Privacy Policy

Compassionate Therapy Practice

This privacy policy explains how your personal information is collected, used, and stored at Compassionate Therapy Practice. It reflects my commitment to privacy, confidentiality, and good data practice, in line with the UK General Data Protection Regulation (GDPR).

As a sole practitioner, I take the responsibility of looking after your information seriously. If you have any questions after reading this, please feel free to get in touch using the contact details at the end.

Why I Collect Information

I collect and store personal information to provide safe, effective psychological assessment and therapy. This includes both general contact details and more sensitive ‘special category’ information, such as your mental health history and what you share in therapy sessions.

The lawful basis for collecting and processing your information is my legitimate interest as a registered therapist, and because it is necessary for the delivery of health care. You do not have to share this information, but without it, I may not be able to offer therapy.

What I Collect

When you contact me or begin therapy, I may collect the following:

Your name, contact details, and date of birth
Emergency contact or GP details
Information about your current difficulties and relevant history
Notes from our sessions
Referral details (if someone such as your GP, psychiatrist, or insurer has referred you)

How I Use Your Information

Your personal information is used to:

Respond to enquiries and communicate about appointments
Provide psychological therapy and support
Keep accurate clinical records
Comply with legal, regulatory, and professional obligations
Process invoices or insurance claims where relevant

Sharing Your Information

Your information will remain confidential and will only be shared:

If required by law (for example, where there are safeguarding concerns)
With your consent (for example, sharing a report with your GP or insurer)
Within professional supervision (where your identity is anonymised, and supervisors are also bound by confidentiality)
To process payment through secure systems if you use medical insurance

Clinical Will

In the unlikely event that I become suddenly incapacitated or unable to continue working, a Clinical Will is in place. This means a trusted colleague may access your records temporarily in order to notify you and help ensure continuity of care. This is a safeguard to protect your wellbeing and privacy.

How I Store Your Information

I store all personal information securely in digital formats only. I use a combination of administrative, technical, and security measures to ensure your data is protected. These include:

Encrypted cloud storage
GDPR-compliant systems such as Zanda for practice management, clinical notes, and invoicing
Password-protected devices
Two-factor authentication wherever possible
Regular deletion of unnecessary emails and messages

I use Zanda’s secure, AI-assisted notes tool to help summarise key themes from our sessions. This tool operates within a closed, encrypted system that is fully compliant with GDPR. No external parties access or view the content, and your data is never used to train AI models or for any purpose beyond your clinical record. All notes remain fully under my control and are stored securely within your encrypted file.

This tool helps streamline note-keeping securely and efficiently. If you have any questions about how it’s used, I’m happy to talk it through.

If you contact me via email, text, or another messaging platform, your contact details may also be stored in secure, password-protected inboxes or apps.

Remote Therapy Sessions

If you attend therapy remotely, I use Microsoft Teams, which is a secure, end-to-end encrypted platform, to protect your confidentiality during online sessions.

Cookies on the Website

The Compassionate Therapy Practice website uses cookies to help the site run properly and understand how visitors use it. You can choose to manage or disable cookies in your browser settings if you prefer.

How Long I Keep Your Information

I am required to retain clinical and financial records for 7 years after your therapy ends (or 7 years after you turn 18 if you were under 18 at the time). After this period, your information will be securely deleted or destroyed.

Your Rights

You have the right to:

Access the information I hold about you
Ask for corrections if your information is inaccurate or out of date
Request that I restrict or stop processing your data in certain circumstances
Ask for your information to be erased (unless I am legally required to retain it)

To make any of these requests, please get in touch using the contact details below. I aim to respond within 30 days.

Children and Young People

When I work with children or young people, I take extra care to protect their privacy. Information collected may include:

Name, contact details, and date of birth
School information
Gender identity, sexuality, and emotional wellbeing

I only share this information if required by law or when it is clearly in the best interest of the child or young person. I will always aim to discuss this with them and their parent/carer beforehand.

If There Is a Data Breach

If there is ever a breach of personal data, I will report it to the Information Commissioner’s Office (ICO) within 72 hours and notify any affected individuals where appropriate. I will take steps to understand what happened and how to prevent it in future.

Contact and Data Controller Information

If you have any questions, concerns, or would like to request access to your information, please contact:

Chenelle Owen
Compassionate Therapy Practice
Email: chenelle@compassionatetherapypractice.com

Please include "Privacy Query" in the subject line if you are getting in touch about your personal data.

If you're not satisfied with the response you receive, you can contact the Information Commissioner’s Office at ico.org.uk.