Privacy Policy

You may be aware of the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018. GDPR provides a standardised framework for data protection across the UK and EU. This policy outlines how Dr Louise Fernandes collects, uses, stores, and protects your personal information in line with these regulations.

Data Controller

Dr Louise Fernandes is the data controller and is responsible for the processing of your personal data.

What Personal Data Is Collected

Initial Contact

When you first get in touch, the following basic personal information may be collected:

  • Name

  • Email address

  • Contact number

All web services used are verified as GDPR compliant.

During Therapy

Once contact has been established, additional data may be collected, including:

Basic personal data:

  • Name

  • Address

  • Email address

  • Contact number

  • GP details

Sensitive personal data:

  • Signed terms and conditions

  • Therapy records, including therapist notes, letters, reports, and outcome measures

Lawful Basis for Processing

Personal and sensitive data are processed on the basis of legitimate interest, as this information is necessary to provide psychological therapy and related health services.

How Your Information Is Used

Your personal information is treated with care and confidentiality. It is used only to:

  • Provide the services you have requested

  • Manage appointments and communication

  • Process payments

Access to your data is restricted to Dr Louise Fernandes.

Where cases are discussed in clinical supervision, all identifying details are removed.

Sharing of Personal Information

Your information is not routinely shared with third parties. However, it may be shared in the following circumstances:

With Your Consent

  • With your GP or another healthcare professional

  • With a solicitor or case manager where therapy is instructed by a third party

Insurance Providers

Where therapy is funded by health insurance, relevant information such as appointment schedules may be shared for billing and treatment purposes.

Exceptional Circumstances

Information may be shared where necessary:

  • If there is a risk of harm to yourself or others

  • Where required by law, such as a court order

  • Where disclosure is in the public interest

Where possible, this will be discussed with you beforehand unless doing so increases risk.

What Will Not Be Done With Your Data

Your personal information will not be shared with third parties for marketing purposes.

Data Storage and Retention

Your data is stored securely using the following measures:

  • Locked filing cabinets for paper records

  • Password protected devices such as computers, tablets, and phones

Retention Periods

  • Basic data stored on mobile devices is deleted six months after the end of therapy

  • Adult records are retained for 7 years

  • Children’s records are retained until age 25

After these periods, records are securely destroyed and electronic communications deleted.

Data Security

Steps are taken to ensure your information is protected:

  • Devices are password protected

  • Antivirus and malware protection are in place

  • Mobile devices are secured with passcodes or biometric protection

Email communication is kept to a minimum and sensitive information is password protected where appropriate. Invoices may be sent by email and are not encrypted unless specifically requested.

Email services are provided via Gmail.

Your Rights

You have the right to:

  • Request access to the personal data held about you

  • Request correction of inaccurate information

Requests are usually fulfilled within 30 days and may require identity verification.

Requests to delete therapy records may be declined where retention is required under professional guidelines from the British Psychological Society (BPS) and the Health and Care Professions Council (HCPC).

Complaints

If you believe your data has been handled in a way that does not comply with data protection law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Consent

It is important that you understand how your information is used. Please raise any questions or concerns before giving consent.

By proceeding with services, you confirm that you have read, understood, and agree to this Privacy Policy.

Book Appointment