Privacy Notice

I respect the privacy of my clients and supervisees and am committed to protecting the personal data of the people I work with. This privacy statement describes how your personal and sensitive data is collected, handled and stored, following the General Data Protection Regulation (GDPR) legislation (2018). I aim to keep this information clear, transparent and easy to understand.

Who am I?

I, Dr Louise Harriss, am a sole practitioner providing clinical psychology services including psychological assessment, therapy, supervision, consultation and training. I am registered with the Information Commissioner’s office (ICO) and I am the data controller for any personal information you share with me.

My work follows the ethical and professional standards required by my professional regulatory and accrediting organisations (HCPC, BPS, BABCP, ACAT and EMDR-UK)

Contact details:

Name: Dr Louise Harriss

Email: louise@consultingminds.co.uk

Practice address: Integral Life Centre, Bagshot

Telephone: 07940 442982

What are your rights?

I am committed to protecting your rights to privacy. Under UK GDPR, you have the right to:

  • be informed about what I do with your personal data

  • request a copy of all the personal information I process about you

  • request correction of inaccurate information

  • request erasure where appropriate

  • request restriction of processing

  • object to certain processing

  • request transfer of your data where applicable

You may contact me using the details above to exercise these rights.

You also have the right to complain to the Information Commissioner’s Office (ICO):

www.ico.org.uk

Why do I collect information about you?

I collect information about you so that I can provide you with psychological assessment and therapy, or supervision, and because it supports me to provide you with a safe and professional service. It is therefore in my legitimate interests as a Registered Practitioner Psychologist to collect your personal data.

I also collect sensitive ‘special category’ data (such as details of your psychological difficulties and background history). My lawful reason for doing so is that it is necessary for the provision of safe and professional psychological and mental health treatment. You do not have to agree to share information with me, however in many cases I may not be able to offer you a service if you do not.

When processing ‘special category’ data about you, I may also have a Legal Obligation for processing your data as another lawful reason, for example if you are being assessed as part of a litigation claim.

I may also collect information about you if I am providing other services, such as supervision or training. If you are a supervisee, I will have a supervision contract with you, which will be my lawful reason to process your data.

Lawful basis for processing (UK GDPR)

Under UK GDPR, personal data is processed on the following lawful bases:

  • Legitimate interests — responding to enquiries submitted via the website

  • Contract — providing agreed psychological services

  • Legal obligation — complying with professional and regulatory duties

  • Provision of health care — processing special category health information necessary for psychological treatment and record-keeping

Health information is classed as special category data and is handled with additional safeguards.

What information do I collect about you?

When you submit an enquiry using my website Enquiry Form, you may be asked to provide: your name, email address and/or telephone number, and a brief message describing your enquiry. This information is sent securely to my professional email account and is used only to respond to your enquiry and consider whether I can offer services appropriate to your needs. If we do not engage in a service together, enquiry emails will be deleted after a time period of 6 months.

Once we have agreed to meet for an assessment and/or therapy, I may collect and store the following personal information about you:

  • name, address, e-mail, telephone number, date of birth, gender (or preferred identity), occupation, relationships and family/children.

In addition to the personal information above, I may also collect sensitive information including:

  • Current psychological difficulties and history, personal background history including relationships, medical conditions, prescribed medications, substance use, risk history, financial information (including bank account details if you are self-funding), signed therapy/GDPR agreement, session details and notes, any completed outcome measures, client feedback information.

Some of this information will be collected directly from you, but it may also come from a referring agency (such as your GP, psychiatrist, other healthcare provider or insurance company).

I only collect information that is necessary for providing safe and effective psychological services. If you do not provide the information requested then I may be unable to provide a psychological therapy service to you.

I also process personal data in relation to my legitimate interest in running my business including keeping invoices, receipts and documents relating to accounts and tax returns.

If I am providing you with supervision, I will collect your contact details including your name, address, telephone number and e-mail address. I may also collect information including: your professional registration details, curricula vitae, previous supervision arrangements, accreditation evidence logs (if required), bank details for payments. I will only use the information you supply me to support your supervision.

How do I use the information I collect?

Your information may be used to:

  • Respond to enquiries and communicate with you

  • Arrange and manage appointments

  • Provide psychological assessment and therapy

  • Provide high quality treatment including liaison with others involved in your care, where relevant and with your consent

  • Maintain clinical records in accordance with professional standards

  • Deliver online therapy sessions (via Bilateral Base or Microsoft Teams)

  • Process and record payments for services

  • Meet legal, ethical, safeguarding, and regulatory obligations

  • Maintain and improve website functionality

Online therapy

Online sessions are conducted either via Microsoft Teams or Bilateral Base. Reasonable steps are taken to use secure platforms; however, no internet-based communication can be guaranteed completely secure. You will be encouraged to attend sessions from a private and safe environment.

Payments

Payments for sessions are typically made via bank transfer.

When you make a payment, your name, payment reference, and transaction details may appear on bank statements and accounting records. These records are processed only for financial administration, accounting, and legal tax obligations.

I do not store full bank account details or card information. Financial records are retained only as required by UK tax and accounting law.

How do I store and share information about you?

I take your privacy very seriously and am committed to taking reasonable steps to protect any individual identifying information you share with me. All personal information is stored in compliance with GDPR requirements.

Personal and sensitive information from assessment and session notes are stored securely using both paper and digital systems:

  • Paper records are kept in locked storage cabinets.

  • Digital records are password protected and held on secure devices and systems.

  • When electronic information needs to be shared, e.g. in the format of a report, this will be done in a password protected format.

  • Email correspondence is stored in my email account including your email address and anything you disclose in emails. I regularly delete emails, however please be aware that email is not a secure mode of communication and you may prefer to communicate personal information to me directly in in-person/online sessions or over the telephone.

  • I aim to minimise personal information shared electronically and will only use email where it is proportionate and necessary.

Appropriate technical and organisational safeguards are used to protect personal data from unauthorised access, loss, or misuse.

How long do I keep your information for?

I retain your personal and sensitive data for only as long as necessary and in compliance with professional guidance and indemnity obligations. This is usually no longer than 7 years following the date of last contact with my services, and is in line with guidelines and requirements for record keeping by the HCPC and the BPS. After this time, all data, paper or electronically held will be securely destroyed or erased.

For administrative and tax purposes in accordance with the HMRC Tax regulations, your basic information will be held for 6 years, following the date of last contact with me.

Who do I share your personal information with?

I work according to strict and respectful boundaries around confidentiality at all times, and follow my professional and contractual codes of confidentiality. Where possible, I will anonymise information in my documentation so that individual people cannot be identified. I will only use your personal information to provide the services you have requested of me.

There will be times when I need to share information with others with your consent including:

  • Assessment or therapy reports to referrers or to insurance companies. Reports are sent securely in password protected documents or via post.

  • I may need to share information regarding dates and schedules of appointments to organisations for billing purposes.

  • Supervision/consultation. For the purposes of good clinical practice and in line with my professional requirements, I need to discuss my work within my own supervision. I do not disclose your name or any identifying information with my supervisor, and they are also bound by the same codes of confidentiality.

  • Therapeutic Will – in the event of my death, should you still be in therapy with me, I have a therapeutic executor who would access your contact details to advise you of this, and to ensure the ongoing security/appropriate deletion of your data.

  • Risk and safeguarding: If I am concerned for your safety, or the safety of someone else, I have a professional and legal duty to share this information, however I would hope to be able to discuss this with you first, whenever possible.

Your information is treated as confidential and will not normally be shared without your consent unless:

  • I believe that there is a serious risk of harm to you (e.g. suicide)

  • I have concerns about safeguarding or harm to another person (e.g. child protection)

  • I am required to disclose information as required by law or court order

  • If a crime has been reported to me, I may have a legal and professional obligation to share information with third parties without seeking your prior permission.

How can you access your information?

I aim to be as open as possible in sharing as much information as possible with you.

Should you wish to formally request copies of personal information I hold about you, you can make a ‘Subject Access Request’ or ‘Right of Access’ under the Data Protection Act and GDPR. To make a request to me please put this request in writing. I will then provide you with the following:

  • A description of all data I hold about you

  • Inform you how it was obtained (if not supplied by you)

  • Inform you why, what purposes, I am holding it

  • What categories of personal data is concerned

  • Inform you who it could be disclosed to

  • Inform you of the retention periods of the data

  • Inform you around any automated decision-making including profiling

  • Provide you with a copy of the information.

How does your information get updated if necessary?

You may also ask me to correct or remove any information you think is inaccurate, although I reserve the right to refuse a request where I consider that the information forms part of the therapy records.

It is important that the information I hold about you is accurate and up to date. It is your responsibility to inform me as soon as possible of any of your personal data changes.

Complaints or queries

I aim to provide a high-quality service and to meet good professional practice standards in all my work. I encourage you to bring to my attention if you think my collection or use of information is unfair or inappropriate in any way, and would also welcome any feedback or suggestions on improving my processes.

Should you feel you would like to make a complaint, then please contact me in writing at: louise@consultingminds.co.uk and I will investigate the matter.

If you continue to be dissatisfied with my response or believe I am not processing your data in accordance with the GDPR legislation, then you have the right to raise a formal complaint with the Information Commissioners Office (ICO).

My ICO registration number is Z164446X

And I, Louise Harriss, am the named Data Controller.

Cookies and website use

This website may use basic cookies or analytics to understand how visitors use the site and to improve functionality. You can manage cookies through your browser settings. Please visit my Cookie Policy and Website Disclaimer for more information.

Changes to this Privacy Notice

This privacy notice may be updated occasionally to reflect legal or professional changes. The most recent version will always appear on this website.