Privacy Notice

I am committed to protecting and respecting the privacy of my patients and clients. I comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

This Privacy Notice explains how and why I collect personal information, how I use and protect it, and your rights in relation to your data.

I review this notice regularly and may update it from time to time to ensure it accurately reflects my data-processing practices. Where changes materially affect how your data is used, I will notify you.

What information do I collect?

When you use this website

Cookies
This website is hosted by Squarespace, which uses cookies to support functionality and performance. For further information, please refer to Squarespace’s cookie policy:
https://www.squarespace.com/cookie-policy

When you make enquiries

If you contact me by email or telephone, I will collect:

  • Your name

  • Information relevant to your enquiry

  • Contact details (and, where appropriate, alternative contact methods)

I use this information solely to respond to your enquiry.

Email
Personal data may be stored within email correspondence.

Telephone
I store personal data on my mobile telephone in the form of text messages and automated call logs. I do not audio-record calls and I do not retain voicemail messages.

At our initial meetings

If you meet me for a clinical assessment, I will explain my psychotherapeutic approach and terms of service before agreeing to work with you.

This discussion may include:

  • Working practices and session structure

  • Session length and fees

  • Electronic billing and payment

  • Holidays and missed sessions

  • A potential therapy start date

  • The personal data required to provide therapy safely and appropriately

It may take between one and seven assessment sessions to establish whether we can work together, with your wellbeing and therapeutic needs as the central consideration.

I may also need to collect and discuss special category data, such as:

  • Details of your GP or other healthcare professionals

  • Medication and relevant medical information

  • Third-party reports (e.g. psychiatric, social-worker, or key-worker assessments), where applicable

If we agree to work together, I do not routinely contact other healthcare professionals. However, in certain circumstances, coordinated care may be beneficial. I would normally discuss this with you in advance.

If we mutually agree to proceed, this agreement constitutes a verbal contract. Without the necessary personal and special category data, I am unable to fulfil my contractual and professional obligations.

Lawful basis for processing your data

Under the UK GDPR, I am required to inform you of the lawful bases on which I rely when processing your data.

Personal data (Article 6)

I rely on the following lawful bases:

  • Contract – processing is necessary to provide psychotherapy or supervision

  • Legal obligation – where I am legally required to retain or disclose information (e.g. HMRC requirements)

  • Legitimate interests – such as responding to enquiries or maintaining professional records, where your rights are not overridden

Special category data (Article 9)

For health-related data, I rely on:

  • Provision of health or social care (Article 9(2)(h))

  • Explicit consent (Article 9(2)(a)), where required (e.g. sharing information with another professional)

Please contact me if you would like further clarification.

During therapy

I adhere to a professional code of ethics that includes strict confidentiality. Therapy often involves discussing highly personal and sensitive matters. If you have any questions about confidentiality or its limits, please raise them with me.

Correspondence

Where applicable, I retain correspondence between you and me as part of your professional record.

Referrals

If you are referred to me

If another person or professional refers you, they may provide personal (and sometimes sensitive) information about you, with or without your prior knowledge.

If I refer you to someone else

With your consent, I may share relevant personal or special category data with another mental health practitioner or professional body to facilitate a referral.

Other ways I may obtain personal data

Bank records
Depositor names may appear on my bank statements. Transactions feed automatically into accounting software.

Indirectly
I may receive personal data:

  • When I contact an organisation on your behalf with your permission

  • Through reports of data-protection breaches provided by third-party organisations

How long I keep your data

I retain personal and special category data for the duration of our therapeutic relationship and thereafter only as required by:

  • Legal and regulatory obligations

  • Government bodies (e.g. HMRC)

  • Insurance requirements

  • Professional governing bodies (e.g. the British Psychoanalytic Council)

I do not retain data for longer than necessary.

Who I share your information with

Marketing

I do not sell or share your data for marketing purposes.

Third-party processors

I use trusted third-party services that are GDPR-compliant and only process data necessary for their function.

Accounting software (FreeAgent)

  • Used for invoicing and accounting

  • Stores names and email addresses

  • Access shared with GDPR-compliant accountants

  • Access restricted to authorised personnel

Videoconferencing and messaging

  • Microsoft Teams is used for online sessions

Electronic communications
While I take reasonable steps to protect electronic communications, no method is entirely secure. By communicating electronically, you acknowledge this risk. Alternative arrangements can be discussed if needed.

Professional third parties

Where necessary, I may share information with healthcare professionals or training institutions. I will usually discuss this with you beforehand unless there is a significant risk of harm.

Legal disclosure

I may be legally required to disclose information (e.g. court orders). Any disclosure will be lawful, proportionate, and documented.

Emergency contact colleagues

In line with ethical requirements, I share patient names and contact details (not special category data) with two professional colleagues for emergency purposes only. This information is shared securely and in accordance with BPC guidance.

Data security

Access to personal data is restricted to myself and authorised personnel only. Appropriate technical and organisational measures are in place to protect your information.

International data transfers

I do not routinely transfer data outside the EU/EEA. Transfers may occur:

  • For online therapy with clients based outside the EU/EEA

  • Where third-party processors use approved international data-transfer safeguards

Links to other websites

This Privacy Notice applies only to my website. Please review the privacy policies of any third-party websites you access via links.

Your rights

Under the UK GDPR, you have the right to:

  • Know what data I hold about you

  • Access a copy of your data

  • Correct inaccurate or incomplete data

  • Object to or restrict processing (subject to legal limits)

  • Request data portability

  • Be informed about decision-making (I do not use automated decision-making or profiling)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact me at smvtherapy@gmail.com. I may request identification to protect your privacy.

I aim to respond within 30 calendar days. This may be extended by up to two months for complex requests, in which case I will inform you.

There is no charge unless a request is unfounded, excessive, or repetitive.

Review of this policy

This Privacy Notice is reviewed regularly.
Last updated: 19 January 2026