top of page

GDPR Privacy Policy

This Privacy Policy outlines how Laura Southwick ("I", "me", "my") collects, uses, stores, and protects your personal information when you use my psychotherapy services. I am committed to protecting your privacy and handling your data in a transparent and secure manner, in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws in the UK.

​

1. Who I Am (Data Controller)

The data controller responsible for your personal information is:

Laura Southwick, Psychotherapist, Becoming Mother, laura@becoming-mother.com

​

2. Information I Collect

I collect personal information to provide you with safe, effective, and ethical psychotherapy services. This may include:

  • Contact Information: Name, email address, phone number, and postal address.

  • Demographic Information: Date of birth, gender, and relevant family details (e.g., relationship status, number and ages of children).

  • Health Information (Sensitive Data): Details about your physical and mental health, medical history, medications, and relevant personal history (including experiences of pregnancy, birth, and postpartum). This is crucial for understanding your therapeutic needs.

  • Session Notes: Brief, anonymised notes taken during or immediately after sessions, capturing key themes and my clinical reflections.

  • Communications: Records of emails, phone calls, and other correspondence between us.

  • Payment Information: Details related to billing and payments (though I do not store full credit card details if processed by a third-party payment provider).

​

3. How I Collect Your Information

I collect information in the following ways:

  • Directly from You: When you contact me via my website's enquiry form, email, phone, or during initial consultations and ongoing therapy sessions.

  • From Referrals (with your consent): If you are referred by another healthcare professional, I may receive information from them with your explicit consent.

​

4. How I Use Your Information (Lawful Basis for Processing)

I use your personal information primarily to provide you with psychotherapy services. My lawful bases for processing your data under GDPR are:

  • Legitimate Interest: To respond to your enquiries, manage my practice, for my own clinical supervision, and for administrative purposes (e.g., scheduling, billing).

  • Contractual Obligation: To fulfil my agreement to provide you with psychotherapy services.

  • Legal Obligation: To comply with legal requirements, such as professional body guidelines (e.g., BACP ethical framework) or safeguarding duties.

  • Vital Interests: In rare cases, where necessary to protect your vital interests or those of another person (e.g., if there is a risk of serious harm).

  • Explicit Consent (for Sensitive Data): For sensitive categories of personal data (health information), I rely on your explicit consent for the provision of healthcare services. You provide this consent when you agree to engage in therapy with me and sign my therapeutic contract. You can withdraw your consent at any time, but this may affect my ability to provide therapy.

Your information is used to:

  • Provide safe, effective, and personalised psychotherapy.

  • Arrange, reschedule, and manage your appointments.

  • Process payments and issue invoices.

  • Communicate with you regarding your therapy.

  • Maintain accurate and confidential clinical records.

  • Engage in clinical supervision, as required by my professional body (BACP), where your identity is protected.

  • Manage and improve my services.

  • Comply with legal and ethical obligations.

​

5. How I Store Your Information (Data Security)

I take the security of your personal information very seriously. I implement robust technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, or destruction.

  • Digital Data: Stored on password-protected devices with encryption where appropriate (e.g., cloud storage for notes/records). My devices are secured.

  • Paper Records: Minimal paper records are kept, securely stored in a locked filing cabinet.

  • Communication: Emails are sent via secure, encrypted services. Phone calls are conducted on private lines.

  • Supervision: My clinical supervision sessions are confidential, and your identity is anonymised when discussed.

  • Website: My website uses SSL encryption (HTTPS) to secure data submitted via forms.

​

6. Data Retention

I retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements.

  • Clinical Notes and Records: I am required by my professional body (BACP) and professional indemnity insurers to retain client records for a minimum of 7 years after the end of our therapeutic relationship, or up to the client's 25th birthday (if the client was under 18 at the time of therapy), whichever is longer.

  • Enquiry Information: If you do not become a client, I will delete your enquiry information within 6 months.

​

7. Sharing Your Information

I do not share your personal information with third parties except in the following limited circumstances:

  • With Your Explicit Consent: If you explicitly request or agree for me to share information (e.g., with your GP or another healthcare professional for continuity of care).

  • Clinical Supervision: I regularly engage in clinical supervision with a qualified supervisor, as per BACP guidelines. In supervision, your case may be discussed to ensure ethical and effective practice, but your identity will always be fully anonymised.

  • Duty of Care/Legal Obligation: In rare situations where there is a legal or ethical obligation to disclose information (e.g., if I believe you or another person is at serious risk of harm, or if compelled by a court order). I would always aim to discuss this with you first, if possible.

  • Third-Party Service Providers: I may use trusted third-party services for administrative purposes (e.g., online payment processors, secure video conferencing platforms). These providers are carefully selected for their commitment to data protection and operate under strict data processing agreements.

​

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • The right to be informed: About how your data is used (which this Privacy Policy aims to do).

  • The right of access: To request a copy of the information I hold about you.

  • The right to rectification: To have inaccurate data corrected.

  • The right to erasure ("the right to be forgotten"): To request that your data be deleted, though this right is not absolute and may be limited by my legal or ethical obligations to retain records.

  • The right to restrict processing: To limit the way I use your data in certain circumstances.

  • The right to data portability: To request your data in a structured, commonly used, and machine-readable format.

  • The right to object: To certain types of processing.

  • Rights in relation to automated decision-making and profiling: Which I do not engage in.

To exercise any of these rights, please contact me using the details provided above. I will respond to your request within one month.

​

9. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my practices or legal requirements. I will notify you of any significant changes by posting the updated policy on my website.

​

10. Complaints

If you have concerns about how I handle your personal data, please contact me directly in the first instance so I can address your concerns. If you are not satisfied with my response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 Website: https://www.ico.org.uk

bottom of page