Privacy Policy

About the personal information we use:

The personal information we use includes information that identifies you like your name, address, date of birth, postcode, phone number and email address.

We may also need to gather payment card details if you are paying for our services by credit or debit card.

Details about how you access our website such as the IP address, the browser you use and which pages you access.

We also use more sensitive types of personal information in relation to psychological consultations.

Our purposes for using personal information:

We use personal information to enable us to provide private psychological services, expertise and/or mental health care to clients; research; maintaining our accounts and records.

Our legal basis for using personal information:

Creative Time Studio as a data controller, is required to have a legal basis when using personal information. Our legal basis is that the use is necessary for:

  • The provision of mental health assessment, care or treatment or delivery of psychological services and expertise to clients
  • For the establishment, exercise or defense of legal claims or in the case of a court order

We need to collect information about you so that we can:

  • Communicate with you in a personal way. The legal basis for this is a legitimate interest.
  • Deliver services to you. The legal basis for this is the contract with you.
  • Verify your identity so that we can be sure we are dealing with the right person. The legal basis for this is a legitimate interest.
  • Optimise your experience on our website. The legal basis for this is a legitimate interest.

On occasion we may rely on your explicit consent as our legal basis for using your personal information. When we do this, we will explain what it means, and the rights that are available to you.

How we use the information that we collect:

We use the information that we collect in the following ways:

  • To communicate with you so that we can inform you about your appointments with us, we use your name and your contact details such as telephone number, email address, postal address.
  • To create our invoice we use your name/clients name. Date of birth and address may also be used.
  • To process your payment, we may need to use your name and your payment card details
  • To optimise our website so that users can find the information they need.

Who provides the information:

We receive information directly from yourself or from other individuals and organisations involved in the delivery of health and care services, legal services or insurance services. These include information from medical records, private medical or psychological reports, social care records, or case specific information provided to us by instructing parties.

Sharing personal information with others:

Depending on the situation, where necessary we will share appropriate, relevant and proportionate personal information in compliance with the law, with the following:

  • Our clients and their chosen representatives
  • Service providers, legal representatives or insurance organisations
  • Educators
  • People making an enquiry or complaint
  • Police forces
  • Central and local government
  • Auditors and audit bodies

Retention periods for the information we hold:

  • For cases where we are providing therapeutic intervention, we hold information gathered for a period of 5 years.
  • For cases where we are providing assessing for the purpose of compiling medico-legal reports, notes taken during assessment will be deleted upon settlement of the case. We will retain the report for a period of 5 years.
  • Personal information required to maintain accounts e.g. an individual’s name and date of assessment, is kept indefinitely in order to maintain a record of accounts.
  • We keep electronic invoices for 5 years, as this is the necessary length of time to comply with requirements.

How we protect personal information:

We take care to ensure your personal information is only accessible to authorised people. Our staff have a legal and professional duty to keep personal health information secure and confidential. The following security measures are also in place to protect personal information:

  • We store your information on password protected computers and encrypted hard drives.
  • It is company policy that passwords are not shared.
  • We may take handwritten notes when we meet you for assessment and/or treatment. These notes may be used to create assessment or post-treatment reports we provide to either you as an individual, your GP if necessary, or another instructed party, such as a lawyer or insurer. Handwritten or electronic notes are kept in locked filing cabinets or saved on password protected computers that can only be accessed by company employees.
  • We send copies of our invoices to our accountant. These documents are sent electronically and password protected.

The right of access:

You have the right to access your own personal information. This right includes making you aware of what information we hold along with the opportunity to satisfy you that we are using your information fairly and legally. You can make a subject access request. We may require additional verification that you are who you say you are in order to process this request.

You have the right to obtain:

  • Confirmation that your personal information is being held or used by us.
  • Access to your personal information
  • Additional information about how we use your personal information

The right to rectification:

If the personal information we hold about you is inaccurate or incomplete, you have the right to request to have this corrected. If it is agreed that your personal information is inaccurate or incomplete we will aim to amend your records accordingly. Unless there is a risk to patient safety, we can restrict access to your records to ensure that the inaccurate or incomplete information is not used or until amended.

If you are unhappy about how we have responded to your request for rectification, we can provide you with information on how you can complain to the Datatilsynet, or how to take legal action.

What if I want to have my information removed?

If you want to have your data removed, we have to determine if we need to keep the data according to legal requirements. If we decide that we should delete the data, we will do so without undue delay.

Your right to object:

When Creative Time Studio is processing your information for the purpose of a task carried out in the public interest you have the right to object to the processing and also seek that further processing of your personal information is restricted. Provided Creative Time Studio can demonstrate compelling legitimate grounds for processing your personal information, for instance patient safety or for evidence to support legal claims, your right will not be upheld.

The right to complain:

If you are unhappy with the way we use your personal information please let us now using the contact information otherwise on this website.

You also have the right to complain about how we use your personal information to the Datatilsynet. Details about this are on their website at: