Your Privacy and GDPR: How We Protect Your Data

What is GDPR?

The General Data Protection Regulation (GDPR) is a law designed to protect your personal data. It ensures that any information you share with us is handled responsibly, securely, and transparently.

What Personal Data Do We Collect?

When you access therapy with us, we may collect the following information:

  • Contact details: Name, email address, phone number, and address.

  • Health information: Notes from our sessions, your mental health history, and any relevant medical details.

  • Payment details: Information required for invoicing or payments.

  • Other personal details: Anything you choose to share during our work together that is relevant to therapy.

Why Do We Collect This Data?

We collect and use your data to:

  1. Provide therapy services tailored to your needs.

  2. Communicate with you (e.g., for scheduling sessions).

  3. Maintain accurate records, which is a legal and ethical requirement for healthcare professionals.

  4. Comply with legal obligations, such as safeguarding or responding to court orders if necessary.

How Do We Store Your Data?

We ensure your data is kept secure by using:

  • Encrypted systems for electronic records.

  • Password-protected devices.

  • Locked storage for any paper-based records.

We keep your records for 7 years after therapy ends, as required by law and professional guidelines.

Who Has Access to Your Data?

Your data is confidential, and we do not share it unless:

  1. You give consent for us to share specific information (e.g., with your GP or another professional).

  2. We are legally required to share it (e.g., safeguarding concerns, risk of harm to self or others, or a court order).

  3. Technical support: Third-party services (like secure email or booking platforms) may process your data under strict confidentiality agreements.

Your Rights

Under GDPR, you have the following rights:

  • Access: You can request a copy of the data I hold about you.

  • Rectification: You can ask me to correct any inaccurate or incomplete data.

  • Erasure: In some cases, you can request that I delete your data.

  • Restriction: You can ask me to limit how your data is used.

  • Objection: You can object to how your data is processed.

To exercise these rights, contact me at general@cailepsychology.com. Please note that there may be some circumstances where I cannot fully comply (e.g., keeping records for legal purposes).

What Happens If There Is a Data Breach?

In the unlikely event of a data breach, I will:

  • Notify the ICO within 72 hours, if required.

  • Inform you if there is any risk to your rights or freedoms.

  • Take steps to prevent future breaches.

Who Regulates This?

The ICO (Information Commissioner’s Office) oversees data protection in the UK. If you have concerns about how I handle your data, you can contact the ICO at www.ico.org.uk or call 0303 123 1113.

Contact Me

If you have any questions about how your data is handled, please get in touch:
Dr Caile Gordon
Email: general@cailepsychology.com