Privacy & Data Protection Policy

Last Updated: April 2026

I am committed to protecting your privacy and maintaining the security of any personal information you provide. This statement outlines how I ensure your data is handled safely, transparently, and in accordance with current UK legislation, including the UK GDPR and the Data Protection Act 2018.

1. Data Privacy in My Practice

I collect and process your personal data primarily to provide safe and professional therapeutic services.

  • Clinical Notes: I maintain brief, written session notes identified by a unique code rather than your name. These are stored in a locked cabinet or within a GDPR-compliant, encrypted electronic system. These notes are kept for 7 to 10 years (depending on my insurance requirements and professional indemnity guidelines) after our work concludes, after which they are securely destroyed.

  • Contact Information: Your name, address, and contact details are stored separately from your clinical notes.

  • Digital Communication: During our time working together, I may store your first name and phone number on a password-protected/biometrically locked mobile device to facilitate scheduling. I use end-to-end encrypted messaging where possible.

  • Confidentiality: Everything we discuss is confidential. There are three standard legal and professional exceptions:

    1. Supervision: As a member of the BACP, I attend regular supervision. Clients are discussed using first names or pseudonyms only to protect your identity.

    2. Safeguarding: If I believe there is a serious risk of harm to yourself or others, I may need to share information with relevant professionals (e.g., your GP).

    3. Legal Requirement: If I am legally compelled by a court of law to disclose information.

2. Information I Collect via this Website

I collect personal information to fulfill your requests and provide a seamless service. This may include:

  • Contact Details: Name, email, and phone number when submitted via my “Contact” form.

  • Technical Data: IP addresses and browsing behavior (via cookies) to improve website functionality.

Lawful Basis for Processing: I process your data under the basis of Contract (to provide therapy) and Legitimate Interests (to manage my practice). For sensitive “Special Category” health data, I process this under the provision of health or social care.

3. Your Rights

Under current data protection law, you have the following rights regarding your personal data:

  • The Right to Access: You can request a copy of the personal data I hold about you.

  • The Right to Rectification: You can ask me to correct any inaccurate or incomplete information.

  • The Right to Erasure (“Right to be Forgotten”): You can request that I delete your data, provided there is no overriding legal or insurance requirement for me to retain it.

  • The Right to Withdraw Consent: Where you have given consent for communication, you can withdraw it at any time.

4. Keeping Your Information Secure

I take digital security seriously:

  • Website Security: My website uses HTTPS/TLS encryption to ensure data sent via forms is secure.

  • Data Minimisation: I only collect the information absolutely necessary to provide your care.

  • Breach Protocol: In the unlikely event of a data breach, I am committed to notifying you and the Information Commissioner’s Office (ICO) within 72 hours if the breach poses a risk to your rights and freedoms.

5. Cookies

This website uses cookies to enhance your browsing experience.

  • What are cookies? Small text files placed on your device to help the site provide a better user experience (e.g., remembering preferences or providing anonymous tracking data).

  • Analytics: I use tools like Google Analytics 4 (GA4) to understand how visitors interact with the site. This data is aggregated and does not identify you personally.

  • Managing Cookies: You can choose to accept or decline cookies via the pop-up banner when you first visit. You can also clear cookies through your browser settings (Chrome, Safari, Firefox, or Edge).

6. External Web Links

My website may contain links to external sites (e.g., professional directories or mental health resources). I am not responsible for the privacy practices of these external sites. I encourage you to read their individual privacy policies.

7. Zero-Spam Policy

I value your inbox. I will only contact you regarding your appointments, requested services, or essential updates to my practice. I do not sell or share your data with third parties for marketing purposes.

8. Concerns and Contact

If you have any questions about this policy or how your data is handled, please contact me directly.

If you are unhappy with how I have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO), though I would appreciate the opportunity to resolve any concerns with you first.

By engaging with my services or using this website, you acknowledge that you have read and understood this Privacy Policy