top of page

PRIVACY POLICY 

 
 
Privacy Notice

 

Your privacy and confidentiality are taken seriously. This notice explains how your personal information is collected, used, stored, and protected throughout the course of therapeutic work and afterwards.

I comply with applicable UK data protection legislation, including:

  • The UK General Data Protection Regulation (UK GDPR),

  • The Data Protection Act 2018,

  • and the Privacy and Electronic Communications Regulations (PECR).

This privacy notice applies from the point of initial contact, throughout therapy, and after therapy has ended.

 
Data Controller

I am the data controller responsible for the personal information you provide.

I am registered with the UK Information Commissioner’s Office (ICO).

 
The Information I May Collect

Depending on the nature of our contact, I may collect and process the following information:

  • name

  • date of birth

  • contact details

  • emergency contact details

  • GP details

  • relevant medical or psychological information

  • session notes

  • appointment history

  • correspondence by email, contact form, or telephone

  • payment and invoicing records where applicable

I only collect information that is reasonably necessary for the provision of psychotherapy services.

 
Lawful Basis for Processing Personal Data

Under UK GDPR, I must have a lawful basis for processing your personal information.

The lawful bases I rely upon are:

 
Contractual Necessity

 

Where you are engaging in therapy or consulting with me regarding therapy, I process your information as necessary for the performance of our therapeutic agreement.

 
Legitimate Interests

I may retain limited records after therapy has ended where there is a legitimate professional, ethical, legal, or insurance-related reason to do so.

 
Special Category Data

Information relating to mental health constitutes “special category data” under UK GDPR.

The lawful basis for processing this information is:

  • provision of health or therapeutic care,

  • explicit consent where appropriate,

  • and establishment, exercise, or defence of legal claims where relevant.

 
Initial Contact

When you contact me to enquire about therapy, I may collect basic personal information in order to respond to your enquiry and assess whether I may be able to offer appropriate therapeutic support.

This may occur through:

  • email,

  • telephone,

  • website contact forms,

  • referrals,

  • or other professional introductions.

If therapy does not proceed, your information will generally be deleted within 6 months unless there is a legitimate reason to retain it longer.

 
Confidentiality

 

Confidentiality is a central part of counselling & psychotherapy. Information discussed in sessions will be treated confidentially and handled with professional care.

However, confidentiality is not absolute. There are circumstances in which I may need to disclose information, including:

  • where there is a serious risk of harm to yourself or others,

  • safeguarding concerns involving children or vulnerable adults,

  • where disclosure is required by law,

  • where records are subpoenaed by a court,

  • or where disclosure is necessary for the prevention or detection of serious crime.

Where possible and appropriate, I will aim to discuss this with you beforehand.

 
Clinical Supervision

 

As part of ethical and professional practice, I undertake regular clinical supervision in accordance with UKATA and UKCP professional requirements.

Your identity will be protected as far as reasonably possible during supervision discussions.

Supervisors are themselves bound by professional confidentiality and data protection obligations.

 
Record Keeping

 

I maintain brief clinical notes relating to therapy sessions.

Records may include:

  • session dates,

  • themes discussed,

  • clinical observations,

  • risk assessments where relevant,

  • and administrative information.

Records are stored securely using password-protected and encrypted systems and/or locked physical storage.

I take reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, or disclosure.

 
Communication

 

Please be aware that email and text messaging are not completely secure forms of communication.

I will use reasonable measures to protect confidentiality, but you accept that there are inherent risks associated with electronic communication.

Emails and messages may be retained where clinically, legally, or administratively necessary.

Video sessions may take place using secure online platforms. Sessions are not recorded unless explicitly agreed in advance.

 
Sharing Personal Information

 

Your personal information will not ordinarily be shared with third parties without your consent.

Exceptions may include:

  • safeguarding obligations,

  • serious risk management,

  • legal obligations,

  • insurance requirements,

  • professional regulatory processes,

  • or clinical supervision.

Where disclosure is necessary, only information relevant to the specific purpose will be shared.

 
Retention of Records

Therapy records are retained for a limited period after therapy ends in accordance with professional, legal, and insurance requirements.

Currently, records are generally retained for:

  • 7 years after the end of therapy for adults,

  • or longer where required by law, safeguarding considerations, or insurance obligations.

After this period, records are securely destroyed or permanently deleted.

Your Rights

 

Under UK GDPR, you have rights regarding your personal information, including:

  • the right to access your information,

  • the right to request correction of inaccurate information,

  • the right to request erasure in certain circumstances,

  • the right to restrict processing,

  • the right to object to processing,

  • and the right to data portability where applicable.

These rights are not absolute and may be limited by legal, ethical, or professional obligations.

Requests should be made in writing.

Website and Cookies

When you visit my website, certain anonymous technical information may be collected automatically through cookies and analytics services.

This may include:

  • browser type,

  • pages visited,

  • time spent on the site,

  • and general usage patterns.

This information is used to improve website performance and user experience and does not normally identify individual visitors.

If you complete a website contact form, the information submitted will be transmitted securely and retained only as necessary for responding to your enquiry.

You can manage cookie preferences through your browser settings.

Data Security

I take reasonable steps to ensure that personal information is stored securely.

Measures may include:

  • encrypted devices,

  • password protection,

  • secure cloud storage,

  • two-factor authentication,

  • locked filing systems,

  • and restricted access to records.

No electronic system can ever be guaranteed completely secure, but reasonable professional safeguards are maintained

.

 
Complaints

 

If you have concerns about how your personal information is handled, you are encouraged to contact me directly in the first instance.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office

EXPLORE

About

Blog

How I work

WHERE I WORK 

HELP Counselling

RCT Domestic Abuse Services

INFORMATION 

Privacy Policy 

Disclaimer

renateridingstherapy@gmail.com 

Renate Ridings is a Psychotherapist in training working towards UKCP and UKATA accreditation in Transactional Analysis Psychotherapy.

Currently working with clients in clinical placement settings.

The content on this website is for informational purposes only and is not a substitute for psychotherapy, medical advice, diagnosis, or crisis support.

Privacy Policy | Contact | Blog

Copyright © 2026 Renate Ridings Psychotherapy - All rights reserved

bottom of page