Menu

PRIVACY POLICY

This policy explains how I comply with the Data Protection Act 2018 and the General Data Protection Regulation 2018. It describes how your personal information is handled – what I collect, why it is needed, who it may be shared with, how it is stored, when it is deleted, and what your rights are.

I am registered with the Information Commissioner’s Office, which oversees data protection standards in the UK. My registration number is ZB996305.

If you have any questions about this policy or about how data protection applies during our work together, please feel free to contact me at enquiries@lunehadfield.com

Lawful Basis

Your personal information is processed under the lawful basis of legitimate interest, as it is necessary for me to collect and use certain personal and sensitive information to provide psychological services.

All information I hold is kept securely and used solely for the purpose for which it was provided.

What Personal Information I Collect

I may receive personal information directly from you, or from third parties such as health care providers or insurance companies.

This may include:

  • Personal information: your name, date of birth, address, telephone number, email address, payment information, and GP details.
  • Sensitive information: therapy records, including session notes, outcome measures, letters, and reports.
  • Health insurance information: referral details, policy numbers, and authorisation numbers provided by your insurer.
  • Website enquiries: information submitted through the online contact or enquiry form.

Why I Collect Personal Information

I collect this information to provide you with appropriate psychological services, including assessment, therapy, or referral, and to support the ongoing delivery of those services.

Confidentiality and Sharing Personal Information

All therapy sessions and their content are treated as strictly confidential, with a few important exceptions:

  • When there is a risk of harm to yourself or to others.
  • When required by law, such as through a court order or subpoena.
  • When discussed in clinical supervision, which helps ensure safety, quality of care, and ethical practice. (No identifiable information is shared in supervision.)

In addition to these exceptions, there may be circumstances where sharing limited information is necessary to support your care or meet professional obligations, including:

  • Making a referral to another health care professional.
  • Liaising with your GP, psychiatrist, or other health care providers.
  • Communicating with health insurance providers for billing or authorisation purposes.
  • Working with approved third parties who support administrative or professional functions, such as HMRC or the executor of my clinical will.

Wherever possible, I will always seek your consent before sharing information with other professionals.

Marketing

Your personal information will never be shared or sold to any third party for marketing purposes.

How I Store Personal Information

I take the security of your information very seriously and use both digital and physical safeguards to protect it.

  • Your contact details are stored in a secure, cloud-based system accessible only from password-protected devices.
  • Sensitive digital records, such as referral letters or GP correspondence, are stored in encrypted, password-protected cloud storage.
  • Confidential documents are sent only via encrypted email services.
  • Paper records, such as session notes and outcome measures, are kept in a locked filing cabinet. Identifying information is stored separately from session notes.
  • Open or insecure Wi-Fi networks are never used for confidential communication or to transmit any personal information.
  • All systems and applications are regularly updated, and devices are protected by up-to-date malware and antivirus software.

Website

My website does not use cookies or web analytics, and no user-specific data is collected by me or by any third party.

If you complete the therapy enquiry form on my website, your information is temporarily stored on the web host before being securely sent to me.

How Long I Keep Personal Information

After therapy has ended, your file records are retained for seven years from the date of your last contact with me. At the end of this period, all personal information is securely destroyed at the close of the calendar year.

Process notes made during therapy sessions (to support my clinical thinking) are not part of your formal file records. These notes are securely destroyed once therapy has concluded.

In line with HMRC requirements, I retain bank statements for six years plus the current accounting year.

Your Rights

Under the General Data Protection Regulation, you have the right to:

  • Be informed of what information I hold about you.
  • Access the information I hold about you.
  • Request correction of any inaccurate or incomplete information.
  • Withdraw your consent for me to hold your information.
  • Request that your information be erased.
  • Request the transfer (portability) of your information.
  • Object to automated decision-making or profiling that uses your information.
  • Object to the way I process your information.

If you wish to exercise any of these rights, please contact me via email at enquiries@lunehadfield.com. I will respond to all requests within one calendar month.

If you are not satisfied with my response, you have the right to lodge a complaint with the Information Commissioner’s Office:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow SK9 5AF

Helpline: 0303 123 1113

Website: http://www.ico.org.uk

CHANGES TO THIS PRIVACY POLICY  

This Privacy Policy is reviewed regularly. You will be notified of any significant updates.

Last updated: October 2025