top of page

​

​

Last updated: [add date]

​​​​

Introduction

Your privacy matters. In order to provide therapy and respond to enquiries, it is necessary for me to collect and store some personal information. I take protecting your data seriously and am committed to handling it safely, transparently, and in line with current data protection legislation.

​​

This Privacy Policy explains what information I collect, how I use it, how it is stored, and your rights under the law.

​

I adhere to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

​​

Who I Am

Third Path Therapy
Reece Clarke, MA – Psychotherapist

​​

For the purposes of data protection law, I am the Data Controller, meaning I am responsible for how your personal information is collected and used.

​​

I am registered with the Information Commissioner’s Office (ICO).
ICO registration number: [add if applicable]

​​

What Information I Collect

​

1) When you make an enquiry

If you contact me via my website, email, or phone, I may collect:

​​

Your name

Email address

Telephone number

A brief description of what has prompted you to get in touch

 

This information is used solely to respond to your enquiry and discuss whether therapy is right for you.

If you decide not to proceed, your information will be deleted within one month, or sooner if you request.

​​

2) If you begin therapy

If we work together, I will collect and store additional information, including (but not limited to):

 

Contact details

Emergency contact details

GP name and surgery

Relevant medical or mental health history

Session notes (brief, factual, and focused on the therapeutic process)

Records of attendance and payments

 

Some of this information may be classed as special category data (such as health-related information). This is collected only where necessary to provide safe and effective therapy.

​

How I Use Your Information

Your information is used to:

​

  • Communicate with you about appointments

  • Provide therapy and maintain continuity of care

  • Fulfil ethical, professional, and legal responsibilities

  • Maintain accurate financial records for tax purposes

 

I do not sell or use your data for marketing purposes.

​

Lawful Basis for Processing

Under UK GDPR, I must have a lawful reason for processing your data. These include:

​

  • Contractual necessity – to provide therapy and respond to enquiries

  • Legitimate interests – for record-keeping and professional practice

  • Legal obligation – for accounting and tax records

  • Provision of healthcare – for processing special category data

 

Confidentiality and Its Limits

Everything shared in therapy is treated as confidential. However, confidentiality may be broken in specific circumstances, including:

​

  • If there is a serious risk of harm to you or someone else

  • If disclosure is required by law (e.g. safeguarding, terrorism, money laundering)

  • With your explicit consent

  • During professional supervision (shared anonymously)

 

Where possible, I will discuss this with you before taking any action.

​

Data Storage and Security

Your information is stored securely:

​

  • Electronic records are password-protected and encrypted

  • Paper records (if any) are stored in locked, secure storage

  • Client notes are stored separately from identifying information where possible

 

I take reasonable technical and organisational steps to protect your data. While no system is completely risk-free, care is taken to minimise risk at all times.

​

How Long I Keep Your Information

​

  • Enquiry data (if therapy does not begin): up to 1 month

  • Contact details after therapy ends: up to 6 months

  • Therapy notes and records: 7 years after the end of therapy

  • Financial records: 7 years (as required by HMRC)

  • Emails/texts: up to 1 year (or sooner upon request)

 

After these periods, data is securely deleted or destroyed.

 

Third Parties

I do not routinely share your personal data with third parties. Information may only be shared where necessary, such as:

​

  • Emergency services if there is immediate risk

  • Professional supervision (anonymised)

  • Legal requirements

 

I do not transfer your data outside the UK.

 

I may use secure IT services (e.g. Microsoft 365 or secure video platforms) that comply with UK data protection standards.

 

Cookies and Website Data

My website may collect limited technical information such as:

​

  • IP address

  • Browser type

  • Pages visited

 

This helps the site function properly and improve user experience. You can control cookies through your browser settings.

 

Your Rights

You have the right to:

​

  • Access the personal data I hold about you

  • Request correction of inaccurate data

  • Request deletion of your data (where legally possible)

  • Restrict or object to processing

  • Request data portability

 

These rights are not absolute, but I will always respond fairly and transparently. To make a request, please contact me in writing.

 

More information about your rights is available at:
https://ico.org.uk/your-data-matters/

 

Complaints

If you have concerns about how your data is handled, I encourage you to contact me first so we can try to resolve the issue together.

​

You also have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint

 

Contact Details

Third Path Therapy
Reece Clarke
Email: [your email address]
Location: Nottingham, UK (online practice)

Privacy Policy

bottom of page