Privacy Policy

The GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely, being processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we exchange. 

If you are a parent/ adult your data is kept for 7 years after psychotherapy sessions have finished for insurance purposes. After 7 years your electronic data is permanently deleted and your paper-based data is shredded with a cross-cut shredding machine. 

​

If you are a child your data is kept until the month after your 25th birthday, or your 26th birthday if you are aged 17 when psychotherapy sessions end. At this point your electronic data is permanently deleted and your paper-based data is shredded with a cross-cut shredding machine.  

Everything you talk about during your sessions is strictly confidential. In accordance with the BACP Ethical Framework, All therapists consult a supervisor on a regular basis to ensure their practice is ethical and that they are working in the best interests of their clients. Supervisor's are not not told name or contact details and does not have direct access to written records of your electronic or hard-copy data. The supervisor also adheres to the GDPR.

Client records There is a duty to keep records appropriate to the service provided, and these may be protected by a degree of pseudonymisation, see Glossary and (GPiA 105). Appropriate records are adequate, relevant and limited to what is necessary. The decision about what is appropriate will take into account the ethical and legal requirements for processing (includes making, keeping, using and sharing) records. See Information Commissioner’s Office www.ico.org.uk for the latest information, and (BACP 2018 C2e) 

Pseudonymised information is regarded as personal data, and subject to the data protection law. By contrast, completely anonymised information ceases to be ‘personal data’ with the associated legal requirements and protection when any means of identifying the person concerned has been genuinely and irreversibly removed. The GDPR is very clear: The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person, or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This regulation does not therefore concern the processing of anonymous information, including for statistical or research purposes. (GDPR (26)) Ethical Framework, Good Practice, points 55g, 78, 83a. 

These are: 

• To know the extent and limitations of the confidentiality that they are being offered by the therapist.
• To give explicit consent to the making and keeping of records that contain personally sensitive information – a requirement of the GDPR and the Data Protection Act 2018 that will apply to most records and notes written by therapists,
• To be told the circumstances in which the therapist may wish to breach confidentiality and to have an opportunity to discuss and negotiate this with the therapist at the outset of their work together.
• To have a clear therapeutic contract with terms that they fully understand, accept and support.
• To know who will make, keep and have access to their notes and records, how they will be kept, for how long, and for what purposes they may be retained/destroyed/disclosed. 
• To be informed when the therapist may have to or is about to breach their confidentiality unless there are cogent, defensible reasons why this cannot be the case, for example in cases of terrorism, certain child protection situations (such as where it may be dangerous to a child or others to alert a person about impending disclosure, or may compromise a police investigation) or mental incapacity g. to know how, why and to whom information will be given by the therapist h. to know the importance of and/or see what is being said about the client if they wish to do so. 

Therapists working with children and young people will need to have valid consent to enter into the therapeutic contract. The legal issues surrounding work with children and young people are complex because of the requirement to provide services for children in need and to protect children from abuse. Not all parents have the power to make decisions for their children. The ability of a parent, or anyone else, to make a decision for their child depends on whether they have ‘parental responsibility’, which is the legal basis for making decisions about a child, including consent for medical or therapeutic treatment.