GDPR Privacy Notice
As a practising therapist, I take the confidentiality and protection of your personal information seriously. This privacy notice outlines how I collect, store, and process your data in accordance with the General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Act 2018.
Data Controller Status
. . . . . . . .
I am a registered Data Controller with the Information Commissioner’s Office (ICO) and pay an annual fee to them. You can verify my registration at www.ico.org.uk.
What Information I Collect
. . . . . . . .
To support your therapy, I collect and securely store the following:
Your name, contact details (email, phone number), and GP details
An assessment questionnaire to inform clinical formulation and treatment planning
Session notes (first name only) and brief supervision notes
Appointment records
Payment records (if applicable)
How Your Data Is Stored
. . . . . . . .
All assessment forms, session notes, and supervision notes are stored electronically on a password-protected and encrypted computer. These records are organised in separate, secure digital folders to safeguard your confidentiality and ensure data integrity.
Your initials and appointment times may be stored in a secure digital calendar on my phone or computer. These devices are encrypted and password protected to ensure your information remains confidential.
Your contact details may be stored on my smartphone and/or encrypted laptop (both are password protected and kept with me or securely stored).
Any documents or emails are stored on encrypted and password-protected devices.
Online sessions are conducted via Microsoft Teams, which is GDPR-compliant and encrypted end-to-end.
Data Retention
. . . . . . . .
Your records will be held securely for six years after the end of our work together, in line with guidance from professional liability insurers. After this period, they will be confidentially destroyed.
Your Rights Under GDPR
. . . . . . . .
You have the right to:
Access your personal data and request an explanation of how it is used
Request correction or deletion of data (where appropriate)
Request that data processing be limited or stopped
Seek compensation for substantial damage or distress caused by data processing (where applicable)
Requests will be responded to within one calendar month. You also have the right to lodge a complaint with the ICO if you believe your data is being misused.
Confidentiality and Limits
. . . . . . . .
Everything you share with me is treated as confidential, with the following legal and ethical exceptions:
If I believe there is a risk of serious harm to you or others
If I become aware of abuse of children or vulnerable adults
If you disclose involvement in serious criminal activity (e.g. terrorism, drug trafficking, money laundering)
Additionally, I attend regular supervision (a professional requirement by BACP and/or UKCP). In supervision, your identity is anonymised as much as possible.
Online Work and Security
. . . . . . . .
When working online:
Please attend sessions from a confidential, quiet location
Ensure your device and internet connection are working reliably
I will also conduct sessions from a private, secure space using encrypted technology
Audio Recording
. . . . . . . .
For the purposes of my ongoing professional development, supervision, and academic work, I may audio record our sessions. This may include use in case studies, process reports, or other forms of professional or academic publication. All material used will be thoroughly anonymised to protect your identity, and no identifying details will ever be shared. Recordings may also be discussed with my accredited supervisor to support the quality and ethical integrity of the work. All audio files are stored securely on encrypted, password- protected devices and are not shared with anyone outside of supervision or academic processes.
Please indicate your consent below:
Do you agree to sessions being audio recorded for supervision and academic purposes, with full anonymisation?
Please circle: YES / NO
Clinical Will
. . . . . . . .
In the event of my death or incapacity, a trusted colleague named in my clinical will (in consultation with my supervisor) will access your contact details to inform you and ensure responsible closure of our work.
If you have any questions about this privacy notice, please feel free to raise them with me at any time.
