Privacy Notice

Your privacy and the security of your personal information are very important to me. This page explains how I collect, use, and store personal data in line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. I am registered with the Information Commissioner’s Office (ICO) as a Data Controller.

What I need

I collect personal information such as your name, address, telephone number and date of birth. I may also need to collect relevant history, including:

  • For children and families: medical and developmental history, EHCP reports and other professional reports.

  • For adults: therapeutic and family history, medical information and relevant background; this may include a timeline of events.

With your consent, I may also use photographs or videos to monitor progress in intervention.

Why I need it

This information allows me to:

  • Understand your needs accurately and support appropriate clinical judgement.

  • Carry out assessment and plan intervention effectively.

  • Keep you (and, where appropriate, referrers or other professionals) informed and up to date.

  • Maintain an ongoing record of progress in therapy or intervention to guide clinical reflection.

How I collect it

Information is collected directly from you, and where relevant, from a referring professional via a referral form or questionnaire. With your permission, I may also receive reports from other professionals.

  • For children: discussions may take place with parents/carers, teachers, SENCOs and other professionals you identify as important.

  • For adults: information may come from previous reports, medical notes, or other professionals supporting your care.

What I do with it

All personal data is processed by me. I will not share your data with third parties without your consent. Where necessary, and with your permission, information may be shared with professionals involved in your care.

Your data will not be used for marketing purposes. Photographs or videos (if taken) are stored securely and can be accessed by you upon request.

Who I may share it with

I will only share information with your consent, unless there is a legal or safeguarding requirement. Examples of professionals I may share with include teachers, SENCOs, social workers, therapists, counsellors, physiotherapists or support workers.

An important exception is where there are safeguarding concerns — in these cases, I have a legal duty to share relevant information to protect children or vulnerable adults.

How is it stored

  • Paper records are stored in a locked filing cabinet.

  • Some client information, reports and documents are stored on an encrypted or password-protected hard drive.

  • With your consent, I may use Heidi, a secure GDPR-compliant platform, to keep therapy records and progress notes.

How long I keep it

  • For children: records are kept until the child reaches the age of 25, in line with professional guidelines.

  • For adults: records are kept for at least 7 years after therapy ends.

This ensures individuals can access details of their therapy journey if they wish in future.

Your rights

Under GDPR, you have the following rights:

  • To access the personal data I hold about you.

  • To request corrections to your data if inaccurate.

  • To request erasure of your data (“the right to be forgotten”). Please note that this does not always apply to health and social care data.

If you believe any information I process is incorrect or wish to update, access or delete your details, please contact me.

Complaints

If you have concerns about how I handle your data, please contact me first so I can investigate. If you are not satisfied with my response, you can contact the Information Commissioner’s Office (ICO) www.ico.org.uk | Tel: 0303 123 1113