Introduction

Fiona Gregory Therapy (“I”, “me”) is committed to protecting and respecting your privacy. This Privacy Notice explains how I collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This notice applies to visitors to my website, prospective clients who contact me with enquiries, and current and former clients of Fiona Gregory Therapy.

Data controller

I am the data controller for your personal data. This means I determine how and why your data is processed and am responsible for ensuring it is handled in accordance with data protection law.

Principles of data protection

I comply with the principles of UK GDPR when processing personal data. These require that data is:

• Processed lawfully, fairly, and transparently

• Collected for specified, explicit, and legitimate purposes

• Adequate, relevant, and limited to what is necessary

• Accurate and kept up to date where appropriate

• Kept for no longer than is necessary

• Stored securely with appropriate safeguards

• Processed in accordance with accountability requirements

Types of personal data I collect

Depending on the nature of your contact with me, I may collect and process the following types of personal data:

• Name, address, telephone number, and email address

• Information provided through enquiries made via my website, email, or telephone

• Emergency contact details (if provided)

• GP and/or other healthcare professional details

• Information relating to your mental and physical health

• Clinical notes relating to therapy sessions

• Relevant background information shared during therapy

This list is not exhaustive. I only collect data that is necessary to provide safe and effective therapy and to respond appropriately to enquiries.

How your data is collected

Most personal data is provided directly by you when:

• You visit my website and contact me through a contact form or by email

• You make an enquiry about therapy services

• You attend an assessment or therapy session

• You provide information during the course of therapy

In some cases, I may receive information from other healthcare professionals involved in your care, usually with your knowledge or where appropriate within a therapeutic context.

Enquiries and prospective clients

When you contact me through my website, by email, or by telephone, you may choose to provide personal information, including information relating to your health or wellbeing.

I will use this information only to respond to your enquiry, determine whether I am able to offer appropriate therapeutic services, and carry out any necessary administration connected with your enquiry.

You are not required to provide detailed medical or personal information at the enquiry stage, although some individuals choose to do so.

Lawful basis for processing your data

I process your personal data under the following lawful bases:

• Article 6(1)(b) UK GDPR – processing is necessary for the performance of a contract (your therapy agreement)

• Article 6(1)(c) UK GDPR – processing is necessary to comply with legal obligations

• Article 6(1)(f) UK GDPR – processing is necessary for legitimate interests, including responding to enquiries and administering my practice

• Article 9(2)(h) UK GDPR – processing of special category data is necessary for the provision of health or social care or treatment

Special category data

Therapy involves processing sensitive personal data, including information relating to:

• Health and mental health

• Sexual orientation

• Ethnicity or race (where relevant)

• Religious or philosophical beliefs (where relevant)

• Other sensitive personal circumstances shared in therapy

This data is only processed where necessary for the provision of therapy or the handling of enquiries and is treated with a high level of confidentiality and care.

Why I process your data

Your data may be used to:

• Respond to enquiries about therapy services

• Provide psychotherapy services

• Maintain clinical records

• Ensure safe and appropriate care

• Manage appointments and administration

• Respond to safeguarding concerns where necessary

• Meet legal and professional obligations

Website use, cookies and analytics

My website may use essential technical measures necessary for the operation and security of the website.

If cookies or analytics tools are used, they will be operated in accordance with applicable data protection and privacy laws. Further information will be made available through any cookie notice provided on the website.

Data security

I take appropriate technical and organisational measures to protect your data against loss, misuse, or unauthorised access.

This includes secure password protection, restricted access systems, and appropriate safeguarding of digital and paper records.

Data sharing

Your data is treated as confidential and will only be shared where necessary:

• With your consent

• Where there is a safeguarding concern (risk of harm to yourself or others)

• Where required by law

• With professional supervisors (in anonymised form wherever possible; identifiable information is only shared where necessary for clinical safety or support)

Retention of data

If you make an enquiry but do not proceed to therapy, your enquiry information will generally be retained for up to 12 months before being securely deleted, unless there is a legitimate reason to retain it for longer.

If you become a client, I keep your personal data, including clinical records, for up to 2 years after your therapy ends.

This allows for:

• Continuity of care if you return to therapy

• Response to clinical or follow-up queries

• Professional, ethical, and legal obligations, including safeguarding and complaints handling

After the relevant retention period, your data is securely deleted or destroyed.

Your rights

Under UK GDPR, you have the following rights:

• The right to be informed about how your data is used

• The right of access to your data

• The right to rectification of inaccurate data

• The right to erasure in certain circumstances

• The right to restrict processing

• The right to data portability

• The right to object to processing

Some rights may be limited where data must be retained for legal, safeguarding, or professional reasons.

Consent

Where consent is required for specific processing, you may withdraw it at any time.

However, most processing of therapy-related data is not based on consent, but on contractual, legal, and healthcare-related lawful bases. This means some records may still need to be retained even if consent is withdrawn.

Complaints

If you have concerns about how your personal data has been handled, please contact me in the first instance using the contact details below. I will investigate your concern and respond as soon as reasonably possible.

You also have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane

Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113

Website: https://ico.org.uk

Contact details:

Fiona Gregory

Email: therapistfionagregory@protonmail.com

For privacy-related enquiries or concerns about how your personal data is handled, email is the preferred method of contact.