Who am I?
I treat your details and therapy in complete confidence, except when required as described in With whom I share your data below.
What personal data I collect, and why
Although I treat your emails with the same confidentiality as anything else, email is inherently insecure. Please exercise care when using email, as I cannot promise that no one else can access this data during transit. In particular, I use Google’s Gmail to process emails.
I keep your emails only as long as required, and then delete them.
Contact via the website form uses email, and as such is not fully protected against interception. Please exercise the same care as you would when submitting a regular email.
When you use the contact form, it goes through Google reCAPTCHA to fight spam and abuse.
This website keeps cookies to help make the website function. These cookies do not track you.
If you disable cookies, you can still use this website, but some parts might not work correctly.
Telephone, SMS, chat app, postal mail
Telephone calls, SMS, postal or other mail services, and other chat, audio and video applications are only as secure as the companies that provide the services, and the governments that control them. I cannot vouch for their security.
Problems can be connected in unexpected and non-intuitive ways, and so I keep records of anything that might be important even if it appears to be irrelevant at the time.
I also keep your name, address and contact information.
Also see below, How I keep your data safe.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website.
I keep anonymised statistical information on website visits for marketing purposes.
I keep anonymised statistical information on clients’ problems and sessions for research, quality assurance and education.
These anonymised data cannot be used to identify you.
These analytics are kept indefinitely.
With whom I share your data
I do not share your data with anyone, unless any of the following apply.
- I am required to do so for legal or regulatory reasons.
- To protect against harm.
- To address fraud or illegal activity.
- To protect confidential data.
- To protect the rights, interests or property of this business.
- You have given explicit permission to do so, e.g. to allow me to contact your GP, discuss your case with a fellow therapist, or display a testimonial.
Additionally, I collaborate with therapists and life coaches worldwide for the purposes of education, mutual help, and skills improvement. For this reason, I sometimes share case studies, which include only fully-anonymised relevant details (you will not be identifiable from the information).
In all cases, sharing will be kept to only the pertinent details, anonymised where applicable, and shared only with the applicable people.
Except where the above applies:
- I do not share your data with anyone (spouse, partner, parent, child, other relative, friend, employer, employee, and so on); except that a parent or legal guardian may request data about their charge, but subject to legal protections (see What rights you have over your data below).
- If you provide a testimonial, I might use it and your personal details, but only to the extent that you give me explicit permission to do so.
How long I retain your data
Session details and personal information
Both the law and insurance require minimum data retention periods.
Subject to those minimums, I keep your information only for as long as I need it for therapy; for follow-up; and when I believe that I should keep it for longer for potential future contact or problems.
How I keep your data safe
All data are kept electronically (not on paper) and encrypted to industry standards. Only I have the passphrase. No one else can access your data except as described above in With whom I share your data.
All paper copies (e.g. notes and contracts) are scanned or copied into the encrypted electronic area soon after making them, and the paper copy is shredded immediately afterwards.
Backups are also encrypted, with a separate passphrase. I use SpiderOakONE (which is GDPR-compliant), which means that the backup is kept on servers in the USA. However, the data remains fully encrypted, both during transmission and on storage. Even the SpiderOak staff don’t have the passphrase, and so cannot access the data.
What rights you have over your data
You may request a written or electronic copy of your own data. I am legally required to confirm your identity before sharing the data. Such data will be provided in a timely manner after confirmation. Excessive requests will incur an administration fee.
You can request that I delete information held about you. This does not include data held for, or subject to, legal, regulatory, administrative, security or insurance restrictions or purposes.
What third parties I receive data from
If I contact your GP, another therapist or any other relevant person with whom you have had contact (subject to permission, of course), they might give me further relevant information. I treat this information with the same care and confidentiality as your other data.