top of page

Privacy Policy

1. Introduction

This Privacy Notice explains how I collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

2. Data Controller

I am the data controller for the personal data that I hold.

Name: Letisia Vela

Role: Self-employed Trainee Therapist in Private Practice

Email: letisia.counselling@gmail.com

 

3. What personal data I collect

I may collect and hold the following information:

  • Contact details (name, email address, phone number)

  • Basic personal information relevant to therapy

  • Session notes and clinical records

  • Appointment and payment records

  • Emergency contact details

  • GP details (where relevant)

  • I only collect information that is necessary for providing therapy and meeting professional, ethical, and legal obligations.

 

4. Lawful basis for processing

I process personal data under the lawful bases of:

  • Provision of health care

  • Legitimate interests (to provide safe and effective therapy)

  • Legal obligation (for example safeguarding or record keeping)

I do not rely on consent as the lawful basis for processing therapy data.

 

5. How your data is stored

  • Records are stored securely, either digitally or in locked storage

  • Digital data is password protected and encrypted where appropriate

  • Only I have access to your identifiable personal data

 

6. Confidentiality and sharing of information

Your information is kept confidential and will not be shared without your consent, except where:

  • there is a serious risk of harm to you or others

  • there is a safeguarding concern involving a child or vulnerable adult

  • disclosure is required by law (for example a court order)

Anonymised information may be discussed in clinical supervision as part of ethical practice.

 

7. How long your data is kept

Therapy records are retained for 7 years after the end of therapy in line with professional guidance, professional indemnity insurance requirements, and limitation periods for potential legal claims. After this period, records are securely destroyed.

 

8. Your rights

Under data protection law, you have the right to:

  • request access to your personal data

  • request correction of inaccurate information

  • request erasure of data where appropriate

  • raise concerns about how your data is used

 

9. Complaints

If you have concerns about how your personal data is handled, please raise this with me in the first instance. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

 

10. Changes to this Privacy Notice

This Privacy Notice may be updated from time to time. The most recent version will always be available on request or on my website.

bottom of page