Privacy Policy

What personal data I collect and why I collect it? 

In accordance with the current data protection laws, this privacy policy states how I use your personal data when you interact with me. As a member of BACP I abide by and conform to their standards and ethical requirements which include the strictest laws of confidentiality.

Data protection law (GDPR) states that individuals have the right to be informed as to how their personal data is held and used. This privacy policy explains the personal information I collect from you as my client, as well as how I store, process and delete it.

As a private practitioner I act as both data Controller (which means that I plan procedures regarding how data is held according to the GDPR regulations), and data Processor (which means that I collect and store data required within my therapy practice).

​As a client, when you agree to start working with me I provide a written working agreement which confirms the cost and length of sessions, my cancellation policy and the ethical framework I work within. You will need to sign this agreement before we commence therapy.

I will also collect personal details from you, which include your full name; date of birth; address; contact number; email address and details for an emergency contact if something were to happen to you on my premises. I also record any relevant mental or physical health issues that may be relevent to the therapy along with details of any medication you are currently taking.

Storage of personal details

I keep short factual notes about our sessions which may include sensitive information that you have disclosed to me. I also keep a record of creative work (photographs and or images) that we have used during therapy. I store all this information with the contract and personal data in password protected electronic files. My paper-based session notes and your images are anonymised and stored in a secured locked unit within my home.

I keep personal data for up to 5 years as it could be useful and relevant for a client returning to therapy. I keep images for 12 months and then shred them.

Supervision

I have regular supervision and my supervisor is the only person I discuss the work with. My Supervisor is bound by the same terms of confidentiality as I am. Clients are identified by first name only. In the event of my becoming incapacitated in some way, a trusted colleague is able to access only the contact details of my clients. The other occasions when data might be shared is when I have your consent to do so, or when I am obliged to break confidentiality for reasons which are discussed in the therapy agreement that I ask you to sign at the beginning of your therapy.

The only exception to confidentiality is when I believe that you or someone else is at risk of serious harm. I would endeavour to discuss this breach with you first so that we could come to an agreement about who needed to be informed. However, if an agreement is not reached and I still believe that you, or someone else is at risk, I will discuss the situation with my supervisor and decide how to proceed. Where a threat of terrorism or drug trafficking is disclosed, I am obliged by law to inform the authorities.

Your rights

In accordance with GDPR, you have the following rights:​

  • To be informed of the information that I store about you and to ask to see the information that I hold about you. I am legally required to respond to any request from a client in writing to see their personal data within 30 days.

  • To ask that I rectify any information that you deem inaccurate, unnecessary, or incomplete (if I need to keep a record to comply with legal requirements then I may decline this request).

I am a registered member of ICO (Information Commissioner’s Office).