top of page

Privacy Policy

Introduction

Your privacy is very important to me, and you can be confident that your personal information will be kept safe, secure, and treated with care. Any personal data you share will only be used for the purpose for which it is provided. I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

 

This privacy notice explains how I collect, use, store, and protect personal information from the initial point of contact through to after therapy has ended, whether I am working with children, young people, families, or adults. It outlines:

​

  • Why I am able to process your personal information and the purposes for which it is used

  • Whether you are required to provide personal information

  • How long your information is stored

  • Whether your information is shared with any third parties

  • Whether personal data is transferred outside the UK

  • Whether automated decision-making or profiling is used

  • Your rights under data protection legislation

 

If you have any questions about this privacy notice or how your information is handled, I am happy to discuss this with you. You can contact me at info@lmpsychotherapy.co.uk.

 

For the purposes of data protection legislation, the data controller is the individual or organisation responsible for collecting and managing personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office (ICO) under registration reference ZC067967.

Telephone: 07769 663621
Email: info@lmpsychotherapy.co.uk

My lawful basis for holding and using you personal information

The GDPR requires that I have a lawful basis for processing your personal data. The lawful basis depends on the stage at which I am handling your information:

​

  • If you are currently receiving therapy, or are in contact with me to consider therapy, I process your personal data because it is necessary for the performance of our contract. This allows me to provide therapy and related services to you, your child, or your family.

  • If your therapy has ended, I continue to hold certain personal information based on legitimate interests, which ensures I can manage records appropriately and comply with professional obligations.

 

Some of the information you share may be sensitive, such as details about your health, emotional wellbeing, or other personal circumstances. Under GDPR, this is called special category personal information. The lawful basis for processing this type of data is that it is necessary for the provision of health treatment, in this case psychotherapy, and for the performance of a contract between you (or your family) and me as a health professional.

 

I ensure that all personal and sensitive information is handled carefully, securely, and in accordance with GDPR requirements.

How I use your information

Initial Contact

When you contact me about psychotherapy services, I will collect information to respond to your enquiry. This may include your full name, email address, phone number, and brief details about the support you are requesting.

​

Your details may also be provided by a GP, other health professional, parent, or trusted individual making an enquiry on your behalf.

 

If you decide not to proceed with therapy, I will ensure that all your personal data is deleted within 30 days. If you would like it deleted sooner, please just let me know.

 

During Psychotherapy

All discussions during therapy are confidential. Confidentiality will only be broken if a child or adult0 is deemed to be at significant risk of harm to themselves or others. I will always aim to discuss this with you first, unless safeguarding requirements prevent this.

 

I keep a secure record of personal details to ensure therapy runs smoothly. All records, including session notes, are stored securely on WriteUpp practice management software and are not shared with third parties.

 

For security reasons:

  • Text messages are not retained for more than 30 days; any important information will be added to the WriteUpp system.

  • Emails are deleted after 30 days if they do not contain relevant clinical information; important information is recorded on WriteUpp practice management software. 
     

After Psychotherapy Has Ended

After therapy concludes, your records are retained securely for 7 years from the end of contact and then securely destroyed.

 

If you would like your information deleted sooner than 7 years, you can request this at any time.

Third party recipients of third party data

In some circumstances, I may share personal data with carefully selected third parties to enable the smooth running of my psychotherapy services. This only occurs when a third party has been contracted to perform a specific task, and I ensure that:

​

  • There is a written agreement outlining what they are permitted to do with your information.

  • They cannot use your data for any other purpose beyond the contracted task.

 

Examples of third-party recipients include:

  • Microsoft Office 365 (for secure email and document storage)

  • WriteUpp practice management software (for clinical records and appointments)

  • HMRC and Companies House (for statutory reporting and taxation)

  • Information Commissioner’s Office (ICO) (for regulatory compliance)

 

Your data is always shared in a secure and GDPR-compliant way, and only to the extent necessary for the purpose of the service provided.

Your rights

I aim to be as open and transparent as possible about the personal information I hold and how it is used. You have the right to:

  • Request the deletion of your personal information

  • Limit or stop how your personal information is used

  • Request access to the personal information I hold about you

  • Object to certain types of data processing

​

For more information about your rights under data protection law, you can visit ICO – Your Data Matters.

​

If I hold information about you, I will:

  • Provide a description of the information and where it came from

  • Explain why I am holding it, how long it will be stored, and how that decision was made

  • Tell you who it may be disclosed to

  • Provide a copy of the information in an intelligible form

 

You also have the right to ask me to correct any errors in the personal information I hold.

 

To make a request regarding your personal information, please put your request in writing and email it to info@lmpsychotherapy.co.uk.

 

If you have a concern or complaint about how your personal data has been handled, please contact me directly at the above email or by writing to the address listed on my website. I welcome feedback or suggestions for improving my data protection procedures.

 

If you wish to make a formal complaint about the processing of your personal data, you may contact the Information Commissioner’s Office (ICO), the statutory body overseeing data protection in the UK. More information can be found at ICO – Make a Complaint.

Data Security

I take the security of your personal information very seriously and make every effort to ensure it is kept safe. All clinical records and personal data are stored securely using WriteUpp practice management software, which is GDPR compliant and specifically designed for therapy services.

​

Why WriteUpp is secure:

  • ISO27001 Certified – This is a globally recognised information governance and security standard. WriteUpp’s systems and processes are audited annually to maintain compliance.

  • Data replication – Your information is stored in two separate EU-based physical locations and replicated across four separate clusters at each site, ensuring business continuity and protection against data loss.

  • Data encryption – All data is encrypted both in transit and at rest, with 256-bit SSL encryption for navigation and storage, keeping your information secure.

  • Two-factor authentication (2FA) – WriteUpp uses 2FA to provide an additional layer of security for accessing client records.

  • Trusted by the NHS – Pathway Software, the developer of WriteUpp, has been a trusted supplier to NHS therapy services for over 10 years.
     

Using WriteUpp ensures that your personal information and therapy records are stored securely, confidentially, and in compliance with data protection legislation, giving you peace of mind.

Visitors to my website

When someone visits my website, I may use third-party services such as Wix Analytics and Google Ads to collect standard internet log information and details about visitor behaviour. This helps me understand how people use the website—for example, the number of visitors to different pages—so I can continually improve your experience.

​

All information collected in this way is anonymous. Neither I, nor Wix Analytics or Google Ads, attempt to identify individual visitors. The lawful basis for processing this information is legitimate interests, as it allows me to improve my services and website for all users.

 

If you submit a form on the website, the information you provide is temporarily stored on the web host before being securely sent to me.

 

For more information, you can view:

 

No user-specific data is collected or shared by me or any third party without your consent.

LM Psychotherapy.png

LM Psychotherapy Services

info@lmpsychotherapy.co.uk

07769 663621

BACP Logo.png

​

Practice Address Location: St Albans, Hertfordshire 

Practice Address Location: Stevenage, Hertfordshire

©2023 by LM Psychotherapy Services. Proudly created with Wix.com

bottom of page