This policy describes the information that I gather and how I manage that information when you contact me or attend to see me as client / supervisee. This is to maintain standards of privacy and confidentiality compliant with the General Data Protection Regulation (GDPR), Data Protection Act (1998) and the British Psychological Society. The data controller responsible for this policy Julia Hutchinson. If you have any questions in relation to my use of your details, contact me at This email address is being protected from spambots. You need JavaScript enabled to view it.. I am registered as a data controller with the ICO.

What personal information do I collect?

I collect information about you for the purposes described below on the basis of your consenting to this. I gather information about you in order to provide an effective clinical service. For example:

  • To know who you are so that I can communicate with you.

  • Verify your identity so that I can be sure I am dealing with right person.

  • Deliver a service to you under the terms of an agreed contract.

  • Contact you, should I need to share information. I would only do this where there is a concern regarding a risk of harm to you or others or under other specific circumstances as outlined in this policy.

The information I collect broadly includes:

  • Your name, date of birth and your contact details including a postal address, telephone number(s) and electronic contact such as email address.

  • Information required to deliver a service to you under the terms of an agreed contract. This may include GP name and contact details, your background history and information relevant to your attendance to see me.

  • I may also collect information about you from third parties; for example, if I need to gather information from another health professional (such as your GP) to complete an assessment. I would only do this with your consent.


 How will your information be used?

I use the data collected from you in the following ways:

  • To communicate with you so that I can inform you about your appointments with me. I use your name, your contact details such as your telephone number, email address or postal address.

  • To deliver an effective service to you, I will use your name, your contact details and the details gathered at your initial assessment appointment. I use written notes taken at the end of each session to record attendance and to provide an effective service to you. This is in line with guidance from my regulatory body (HCPC) and professional organisation (BPS).


Where do I keep your personal information?

I keep records in electronic and paper based (file) formats:

a. Electronic person identifiable information is kept in encrypted files and backed up in an encrypted form.

b. Paper based recording: During therapy/supervision appointments I am required to record relevant information that you provide to me. I do this by taking handwritten notes during sessions which are stored in a physical file. I may use this information to create a report, should you or your insurance provider request it. The paper based file also includes the information sheet you complete at the assessment appointment giving personal details (eg. date of birth and GP contact details). Your psychology therapy notes/file are stored in a locked cabinet in a secure location.

c. Mobile phone storage: I may keep your mobile or other contact telephone number stored in the memory of my mobile phone. This would be for contacting you at short notice should the need arise. Only your first name is stored. The mobile phone I use is 4 digit pin protected.


How long do I keep your personal information?

I retain your  file/notes for 6 years in accordance with guidance issued by our professional body, the British Psychological Society. If you are under 18, I will keep your records until your 25th birthday. After this time, I will shred your file/notes and delete any electronic copies of reports relating to you.


Who do I disclose your personal information to?

I may send reports to authorities with your consent. These would be via email attachment and password protected. In addition, I may have to share data I collect if I am required to share data with the legal authorities to fulfil my legal obligations if there is a significant risk to you or others. Under Child Protection legislation, I may be required to contact child protection services if you disclose information that indicates that a child may be currently still at risk. If I wish to access or share your data in any way not described in this privacy policy, I will contact you beforehand and only proceed with your explicit consent.


Website and email use

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Should you choose to contact us using an email link, or our contact form none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors.

Instead the data will be collated into an email and sent to us over the Transport Layer Security (TLS).

Should you choose not to consent to us using your contact details in any form submitted, please contact us by phone or direct email.

This website is hosted by 3rd party servers located in the EU which are compliant with EU legislation.



Record of payments and retention of payment information:

 I keep records of invoices, payments and receipts for accounting purposes. We are required to retain this information for 6 years in line with HMRC requirements. After six years I delete and/or shred this information.


Your rights:

How can I see all the information you have about me?

You can make a subject access request (SAR) by contacting me. I may require additional verification that you are who you say you are to process this request. I will aim to provide you with this information within one month of your written request. I may withhold such personal information to the extent permitted by law. In practice, this means that I may not provide information if I consider that providing the information will violate your vital interests.

What if my information is incorrect?

Please contact me. I may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide me with the correct data and after I have corrected the data in our systems I will send you a copy of the updated information in the same format as the subject access request.

How can I have my information removed?

If you want to have your data removed I have to determine if I need to keep the data, for example in case HMRC wish to inspect my records. If I decide that we should delete the data, I will do so without undue delay.

How do I make a complaint?

If you wish to raise a complaint on how I have handled your data, you can contact me to have the matter investigated This email address is being protected from spambots. You need JavaScript enabled to view it.
If you are not satisfied with my response or believe I am not processing your data in accordance with the law you can complain to the Information Commissioner’s Office:


Changes to this privacy policy:

I may occasionally make changes to this data protection and privacy policy. Following any changes, the date at the top of the privacy policy will be updated. If any change allows for the wider access to or sharing of data, such changes will only apply to data collected after the date of the updated privacy policy.



Website Legal Disclaimer

The information contained in this website is for general information purposes only. Whilst we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under our control. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

We encourage you to read the privacy statements on the other websites you visit.

Every effort is made to keep the website up and running smoothly. However, we take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.