Privacy Notice


This statement explains how I use and protect information about you.

I comply with all legislation and guidelines relating to the privacy and confidentially of my psychotherapy clients. This includes the EU General Data Protection Regulation and the associated UK legislation, the Data Protection Act 2018.

I only collect and use the information needed to provide my services and I always try to use the least amount of information necessary to provide those services.

I don't give your information to other people or organisations unless you have said I can do so, except in some very limited circumstances (such as where I am legally required to provide access, for example to the police.)

This site is powered by Wix. Their privacy policy can be found here. The Wix cookie policy is at Point 9 of their privacy policy.

I do not perform any direct marketing activities.

How I use information about people who use my website

My website collects some information about website users. This is done automatically in order to help analyse how the site is used by visitors. This process does not allow me to directly identify an individual person who uses my website.

How I use information about people who use my services

I ask people to submit personal information to me when they contact me through my website or other methods. This includes names and contact details, such as email addresses and phone numbers.

If you become my client, during the psychotherapy I give to you it is likely that you will tell me things that are very sensitive, simply because of the topics we will likely discuss. Because I am a psychotherapist I am under a professional obligation to keep confidential the things you tell me. This means I can’t tell anyone else what you tell me unless there is a legal reason to do so (see below). As well as my professional obligation of confidentiality, data protection law puts limits on what I can do with your information.

Under data protection law I must have a good reason to use your personal information. In addition, I am prohibited from using any of the extremely sensitive information you tell me unless one or more specific legal exceptions apply.

I only use the information you give me for the purpose of providing you with psychotherapy services. However, in providing those services I might have to use your information in a few ways, which I have described below. Under each reason, I have given you what is called the ‘lawful basis’ of the processing. This is the part of the law that allows me to use the information for the purposes I have described.

Purpose one: to provide to you core psychotherapy services (initial contact, fee negotiation, client-psychotherapist discussions, analysis, and comments etc.)

Lawful basis for using information about you:

Entering into, negotiating, and fulfilling a contract (Article 6(1)(b) of the General Data Protection Regulation.)

Lawful basis for using very sensitive information about you:

The delivery of healthcare services (Article 9(2)(h) and 9(3) of the General Data Protection Regulation and Schedule 1, Part 1, Paragraphs 2(1) and 2(2)(d) of the Data Protection Act 2018).

Purpose two: if necessary, where there is a legal obligation for me to do so, I will provide relevant information about you to other organisations (for example, if you tell me something that makes me think there is a high risk to a child, I would have to tell authorities like social services or the police).

Lawful basis for using information about you:

Fulfilling a contract (Article 6(1)(b) of the General Data Protection Regulation).

Lawful basis for using very sensitive information about you:

The public interest (Article 9(2)(g) and Schedule 1, Part 2, Paragraphs 6 (statutory requirement), 10 (preventing or detecting unlawful acts), 12 (regulatory requirements relating to unlawful acts and dishonesty etc.), 15 (suspicion of terrorist financing), and 18 (safeguarding children and individuals at risk) of the Data Protection Act 2018).

Purpose three: if necessary, I will provide relevant information to other people in order to defend myself if you raise a complaint against me or bring legal proceedings against me (for example, if you took me to court I might have to use some of the information about you to defend myself).   

Lawful basis for using information about you:

Fulfilling a contract (Article 6(1)(b) of the General Data Protection Regulation.)

Lawful basis for using very sensitive information about you:

The establishment, exercise, or defence of a legal claim (Article 9(2)(f) of the General Data Protection Regulation; Schedule 1, Part 3, Paragraph 33 and Schedule 8, Paragraph 6 of the Data Protection Act 2018).

Giving third parties access to your information

Sometimes I might have to give third parties access to some of your information. I will only do this where you have agreed that I may do so or for the narrow set of reasons given above.

If I give access to third parties with your agreement, I will tell you beforehand the identity of the recipient, the nature of the information, and the purpose of granting the access.

Your rights under data protection law

You have specific rights regarding your information and what I can do with it.

Should you wish to discuss exercising any of these rights, please contact me at or by telephone on 01234 781603 or 07989 409076.

There is no charge for exercising these rights so you may contact me freely to ask me to exercise them.

Under purpose one, you have the right to access your information, rectify the information I hold about you, to restrict the use I make of the information I hold about you, to erase the information I hold about you, and for me to provide you or someone else with your information in an a structured, commonly used and machine-readable format.

Under purposes two and three, you have the right of access, rectification, and restriction.

Not all of these rights may be applicable in every specific situation.

I have one month to respond to you once you have contacted me, or two months if it is a very complicated request (but I have to tell you that within the first month). Should I fail to respond to a rights request, you can complain to the Information Commissioner’s Office.

Keeping information

I do not keep your personal information indefinitely. I will keep your information only for as long as I need to in order to give you the services you request and to meet with my insurance requirements.

The period for which I will hold your information is seven years. I hold the information securely (see the next section for more information). When the period of time ends, your data will be erased or physically destroyed in a secure way.

This period of time is based on advice and guidance provided by Balens Insurance. This advice can be found at page 18 in Balens Advice and Information Guide.

How I keep your information safe and secure

I use industry standard internet security measures, including encryption.

All the information I hold - for example on my laptop – is kept with strong digital and physical security safeguards, including full drive encryption and access control restrictions (the physical places in which I store the electronics which hold your information are secure). Your personal information is only ever taken off my business premises on encrypted USB drives.

Any information about you that is held on paper, rather than digitally, is kept in locked containers in private and secure areas.


My content management system and website building tool

As noted at the beginning of this privacy statement, my website is powered by Wix: my content management system is provided by Wix and my website is built using Wix tools. As a consequence, Wix processes some information from my website (such as information about how the website is used and personal information provided through the contact form).

To understand more about how Wix approach the issue of your information (as an 'end user') please see the Wix Privacy Statement

Wix is based in the USA and complies with the relevant EU-USA data protection agreement known as Privacy Shield. The Wix statement on their compliance with Privacy Shield can be found at Point 5.2 of their Privacy Statement. I am satisfied that they comply with the relevant data protection rules.

Links on my website

My website may occasionally contain links to third-party websites. I have no control of the content of such websites and cannot vouch for them in terms of the protection of your privacy. If you use these websites, you do so at your own risk.