what information I collect, how I use it, and under what circumstances, if any, I use and/or disclose it.

How you can raise a complaint

Please note that the work being undertaken is in accordance with the law of England and Wales and any disputes will be subject to it. If you are concerned about the care I have provided to you, I encourage you to speak to me immediately. If you feel I have done something harmful or unethical and you do not feel comfortable discussing it with me, please contact the Health & Care Professions Council https://www.hcpc-uk.org/public/what-should-i-do-if-i-am-unhappy-with-an-hcpc-registered-professional/

Complaints relating to the holding of your personal data should also be directed to me in the first instance as the Compliance Officer, via email jessicamatcham@proton.me.  I aim to respond to all complaints within 30 days. To make a complaint directly to the ICO please see https://ico.org.uk/make-a-complaint/.

Questions and contact information

If you would like to: access, correct, amend or delete any personal information I have about you or simply want more information contact me by email: jessicamatcham@proton.me

bottom of page