Data Privacy Policy [Version 2 - Last Reviewed: March 2024]

I am committed to protecting the privacy and confidentiality of clients' personal information. This data privacy policy outlines how I collect, use, disclose, and protect your personal data in accordance with applicable data protection laws, including the Data Protection Act (2018), which encompasses the UK General Data Protection Regulation (GDPR).
As part of compliance with the appropriate legislation, I am registered with the Information Commissioner’s Office (ICO).

Contact information (e.g., name, address, phone number, email address).
Emergency contact information (e.g., name and number of emergency contact and your GP).
Demographic information (e.g., age, gender, ethnicity).
Health information (e.g., medical history, mental health concerns, session notes).
Financial information (e.g. BACS transfer records generated when you send payment).
Communications and correspondence between the client and therapist (emails, texts, voicemails, phone call logs).
Audio recordings of sessions for training and research purposes. These will only ever be captured if I obtain your written agreement in advance.
Website cookies. I use Google Analytics cookies to monitor website traffic for analytical purposes (website improvement).

Providing psychotherapeutic services.
Maintaining accurate and up-to-date client records.
Billing and processing payments for services rendered.
Communicating with you about appointments, changes to our services, or other relevant information.
Complying with legal and regulatory requirements.
Breaching confidentiality where necessary for reasons relating to risk or safeguarding. Please see my confidentiality policy for further details.
Supervision of my psychotherapy practice. The information shared in supervision is be limited to your first name and a brief description of your background, why you came to therapy and the nature of our work.

Your personal data information is stored on a password-protected PC that only I have access to.
Basic contact details (phone number, texts) are stored on a PIN-protected work mobile phone that only I have access to.
The information on my PC is automatically backed up to an online data storage provider. The provider used is known as one of the world's leading organisations for data privacy.
The information backed up online is encrypted in both transmission and storage.
All of my digital accounts (e.g. email, cloud provider) have unique complex passwords and all accounts are protected via 2FA where the option is provided by the provider.
I partition your data so that I do not store session notes alongside your contact details, to protect your anonymity in the extremely unlikely event that my security measures are breached.
I do not store physical copies of your personal information.
I regularly review and update my security practices to mitigate risks.

I will retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law or specified for insurance purposes.
My current insurance provider stipulates that I retain a subset of your data for 5 years.
Upon termination of therapy, I will destroy non-necessary information such as your emergency contact details. I will retain a subset of data that is required or permitted by law or required by my insurance provider.

I do not disclose your personal information to third parties without your consent, except in the following circumstances:
Supervision. Please see ‘How I may use your personal information for more details’ in this policy for further details.
To comply with UK law. If a subpoena is issued by a UK court, I will comply with UK legislation and share your data.
Safeguarding and confidentiality breaches. Please see my confidentiality and safeguarding policy for further information.

The right to receive a copy of the personal information I hold on you.
The right to request correction of any inaccurate or incomplete data.
The right to request deletion of your personal data, under certain circumstances.
The right to withdraw your consent to the processing of your data, where applicable.
The right to complain to the ICO if you believe your data protection rights have been violated.

If you have any questions or concerns about this data privacy policy or the handling of your personal information, please discuss this with me.

I reserve the right to update or modify this data privacy policy at any time. Any changes will be effective immediately upon posting the revised policy on our website.
I only expect to change my policy for reasons relating to legislation or insurance.