PRIVACY & DATA PROTECTION NOTICE

 As a Chartered Counselling Psychologist registered with the HCPC and BPS, I take your privacy and data protection seriously. This notice explains how I collect, use, store and protect your personal information in accordance with UK GDPR and the Data (Use & Access) Act 2025.

Personal Information I Hold: 

• Your name and contact details, alongside insurer, GP or psychiatrist details (if relevant)

• Invoices and payment records

• Brief clinical notes, along with any letters or reports

​

Why I Collect it: 

• To provide psychological therapy and fulfil legal, clinical, and professional obligations 

• Legal basis for processing: Article 6(1)(b) (contract) and Article 9(2)(h) (health care) of the UK GDPR  

How it is Stored:

• Your records are securely stored in an encrypted digital vault (Cryptomator + iCloud Drive). Only I can access the data, and only I hold the de-encryption key. Devices are protected by FileVault, strong passwords and multi-factor authentication. No paper files are kept.

Data Sharing:

• Your data is never shared unless: You give written consent (for example, reports to an insurer or referrer); or I am compelled by a lawful summons or court order. Where legally possible, you will be shown the information before it is released.

Retention:

• Records are kept for 7 years after completion of our work together, as suggested by my professional accrediting/registering bodies. After 7 years all records will be securely deleted.

Your Rights: 

• You may request access, correction or (where legally and ethically permissible) deletion of your data at any time.

• Under the DUAA 2025, if you make a request, I will acknowledge it within 30 days and respond without undue delay. If clarification is needed (e.g. for a subject access request), the one-month period pauses until I receive your reply. 

Concerns:

• If you have any concerns about how I handle your information, please let me know. I am registered with the Information Commissioner’s Office (registration number ZA238463). You can also contact the Information Commissioner's Office directly: ico.org.uk

​

This privacy notice is reviewed annually and updated when required by law or professional guidance. 

​

As a Chartered Counselling Psychologist registered with the HCPC and BPS, I take your privacy and data protection seriously. This notice explains how I collect, use, store and protect your personal information in accordance with UK GDPR and the Data (Use & Access) Act 2025.