Client Privacy Policy

Last updated: Thursday 7th August 2025

Daniel Piggott-Stewart is a UKCP-accredited and BACP-registered Psychotherapist committed to protecting Clients’ personal data and privacy. This privacy policy outlines how personal information is collected, used, stored, and protected in the course of therapy, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who is responsible for your data

The Psychotherapist is the data controller for the personal data collected and held in the course of providing psychotherapy services. He is registered with the Information Commissioner’s Office (ICO) under registration number ZB950661.

Contact details:
Daniel Piggott-Stewart
Organisation: DPS Psychotherapy
Email: hello@therapywithdaniel.co.uk

2. What Personal Data is Collected

The Psychotherapist may collect and process the following categories of personal data in the course of providing psychotherapy services:

  • Basic contact details: Name, phone number, email address, GP information

  • Administrative information: Appointment dates/times, payment information (no card details are stored)

  • Health and personal information: Information shared as part of our therapy sessions (e.g. mental health history, life experiences, notes from sessions)

  • Sensitive data (Special Category Data): As defined under Article 9 of the UK GDPR, including information about your mental health, sexual orientation, ethnicity, and other personal matters shared during sessions

3. How Data is Collected

Personal data may be collected by the Psychotherapist in the following ways:

  • When an individual makes an enquiry or books a session

  • During the initial consultation or in the course of ongoing therapy sessions

  • Via secure forms or email correspondence, if applicable

  • From third-party referrers, with the individual’s explicit permission

4. Legal Basis for Processing Personal Data

Under the UK General Data Protection Regulation (UK GDPR), the Psychotherapist relies on the following lawful bases for processing personal data:

  • Contract: To provide and manage the psychotherapy services requested by the Client

  • Consent: For collecting and storing special category (sensitive) personal data; explicit consent is obtained at the outset of therapy

  • Legal obligation: To comply with legal, tax, accounting, and regulatory requirements

  • Vital interests: In rare situations where disclosure of information is necessary to protect the life of the Client or another individual

  • Legitimate interests: To maintain appropriate records for clinical supervision, practice development, or professional insurance purposes

5. How Personal Data is Used

The Therapist uses personal data for the following purposes:

  • To communicate with Clients about appointments and therapy-related matters

  • To provide, review, and manage the psychotherapy services agreed upon

  • To maintain accurate and up-to-date clinical records

  • To issue invoices and process payments

  • To fulfil professional, ethical, and legal obligations (e.g. supervision, insurance, and record keeping)

Personal data is not used for marketing purposes and will never be shared with third parties without the Client’s explicit consent, unless required by law.

6. How Data is Stored and Protected

All personal data is stored securely in accordance with UK GDPR and the Data Protection Act 2018. The Therapist takes appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal information.

Data may be stored in the following formats:

  • Electronic records: Stored on encrypted devices and/or secure, password-protected platforms

  • Paper records (if applicable): Stored in a locked and secure location

  • Emails and online forms: Secured through end-to-end encryption and professional email systems

Access to all data is restricted to the Therapist. No data is shared with third parties unless required by law or with the individual’s explicit consent.

7. How Personal Data is Retained

The Psychotherapist retains Client records for a period of seven years following the end of the therapeutic relationship, in line with guidance from professional bodies and professional indemnity insurers. After this time, all records are securely destroyed.

If Psychotherapy ends before the first full session (e.g. following an initial consultation only), any notes or personal information are typically deleted within three months, unless required for legal or professional reasons.

8. Sharing Personal Information

The Psychotherapist will not share a Client’s personal information without their explicit consent, except in the following situations:

  • Risk of harm: If there is reason to believe the Client, or someone else, is at serious risk of harm

  • Legal obligation: If disclosure is required by law or court order (e.g. under legislation relating to safeguarding, terrorism, or criminal activity)

  • Professional requirements: If disclosure is required by the Psychotherapist’s insurer or professional accrediting body

  • Clinical supervision: To ensure ethical and effective practice, the Psychotherapist discusses clinical work in supervision. Client identities are anonymised wherever possible, and supervisors are bound by professional confidentiality

  • Incapacity or death of the Psychotherapist: In this unlikely event, a Clinical Executor may access Client contact details to manage the transition. See Section 12 for more information.This process is governed by strict confidentiality and data protection standards

In all other circumstances, the Therapist will only contact or share information with third parties (e.g. a GP, solicitor, or other healthcare provider) with the Client’s prior written consent.

9. Client Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR), Clients have the following rights regarding their personal data:

  • The right to access the personal data held about them

  • The right to rectify inaccurate or incomplete data

  • The right to request erasure of data, in certain circumstances

  • The right to restrict or object to the processing of data

  • The right to data portability, where applicable

  • The right to withdraw consent at any time (where processing is based on consent)

  • The right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk

Requests to access, amend, or delete personal data should be made in writing. The Psychotherapist will respond within one calendar month, in accordance with GDPR requirements.

This privacy policy applies only to the personal data collected and processed directly by the Psychotherapist in the course of providing psychotherapy services.

If a Client finds or contacts the Psychotherapist through a third-party platform (such as the UKCP, BACP, Psychology Today, or other directory websites), they are encouraged to consult the privacy policies of those platforms directly. The Psychotherapist is not responsible for how those websites collect, store, or process personal data.

10. Complaints

If a Client has any concerns about how their personal data is handled, they are encouraged to contact the Psychotherapist in the first instance to discuss and resolve the issue. If the concern cannot be resolved, Clients have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection:

www.ico.org.uk
Telephone: 0303 123 1113

11. Changes to This Policy

This privacy policy may be updated periodically to reflect changes in the law, professional guidelines, or the Psychotherapist’s practice. The most current version will always be available on the Psychotherapist’s website or provided upon request.

12. In the Event of Incapacity or Death

In the unlikely event that the Psychotherapist becomes physically incapacitated or dies while a Client is still in therapy, a qualified psychotherapist appointed as the Clinical Executor will access the Client’s contact information to inform them of the situation and offer appropriate support, such as referral options.

Client contact details are securely stored in encrypted form via clinicalwill.app, a GDPR-compliant service designed for this specific purpose. The Clinical Executor is professionally and ethically bound to maintain strict confidentiality and will only use the Client’s data to manage this transition in accordance with data protection legislation and professional standards.

13. Client Consent

By engaging in therapy, you will be invited to give your informed consent in writing before any personal or sensitive data is collected, stored, or shared. This includes:

  • Consent for your personal data to be collected, stored, and processed as outlined in this Privacy Policy

  • Consent for data to be shared only in specific circumstances (e.g. risk of harm, legal obligations, supervision, or clinical will execution)

  • Optional consent for anonymised material from our work to be used for professional purposes such as supervision, training, or writing

You are free to decline or withdraw your consent at any time. This will not affect the quality or availability of therapy, though it may affect which services I can safely and ethically provide.

A written consent form is provided before therapy begins. You are encouraged to ask questions or request changes if needed.

14. Cookies and Tracking

This website does not use cookies, tracking technologies, or analytics tools. No personal data is collected automatically when you visit www.therapywithdaniel.co.uk.

Your visit is not monitored, and no consent banner is required because no non-essential cookies are in use.

If this changes in future (for example, if analytics tools are added), this Privacy Policy will be updated and a cookie banner will be introduced in line with UK GDPR and PECR requirements.