Data Protection and Confidentiality
This policy explains how I collect, store, and protect personal data in line with UK General Data Protection Regulation.
Personal Data Collected
In my role as a psychotherapist in private practice, I collect and store the following personal information where appropriate:
- Name
- Email address
- Telephone number
- Postal address
- GP details where relevant
This information is held for the purpose of communication, record keeping, and the safe provision of therapy.
Storage and Security
Personal data is stored electronically within an encrypted file system protected by strong passwords. Encryption software is used to ensure data security, and access is restricted to me alone.
I keep brief factual notes of sessions. These are dated, identified by initials only, and stored securely within the encrypted system.
Data Retention
Session notes and related records are retained for seven years in accordance with professional and insurance requirements, after which they are securely deleted.
Emails are sent and received via ProtonMail. Copies stored locally are kept within the encrypted system.
Your Rights
Under UK GDPR, you have the right to request access to your personal data through a Subject Access Request. Requests will be responded to within one month, in line with legal requirements.
Confidentiality and Data Sharing
The work we do together is confidential. There are limited legal circumstances in which confidentiality may need to be breached, for example if there is a serious risk of harm to you or others. Wherever possible, I would aim to discuss this with you first.
I do not share your personal data with third parties unless required by law or with your explicit consent.