GDPR Privacy Notice

As a practising therapist, I take the confidentiality and protection of your personal information seriously. This privacy notice outlines how I collect, store, and process your data in accordance with the General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Act 2018.

Data Controller Status

.  .  .  .  .  .  .  .

I am registered with the Information Commissioner’s Office (ICO) as a data controller and pay the applicable annual data protection fee. You can verify my registration at www.ico.org.uk.

What Information I Collect

.  .  .  .  .  .  .  .

To support your therapy, I collect and securely store the following:

 Your name, contact details (email, phone number), and GP details

 An assessment questionnaire to inform clinical formulation and treatment planning

 Session notes (first name only) and brief supervision notes

 Appointment records

Payment records (if applicable)

I process your personal information because it is necessary for providing therapy services, maintaining appropriate clinical records, meeting professional and legal obligations, and protecting your wellbeing where safeguarding concerns arise. Health information is processed as special category data because it is necessary for the provision of healthcare-related services and professional practice.

How Your Data Is Stored

. . . . . . . .

 All assessment forms, session notes, and supervision notes are stored electronically on a password-protected and encrypted computer. These records are organised in separate, secure digital folders to safeguard your confidentiality and ensure data integrity.

 Your initials and appointment times may be stored in a secure digital calendar on my phone or computer. These devices are encrypted and password protected to ensure your information remains confidential.

 Your contact details may be stored on my smartphone and/or encrypted laptop (both are password protected and kept with me or securely stored).

 Any documents or emails are stored on encrypted and password-protected devices.

Online sessions are conducted via Microsoft Teams, which uses encryption and security measures designed to protect confidentiality

Data Retention

. . . . . . . .

Your records will be held securely for seven years after the end of our work together, in line with guidance from professional liability insurers. After this period, they will be confidentially destroyed.

Your Rights Under GDPR

. . . . . . . .

You have the right to:

 Access your personal data and request an explanation of how it is used

 Request correction or deletion of data (where appropriate)

 Request that data processing be limited or stopped

 Seek compensation for substantial damage or distress caused by data processing (where applicable)

Requests will be responded to within one calendar month.

If you have concerns about how your personal information is collected, stored, or processed, please raise this with me in the first instance. I will acknowledge your concern and respond within 30 days. If you remain dissatisfied with my response, you have the right to contact the Information Commissioner’s Office (ICO).

Confidentiality and Limits

. . . . . . . .

Everything you share with me is treated as confidential, with the following legal and ethical exceptions:

 If I believe there is a risk of serious harm to you or others

 If I become aware of abuse of children or vulnerable adults

 If you disclose involvement in serious criminal activity (e.g. terrorism, drug trafficking, money laundering)

Additionally, I attend regular supervision (a professional requirement by BACP and/or UKCP). In supervision, your identity is anonymised as much as possible.

Online Work and Security

. . . . . . . .

When working online:

 Please attend sessions from a confidential, quiet location

 Ensure your device and internet connection are working reliably

 I will also conduct sessions from a private, secure space using encrypted technology

Audio Recording

. . . . . . . .

With your explicit consent, sessions may occasionally be audio recorded for supervision, training, or academic purposes. Recordings will only be used for the purpose explained to you, will be fully anonymised where used beyond supervision, securely stored, and permanently deleted when no longer required. This may include use in case studies, process reports, or other forms of professional or academic publication. All material used will be thoroughly anonymised to protect your identity, and no identifying details will ever be shared.

Recordings may also be discussed with my accredited supervisor to support the quality and ethical integrity of the work. All audio files are stored securely on encrypted, password-protected devices and are not shared with anyone outside of supervision or academic processes.

Please indicate your consent below:

Do you agree to sessions being audio recorded for supervision and academic purposes, with full anonymisation?

Please circle: YES / NO

Clinical Will

. . . . . . . .

In the event of my death or incapacity, a trusted colleague named in my clinical will (in consultation with my supervisor) will access your contact details to inform you and ensure responsible closure of our work.

If you have any questions about this privacy notice, please feel free to raise them with me at any time.

‍ ‍

Join me on Instagram

Online psychotherapy for adults seeking a calm, relational approach to emotional wellbeing.
Face-to-face psychotherapy for adults in Broughton Astley, Leicestershire.
In-person counselling sessions available in Kenilworth, Warwickshire.
Private therapy rooms offering face-to-face psychotherapy in Broughton Astley and Kenilworth.
Private counselling practice offering a calm, human approach to therapy.

@aureliedavies_therapy