Dr Frederike Mueller 

​

I am committed to being transparent about how and why I use the information I gather about you or your child. I understand that by choosing to work with me, you place significant trust in my practice. Your privacy and data protection are taken very seriously, and this policy outlines how your information is managed to ensure that your privacy is protected. This policy describes the information collected when you arrange appointments and during our work together, in accordance with the General Data Protection Regulation (GDPR) 2016. 

 

If you have any questions that are not fully addressed in this policy, please feel free to contact me, Dr Frederike Mueller, at frederike.mueller.psychology@outlook.com. If you are not satisfied with my response, you may also reach out to the Information Commissioner’s Office (ICO) at ico.org.uk. 

​

As the data controller, I comply with all laws concerning the protection of personal data, including the Data Protection Act 1998 and GDPR 2016. I will inform you if another party has access to your data, including their purpose and the necessity of sharing that information. For instance, I may need to refer you or your child to another professional, which I would discuss with you beforehand. The only exception is if informing you poses a risk of harm to you, your family, or others. 

​

1. Why Do I Need to Collect Personal Data? 

​

I collect information about you and, if applicable, your child to: 

• Identify and communicate with you personally (legal basis: legitimate interest). 

• Provide tailored services appropriate to you or your child (legal basis: contract). 

• Verify your identity to ensure I am dealing with the correct individual (legal basis: legitimate interest). 

• Contact you when necessary (legal basis: legitimate interest). 

• Refer you or your child to other services if necessary (legal basis: legitimate interest). 

• With your consent, communicate with other services familiar with you or your child, such as your child’s school (legal basis: legitimate interest). 

​

2. What Personal Information Do I Collect and When? 

​

To provide appropriate psychological services, I collect the following information directly from you: 

• First name and surname 

• Date of birth 

• Contact details such as email address and phone number 

• Address 

• GP details 

• If relevant, your child’s school ​

 

This information is necessary to create a tailored plan for our work together, and it enables me to contact relevant professionals if there are safety concerns regarding you or your child. I would only share information without your consent if I believe that informing you could compromise safety. 

​

My website is hosted by Wix.com and uses cookies to gather visitor information, which is analysed through Google Analytics to ensure optimal website performance. This data is not used to identify any individuals. 

​

3. How Do I Use the Information That I Collect? 

​

I use the information collected for the following purposes: 

• To communicate with you about appointments and our work together via email. 

• To create invoices, which include your or your child/young person’s name, address, and date of birth if payment is made through an insurance company. 

• To carry out the tasks listed in Section 1. 

​

4. Where Do I Keep the Information?

 

I store this information securely as follows: 

​

4.1 On My Computer 

• Access is password-protected. 

• The hard drive is encrypted and backed up to an encrypted online drive.

 

4.2 Electronic Tablet 

I take handwritten notes during appointments on an electronic tablet that is GDPR compliant. These notes are for my reference to aid memory, plan sessions, and ensure good treatment. The content may be shared in supervision, but identifying information will not be disclosed. It will not be shared outside of this context or used for other purposes unless there are concerns about risk (see Section 2 and the confidentiality section in my Terms and Conditions). 

​

5. How Long Do I Keep the Information? 

​

In accordance with clinical psychology best practice guidelines, adult records are kept for seven years, and a child’s records are retained for seven years after their 18th birthday, until they reach the age of 25. Client files will be reviewed regularly and deleted accordingly. This includes all forms of notes, correspondence, session summaries, and invoices. 

​

6. Who Do I Send This Information To? 

​

Information sharing is based on a need-to-know principle. I will not share information without your consent, except in situations where I am concerned about safety or risk. If I need to send personal information via email, such as a report, it will be sent encrypted. 

 

7. How Can You Access Information About You or Your Child? 

You can make a Subject Access Request (SAR) by contacting me, Dr Frederike Mueller. I may require additional verification to process your request. I may withhold personal information to the extent permitted by law if I believe that providing the information would not be in your best interests. 

​

8. What If the Information I Hold Is Incorrect? 

​

If you believe any information I hold is incorrect, please contact me directly. 

​

9. How Can You Have Your Information Removed? 

​

If you wish to have your data removed, I will determine whether I need to retain the information for professional obligations. If the information is not necessary for my practice, I will delete it. 

​

10. What Is the Procedure in the Event of a Data Protection Breach?

​

In the event of a data breach, I will inform you promptly and discuss the steps taken to manage the situation. The breach will be logged in my data breach log, and I will investigate how it occurred to prevent future incidents. If necessary, I will inform the ICO. 

 

If you have any further questions, please do not hesitate to contact me. ​​​​​