Privacy Policy

This Privacy Policy was last updated on 1st September 2024.

This Privacy Policy is designed to ensure that the rights to privacy of individuals are protected.

Doctor-jo, Doctor-jo.com are trading names of Doctor-jo.com Limited (“Doctor-jo.com”, “we”, “us” or “our”).‎

The registered company address for Doctor-jo.com is 6a St Andrews Court, Wellington Street, Thame, OX9 3WT. We are registered in England. Our Company Registration number is: 15741274 .‎

www.Doctor-jo.com.co.uk is a website, owned and ‎operated by us (each a “Site” and together the “Sites”).

Doctor-jo.com is committed to the principles set out in the General Data Protection Regulation 2016/679 (“GDPR”), as implemented in the Data Protection Act 2018, and UK GDPR and aim to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected.

This Privacy Policy describes how Doctor-jo.com manage your information when you use our services and / or our Site(s), if you contact us or when we contact you.

It also provides extra details to accompany specific statements about privacy that you may see when you use our websites (such as cookies). In respect of cookies the policy includes information about the types of cookies used and how you may disable these cookies.

Doctor-jo.com is the data controller in relation to personal data that you disclose to us. If another party has access to your data we will tell you if they are acting as a data controller or a data processer, who they are, what they are doing with your data and why we need to provide them with the information. We will also tell you if the data is held outside of UK or EU.

“data controller”, “data processor” and “personal data” have the meanings given to them in the UK GDPR. Personal data broadly means any information about you that enables you to be identified. Personal data covers ‎obvious information such as your name and contact details, but it also covers less ‎obvious information such as identification numbers, electronic location data, and other ‎online identifiers.‎

If we collect health-related data this is considered ‘sensitive’ and is subject to specific processing conditions (see section 2.3.1).

If you have any questions regarding this Privacy Policy, you can contact our Data Protection Officer, David Mathews (see section 15 for contact information).
‎
If you are not satisfied with the answers from the Data Protection Officer, you can contact the Information Commissioner’s Office (ICO) via https://ico.org.uk, Email: casework@ico.org.uk, Telephone: 0303 1231113‎. Doctor-jo.com ICO certification number is  ZB675989  .

1.Why do Doctor-jo.com need to collect your personal data?

We need to collect information (lawful basis is consent) about you so that we can:

• Know who you are so that we can communicate with you in a personal way. The lawful basis for this is a consent.
• Deliver goods and services to you. The lawful basis for this is consent.
• Process your payment for the goods and services. The lawful basis for this is the      contract with you.
• Verify your identity so that we can be sure we are dealing with the right person. The legal basis for this is consent.
• Optimise your experience on our website. The legal basis for this is a legitimate      interest.
• Provide  you with useful and relevant Sites. The legal basis for this is a  legitimate interest.
• Provide  you with useful and relevant marketing material. The legal basis for this      is consent (we will request specific consent and you may rescind this at      any time).

2. What personal information do Doctor-jo.com collect and why do we collect it?

2.1 When you access our websites

Our website Doctor-jo.com use cookies to gather information about visitors in order to monitor the quantity of website traffic. Doctor-jo.com do not identify you or any other individuals from this information.

2.2 When you make an enquiry through Doctor-jo.com

If you contact Doctor-jo.com through our website we will ask your permission to store the following information to ensure that the site works correctly:

• Your name
• Your email address
• Your telephone number

2.3 When you commission Doctor-jo.com to provide services:

Should you choose to engage us to provide Psychology Services, we need to collect information through our pre-assessment forms so that we can provide the best possible service to you:

• You and your child’s names, contact details and your child’s date of birth
• Your health insurance details (where applicable)
• Details of the issue that led you to commission our services
• Information on your child’s developmental history and relevant family history
• We will not contact your GP or child’s school without explicit permission

2.3.1 Sensitive Data:  The information above is considered to be “sensitive data” in UK GDPR law.   The lawful basis for processing this data is “If the party concerned has given his or her explicit consent”.

2.4. When you sign up for updates on doctor-jo.com, or sign up to membership with Doctor-Jo.com

We will ask you for:

• Your  name
• Your  email address

Payments made on the Site are made through or payment solutions provider, Stripe ‎Inc. (“Stripe”) at www.stripe.com. You will provide your credit/debit card information directly to ‎Stripe, who will process payment details and authorising payment using a secure server and ‎encryption. Doctor-jo.com will not have access to your card information. Information that you provide to Stripe is subject to Stripe’s own privacy policy and ‎terms and conditions (available at https://stripe.com/gb/privacy), and is not within our control and we have no liability for these.
‎
We will not send you any marketing communications without your express consent and this may be rescinded at any time.

3. How do Doctor-jo.com use the information that we collect?

Doctor-jo.com use the data we collect from you in the following ways:

• Operate and improve our Sites, services and goods
• Send you advertising or promotional materials (if you have consented to this on      www.doctor-jo.com)
• Provide and deliver goods or other services you request, process transactions, and      send you related information
• Respond to your comments, questions, and requests and provide you with requested      customer support
• To create your invoice.
• Comply  with legislation regulations and auditors

4.  Where and why do we keep the information?

Doctor-jo.com keep information in the ways, as described below. This is to ensure a high quality service for our clients.  Please note that we do not transfer or store any personal data outside the EU.

4.1 Clients who are actively engaged in services with Doctor-Jo may have:

1. A paper based notes folder as these items are referred to in subsequent appointments. These are kept in a locked filing cabinet. The information is uploaded to our electronic notekeeping system, Writeupp, and cross-shredded within 12 months of completion.
2. Doctor-Jo use an encrypted package, Writeupp which is designed as a specialist system for confidential notes and holding full GDPR compliance. Writeupp are classified as an additional data processor. 

4.2 In our accounts package so that we can invoice for services and keep track of payments: We use a cloud based accounts package known as FreeAgent, which stores the information in the UK. Our accountancy firm is called Fizz Accounting who are classified as an additional data processor and who have access to the online book-keeping accounts for accounting purposes. They keep no physical storage of personal data records and there are contractual arrangements with these parties to retain data in accordance with UK GDPR.

4.3 Our Doctor-Jo membership stores registration information to allow access to the parent clubs and courses.  This service is provided in conjunction with Kajabi, LLC, a California limited liability company t/a Kajabi (“Kajabi”). Kajabi will require you to register your information which will be subject to Kajabi’s own privacy policy (available at https://kajabi.com/policies/privacy). Doctor-Jo are not liable for Kajabi LLC or their compliance with their privacy policy. Clients sign up at their own risk.

5.   How long do we keep the information?

5.1 If having made an enquiry you subsequently decide that you to do not wish to proceed with Doctor-jo.com services, your information will be kept for a maximum of one year before being safely destroyed in accordance with our policies and UK GDPR. This is to ensure we provide the best possible service should things change and you contact us again.

5.2 If you do commission services through Doctor-jo.com we store information for children and young people in line with Department of Health recommendations: Retain until the patient’s 25th birthday, or 8 years after the last treatment date or death.

An annual check is made and clients data removed as appropriate. http://www.bma.org.uk/ethics/health_records/retentionrecords.jsp

5.3 Financial records: The default standard retention period for HMRC records is 6 years plus current, otherwise known as 6 years + 1. This is defined as 6 years after the last entry in a record followed by first review or destruction to be carried out in the additional current (+ 1) accounting year.

Records will only be retained beyond the default HMRC retention period if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value. The disposal periods for records retained for extended duration must be included within line of business retention schedules.

6.   Who do Doctor-jo.com send the information to?

We will only send information necessary to achieve business purposes and as agreed with clients. We send invoices and reports to health insurance companies and other professionals as required professionally.
As previously stated, cloud storage providers will have information shared with them in compliance with GDPR. Information is shared to the degree necessary for accounting and tax purposes. Doctor-jo.com never permanently stores any personal information in cookies that can be used to identify you, such as your name or account numbers. The exceptions to the above rule would be:

• Risk of harm: if we perceived that the child, or someone else, was at risk of      harm. If we needed to breach confidentiality for any reason (and this is      very rare) we would always discuss this with you first unless in an      emergency situation e.g. we felt the child to be in immediate danger.
• To comply with applicable laws; respond to governmental enquiries (or enquiries from a legal, governmental or quasi-governmental or local      authority agency); comply with a valid legal process or procedure; or protect our rights or property; To comply with legislation regulations and auditors

7.  Informed consent and sharing information from therapeutic sessions
All children and young people, whatever their age or status, have a right to express their views freely and be involved in any decision-making that affects their lives. Therefore, we will gain their informed consent if ever engaging with a young person directly. Any direction or guidance provided by parents or other caregivers must be ‘in accordance with the child’s evolving capabilities’ and support the ‘exercise by the child of his or her rights’. The onus is then on the adults to provide appropriate support to enable the child or young person to express their views and contribute to decision-making. Our team will discuss and agree how information is shared with parents with an awareness that young people who are ‘Gillick competent’ can consent to information not being shared with parents.

The exceptions to the above rule would be:

• Risk  of harm if we perceived that the child, or someone else, was at risk of      harm. If we needed to breach confidentiality for any reason (and this is      very rare) we would always discuss this with you first unless in an      emergency situation e.g. we felt the child to be in immediate danger
• To  comply with applicable laws; respond to governmental enquiries (or      enquiries from a legal, governmental or quasi-governmental or local      authority agency); comply with a valid legal process or procedure; or      protect our rights or property; to comply with legislation regulations and      auditors

Occasionally, a disagreement over consent may arise between parent/carer and child or young person and/or between parents/carers. The psychologist would make every effort to resolve the difference of views, perhaps seeking, with agreement, involvement of an appropriate family member and/or a colleague, although as discussed above, a young person who is ‘Gillick competent’ can legitimately request that family members (including parents) are not involved or informed of any involvement. If the disagreement is not resolved, the psychologist will draw on their professional experience to act in the best interest of the child or young person seeking consultation and support through appropriate channels, including safeguarding and legal departments, and consultation with appropriate colleagues including other professionals.

8.  How can I see all the information you have about me?

You can make a subject access request to us. This should be via email (see section 15 for address).  We may require further additional verification that you are who you say you are to process this request. We may withhold personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.

9.  What if my information is incorrect or I wish to be removed from your system?

Please contact us (see section 15). We may require additional verification that you are who you say you are to process this request. If you want to have your data removed we will have to determine whether we need to keep the data, for example to comply with professional bodies or HMRC. If we decide that we should delete the data, we will do so without undue delay.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

10.  Will I send emails and text messages to you?

As part of providing a service to you we may communicate via email, keeping the information in the body of the text to a minimum. Any reports with personally identifying or sensitive information that I send to you will be password protected. All emails are deleted as soon as practically possible.

We will not send you any marketing communications without your express ‎consent.‎

11.  How do I opt out of receiving emails and/or text messages?

If you do not wish to receive information through these means, please contact us. (see Section 15).

12.  What happens in the event of a data breach?

The data protection Officer is responsible for responding to personal data breaches. He or she notifies the ICO as necessary and also data subjects where the risk to them is high. Breaches which carry any risk to data subjects must be reported to the ICO within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. All personal data breaches, however minor, and whether reportable or not are recorded.

13.  Changes to this Privacy Policy

13.1 We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

13.2 Any changes will be immediately posted on our Sites and you will be deemed to have accepted the terms of the Privacy Policy on your first use of either Site following the alterations, or if we have made you aware of the changes via email or text. We recommend that you check this page regularly to keep up-to-date.

14.  Summary of your rights
Under the GDPR, you have the following rights, which we will always work to uphold:

1. The  right to be informed about our collection and use of your personal data.      This Privacy Policy should tell you everything you need to know, but you      can always contact us to find out more or to ask any questions using the      contact details given at the start of this Privacy Policy.
2. The right to access the personal data we hold about you. Clause 8 will tell      you how to do this.
3. The right to have your personal data rectified if any of your personal data      held by us is inaccurate or incomplete. Clause 9 will tell you how to do      this
4. The right to be forgotten, i.e. the right to ask us to delete or otherwise      dispose of any of your personal data that we hold. Clause 9 will tell you      how to do this.
5. The right to restrict (i.e. prevent) the processing of your personal data.
6. The right to object to us using your personal data for a particular purpose or      purposes.
7. The right to withdraw consent. This means that, if we are relying on your      consent as the legal basis for using your personal data, you are free to      withdraw that consent at any time.
8. The  right to data portability. This means that, if you have provided personal      data to us directly, we are using it with your consent, it is in our      legitimate interest or for the performance of a contract, and that data is      processed using automated means, you can ask us for a copy of that      personal data to re-use with another service or business.
9. Rights relating to automated decision-making and profiling – we do not use your      personal data in this way.

15.  How to contact us:

Our email address is contactus@Doctor-jo.com