Terms and conditions/Policy

  • Contracts direct through CJCBT:

    If you need to cancel a session it is your responsibility to inform me via text or email, please give at least 48 hours’ notice to avoid charges. If given notice with less than 48 hours but more than 24 hours a charge of £10 is applied. If cancellations are made with less than 24 hours’ notice the session will be charged in full. Missed sessions (where you do not cancel or attend) are payable in full.

    Contracts through insurer/organisation:

    If you need to cancel a session it is your responsibility to inform me via text or email, please give at least 48 hours’ notice to avoid disruption. If cancellations are made with less than 24 hours’ notice the session will be charged in full and this may result in therapy being put on hold while further authorisation is considered. Missed sessions (where you do not cancel or attend) are payable in full.

    Two short-notice cancellations will result in discharge from therapy.

  • The number of sessions required will depend on the nature of the problem(s), NICE guidelines and CBT protocol tailored to said problems. “Duration of treatment varies depending on the disorder and its severity but for people with depression it should be in the range of 16 to 20 sessions over 3 to 4 months; for people with GAD, it should usually consist of 12 to 15 weekly sessions (fewer if the person recovers sooner, more if clinically required), each lasting 1 hour” (Nice guidelines for recommended CBT session numbers, 2011). Session numbers may be extended to accommodate additional circumstances such as long term conditions if applicable to the main problem.

  • All discussions and contacts by web-based discussion telephone, text or email are confidential and will not be shared with anyone else without your permission. Unless a risk of harm to self or others, risk of harm from others, if a child is at risk of being harmed, safeguarding concerns or any criminal activity is disclosed. I will be duty bound to contact your GP, local services or family member. I will do so with your knowledge and consent where deemed possible.

  • I am registered as a high intensity cognitive behavioural therapist with the BABCP (British Association for Behavioural & Cognitive Psychotherapies). The BABCP is the regulatory body for Cognitive Behavioural Therapy in the United Kingdom. I am subject to their ethical requirements and standards.

  • Summary:

    To provide you with a service I will need to keep information about you. This document explains why I keep this information, how it is stored, how I keep it safe and what your rights are. I adhere to the latest General Data Protection Regulation (GDPR) laws and the codes of practice set by the British Association for Behavioural and Cognitive Psychotherapies (BABCP).

    I am registered with the Information Commissioners Office (ICO) as a data controller. The Information I collect, process, and keep is personal data (basic contact information, such as name, address, email, contact number and GP contact details). I also keep sensitive data (e.g. notes from our therapy sessions, outcome measures and any letters or reports). If you complete a web-based enquiry form, I will also collect any information you provide me with this way. If you are referred by your health insurance provider or a private organisation, then I will also keep the personal data provided by the provider/organisation.

    This may include (but is not limited to) referral information, health insurance policy number and authorisation for Psychotherapy assessment/treatment. I keep this information as I am required by BABCP to keep information about my clients and our work together. I am not able to work with you unless you allow me to do so. The lawful basis for processing information I have a legitimate interest for processing this information to provide you with mental health treatment.

    Please see the Information Commissioners Office (ICO) if you would like more information www.ico.org.uk.

    How is your data used:

    I use the information you have given me to provide you with a therapy service, as well as for processing payments and in some cases to help prevent serious harm. Anything you share with me will be kept confidential and not shared with anyone else. With the exception, if there is a disclosure of a risk of harm to self, others or safeguarding concern or any criminal activity, I am bound by my duty as a professional to share personal information with the relevant services or authorities. I would be acting to keep yourself and others safe. Therefore, if I do need to act on any information shared, then I will do my best to discuss this with you first. Unless doing so leads to an increased risk.

    If you are referred by a health insurance provider/using health insurance policy or private organisation, the provider/organisation may wish to be provided with treatment updates, often in the form of (but not limited to) a report or letter.

    As a Cognitive Behavioural Therapist, I am required to have clinical supervision. Any content from therapy sessions which is discussed with my supervisor is kept anonymous. Clinical supervision acts to protect both myself and the client that the modality of CBT is appropriate and likewise the client is appropriate for CBT.

    How long I keep Data:

    I will keep client data throughout the time I work with my clients. Personal information such as phone numbers will be deleted within six months of the therapy end date. Sensitive personal data will be stored for a period of two years after the therapy end date. However, the private organisation/insurance provider may hold their own policy on data storage.

    How I store data:

    Data may be stored in a variety of ways, online cloud, laptop, paper file, mobile phone, or email system. I use a cloud service that is GDPR-compliant. Specifically, I use BACPAC and iCloud. “iCloud uses best-in-class security technology, employs strict policies to protect your information and leads the industry by adopting secure, privacy-preserving technology such as end-to-end encryption for your data end-to-end” I copy any paper notes and store them on iCloud. My iPhone/iPad are both encrypted and can only be opened by a password or fingerprint or face ID each time they’re used. Any paper notes are scanned (to upload to iCloud) and shredded. My email system is GDPR compliant and secured with a password.

    Any personal information sent via email will be password protected, with two-factor verification. My laptop/iMac are both password protected and malware and antivirus protection are installed on them, as well as on my iPhone/iPad.

    To enhance/streamline the therapy I use the Bacpac Health web software/app to collect psychometric data, plan sessions and record notes. Bacpac helps to make the process of therapy smooth and enhances the therapeutic relationship. Bacpac is current with modern technology to make therapy more accessible and safe.

    Please see how data is collected and used through Bacpac below:

    A Few Definitions

    “Us” or “Our” or “We” or “Company” refers to Mayden, “You” or “Your” or “Customer” refers to your organisation and its staff. “Staff refers to employees of Mayden. “Software” and “the Service” refers to bacpac. “Your Content” and “Your Data” refers to information owned by You.

    Mayen is committed to protecting and respecting your privacy.

    This policy together with our Terms and Conditions sets out the basis on which any personal data We collect from You, or that you provide to Us will be processed by Us.

    This Policy explains when and why We collect personal information about individuals who visit the bacpac website, how We use it, the conditions under which We may disclose it to others and how We keep it secure.

    We may change this Policy from time to time so please check occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy and our Terms and Conditions.

    Any questions regarding this Policy and our privacy practices should be sent by email to iinfo@mayden.co.uk or by writing to the Data Protection Officer, Mayden, 1 Widcombe Crescent, Bath, BA2 6AH.

    Who are we

    Mayden provides end-to-end managed web applications and bespoke system development to the healthcare sector. We specialise in innovative, flexible and cloud-based software solutions.

    The registered address is 1 Widcombe Crescent, Bath, BA2 6AH. Registered in England with company number 4005808.

    We are registered with the Information Commissioner’s Office as a data controller under registration number Z5351045.

    Lawful Grounds for the Company’s processing activities

    The legal basis for Our use of Your personal data will be because this is necessary in order for Us to supply the Services to You and perform Our contract with You, and for the purposes of our legitimate interests.

    Information you provide

    This Privacy Policy sets out the basis on which any personal information that We collect from You, or that you provide to Us, will be processed by Us. Some of this information will be personal data, which is specifically protected under Data Protection Legislation..

    Where you are a Customer of Us, we will be the Data Controller in respect of certain Personal Data which You may supply to Us or which We collect from You when you access the bacpac website.

    When You subscribe to use the Service You are responsible for the input of Your Content and Your Data which may be collected, stored and processed as a result of Your use of the Software, You will be the Data Controller, and We will be a Data Processor acting on Your instructions.

    Where You are collecting, storing and processing Your Content, You will determine the purposes for which and the manner in which that Personal Data will be processed. You will own all rights, title and interest to all of Your Content and will have sole responsibility for the legality, reliability, integrity, accuracy and quality of Your Content. You will also be responsible for:

    • Ensuring that You are entitled to transfer the relevant personal data to Us, so that We may lawfully process and transfer such personal data on Your behalf.

    • You will ensure that the relevant third parties have been informed of, and have given their consent to such use, processing and transfer as required by all data protection legislation;

    We may send and store data about You to a destination outside the European Economic Area (“EEA”) which may be processed by staff operating outside the EEA who work for Us or for one of our suppliers (third parties). We will ensure that the appropriate due diligence and safeguards are in place with the relevant third parties to protect Your data in accordance with applicable laws.

    When you input Your Content into the Software Your Content is stored in data centres located in England. None of Your Content is transferred outside of England. The data centres are managed by our hosting partner with 24/7 manned security, CCTV, keycard access to the facility and restrictive access to the internals of the building based on authorisation levels.

    Our hosting partners are assessed against the international standards ISO90001 – Quality Management, ISO20000 – IT Service Management, ISO27001 – Information Security Management, ISO27017 – Security Controls for Cloud Services, ISO27018 – Personal Data in the Cloud Security and Cyber Essentials.

    We may hold Your personal information in electronic databases, such as our Case Management System (CMS). We take all reasonable steps to keep any personal information we hold about you secure.

    By accessing and browsing our website, you confirm that you accept and give your consent to the processing of your personal data as described in this Policy.

    You are advised to read this Policy carefully before using our website.

    Conditions for Processing

    Personal Information Mayden collects from you

    There are a number of ways in which you may explicitly and intentionally provide Mayden with consent to the collection of certain personal information.

    We will only collect and process data about you in the following circumstances:

    • When you fill in our ‘contact us’ form to request information about our products and services We will require your name, telephone number and email address.

    • When you contact Us to make requests or report faults. We may keep a record of our correspondence.

    • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data.

    • e may collect information about your computer, including where available, your IP address, operating system and browser type. This is statistical data about our users’ browsing actions and patterns and is collected for system administration purposes and is not personalised to you. This is carried out using Google Analytics.

    The anonymous information generated by Google Analytics cookies about your use of this website is transmitted to Google. This statistical information is processed to compile statistical reports on website activity for this site. This information helps us to optimise our content to better meet the needs of our customers.

    We confirm that We do not provide, sell or otherwise disclose personal information We hold about you to third parties without your express permission or where we are under duty to do so by applicable law.

    The only members of Our team that will have access to Your personal information, are those that need to be directly involved in technical support, maintenance or system administration.

    Mayden will use personal information in the following ways:

    • for internal record keeping

    • for the performance and administration of the Services and Software

    • to provide you with information to improve our Services and Software

    • to notify You about new features, products, special offers or other information which We think You may find interesting

    • to maintain back-ups of our databases

    Disclosure of your information

    You agree that We have the right to share Your personal information as well as Your Content or Your Data with:

    • third party services who assist Us with Our activities, such as hosting providers or payment service providers.

    How long will Mayden store Personal Data

    We will retain Your personal data for as long as it is required in connection with the Services we are supplying to you. We may retain Your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.,

    We will retain Your Content for as long as it is required in connection with the subscription to the Services we are supplying to you, and following termination of the subscription of the Services for a maximum of 90 days from the date the Services end.

    Your choices

    You have a choice about whether or not you wish to receive information from Us. If you do not want to receive direct marketing communications from Us about our products and services, then you can select your choices by ticking the relevant boxes situated on the form on which We collect your information. If you wish to stop receiving marketing communications from Us by email you have the option to unsubscribe at any time.

    We will not contact you for marketing purposes by email, phone or text message unless you have given your prior explicit consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: info@mayden.co.uk or telephone 01249 701100.

    Your rights

    Under Data Protection Legislation, you have the rights as an individual which you can exercise in relation to the information We hold about you.

    You have a right to access and obtain a copy of the personal data that We hold about you and to ask Us to correct your personal data if there are any errors or it is out of date. In some circumstances you may also have a right to ask Us to restrict the processing of your personal data until any errors are corrected. You have the right to object to the processing of your data where the organisation is relying on legitimate interests as the legal ground for processing, and you have the right to have your personal data erased which is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. You can obtain further information about these rights from the Information Commissioner’s Office at: www.ico.org.uk or via their telephone helpline (0303 123 1113).

    If you would like to exercise any of these rights you can do this by sending an email message to info@mayden.co.uk or by writing to Us at 1 Widcombe Crescent, Bath, BA2 6AH.

    You have the right to lodge a complaint if you believe that We have not complied with your data protection rights. You can complain to the Information Commissioner’s office through their website www.ico.org.uk or via their telephone helpline.

    How you can access and update your personal information

    The accuracy of your information is important to Us. Mayden complies with all applicable regulation when giving people access to their personal information. You can find out if We hold any personal information by making a ‘subject access request’ under Data Protection Legislation. If We do hold information about you, We will;

    • give you a description of it;

    • tell you why we are holding it;

    • tell you who it could be disclosed to; and

    • let you have a copy of the information in an intelligible form.

    If you would like to access any of the information We hold about you or have any concerns regarding the way We have processed your information then please email info@mayden.co.uk.

    If We do hold information about you, you can ask Us to correct any mistakes by, once again, contacting Us on the email above.

    Security

    We are committed to ensuring that your information is secure. We have a number of security measures in place to protect against the loss, misuse and alteration of any personal information We receive from you via this website.

    We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy. For example, our website uses an encrypted connection to make it difficult for unauthorised people to view information travelling between our server and your device.

    Unfortunately, the transmission of information via the internet can never be guaranteed to be 100% secure. As a result, while We strive to protect your personal information, We cannot guarantee the security of any information you transmit to Us, and you do so at your own risk. Once We receive information, We make our best effort to ensure its security on our systems. Once We have received your information, We will use strict internal procedures and security measures to try to prevent unauthorised access.

    We have ISO27001:2013 and our Information security policies and procedures are subject to regular external assessments by a UKAS accredited certification company.

    How do we use cookies?

    The Mayden website uses ‘cookies’ to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.

    One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalise Mayden pages, or register with the Mayden site or services, a cookie helps us to recall your specific information on subsequent visits. This helps Us to improve our website and deliver a better more personalised service.

    You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer

    The below list details the cookies used in our website.

    COOKIEDESCRIPTIONNECESSARYviewed_cookie_policyThe GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.CookieLawInfoConsentCookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.PHPSESSIDThis cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed._GRECAPTCHAGoogle Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.OTHERS_hjIncludedInSessionSample_1553Description is currently not available.VISITOR_PRIVACY_METADATADescription is currently not available.ADVERTISEMENTYSCYoutube sets this cookie to track the views of embedded videos on Youtube pages.VISITOR_INFO1_LIVEYouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.yt-remote-device-idYouTube sets this cookie to store the user's video preferences using embedded YouTube videos.yt.innertube::requestsYouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.yt.innertube::nextIdYouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.yt-remote-connected-devicesYouTube sets this cookie to store the user's video preferences using embedded YouTube videos.ANALYTICS_gaGoogle Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors._gidGoogle Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously._hjSessionUser_*Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site._hjFirstSeenHotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user._hjSession_*Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.CONSENTYouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.FUNCTIONAL_hjAbsoluteSessionInProgressHotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie.PERFORMANCE_gatGoogle Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

    Links to other websites

    Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website, so We encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

    In addition, if you linked to our website from a third-party site, We cannot be responsible for the privacy policies of the owners and operators of the third-party site and recommend that you check the policy of that third-party site.

    Amendments

    We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy.

    https://bac-pac.co.uk/security/

    Your data protection rights:

    You have the right to request a copy of the information that I keep about you and to receive this within a month of the request. There will be no fee payable for this information. You have the right to have your personal information corrected if you believe it to be inaccurate. You also have the right to have your data deleted and you can access how in the link below.

    https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted

    You can complain to a regulator if you think I have not complied with data protection laws, you can make this to ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

  • I do not offer crisis services so if you’re experiencing a mental health crisis, it is important you have somewhere to turn, For the UK, please contact the Samaritans for free on 116 123. Alternatively, you can contact the NHS on 111 and press option 2 for Crisis. For Europe:112. USA: Hopeline 1-800-273-TALK (8255). Canada: Mental Health Mobile Crisis 902-429-8167. Australia: Lifeline 131114.