Privacy Policy

This Privacy Policy is intended to clarify all aspects regarding the protection and privacy of all data provided by you as a client at MindBody Therapies. I will endeavour to keep it updated as developments occur in relevant legislation. I am regarded as both a Data Controller and Data Processor as I gather, store and process data in my work as Counsellor and Physiotherapist

1.            Data held

1.1 At commencement of an enquiry, you will be asked to complete an intake assessment.

1.2 If counselling is agreed upon a counselling contract is discussed and signed. You are consenting to my holding of relevant personal data, as part of our contract of working together.

1.3 If Physiotherapy is required a more detailed health information assessment is carried out and health information about the nature and history of your problem is collected.

1.4 Information includes your email, telephone number, contact details, GP and emergency contact, your availability and other information regarding the nature of your issue.

 1.5 All relevant personal information collected from you is needed to answer your enquiries and to keep you informed.

1.6 Other information sometimes collected is feedback forms and outcome measures.

1.7 Personal data also includes anonymized counselling or session notes or physiotherapy notes containing content of session provided. These notes will consist of a brief summary of some of the points from each appointment attended.

1.8 Your name will appear on any bank transfers you make into my business account.

2.            Use of this information

2.1 Your data will be used only to provide you with my services and to give you information relating to my services.

2.2 I will not share your details with any other person or organisation without your knowledge and permission unless this is something you consent to (eg an onward referral) or if there is a legal requirement as stated in the counselling contract.

2.3 Should the need to inform you of my death or incapacitation, I have a clinical will. The executer of this will be given password protected instructions to access current clients to inform them.

3.            Data Retention

3.1   I will take all reasonable precautions to prevent the loss, misuse or alteration of information you give me.

3.2 All personal data will be held by me for a period of 5 years from the date of our last session, in line with direction from the insurance company with whom I hold my professional indemnity.

3.3 Any data held by me in paper form is stored in a locked filing cabinet. Notes are anonymised.

3.4 I have a dedicated mobile phone for MindBody Therapies that is password protected and sed only by myself. If you text or ring me or agree to me texting or ringing you, your phone number will stay in my phone for the duration of our work together. I do not store your name or save it to contacts. Once our work is finished, I delete your contact from my phone.

3.5 Emails are kept in a personal laptop that is not shared and is password protected. Emails are kept during the course of our work together and then deleted. If information shared in our emails is important, I will transfer the content into your ‘session’ notes. These are stored for 5 years.

3.6. For ease of use and compatibility, email communications will not be sent in an encrypted form unless you require it and give permission to communicate with you in that way. Email, unless encrypted, is not a fully secure means of communication. Whilst I endeavour to keep our systems and communications protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus-free.

3.7 Notes kept after a session together are brief and anonymised. These are stored in encrypted files on a password protected computer. They are deleted after 5 years.

3.8 Should my current laptop cease working or I purchase a new one, the hard drive will be wiped and removed from the laptop and stored in a locked cabinet.

3.9 After 5 years of finishing work together all paper documents will be shredded.

3.9 i I will notify affected parties of any serious breach of identifiable data. This would include incidents such as theft, loss or unauthorized access by another person. The ICO will be notified of a serious breach of data..

4.            Your rights over your personal data

4.1 Clients have the right to access their data records via a Subject Access Request (SAR). This access will be arranged within 30 days. Clients may request the updating or correction of data held. Clients may request the return, copy or deletion of their data. However, this is subject to legal requirements where I must hold data for a minimum of 5 years

4.2 If you would like to see the information, I hold about you, or would like to correct, update or delete any records, please email me at

4.3 If you have any concerns about our use of your data, please contact me directly at I will do my utmost to resolve any concerns you have. If for any reason I cannot resolve the issues you may choose to contact the ICO directly.