Privacy Policy

The information on this page outlines how Anouska Longley (the data controller) complies with General Data Protection Regulation (GDPR) laws.

The lawful basis, and reasons, for processing personal data:

Personal data is necessary for the provision of safe and effective psychological therapy to clients. If you do not provide the personal information requested, it may not be possible to provide a therapeutic service to you.

Anouska Longley has a legitimate interest in using any collected personal data, and sensitive personal data, to provide health treatment. Privacy is taken very seriously. Personal information is only used to provide the services you have requested. No information you provide is passed on without your consent. Your information will never be sold to others.

Personal data that is collected:

Anouska Longley collects and processes the following data from therapy clients:

Personal data: contact information including name, address, email address, contact phone number, video conference ID (if online therapy), GP contact details, next of kin details and insurance information, where relevant.

Sensitive personal data: Signed Therapy Client Agreement, therapy records (therapist notes, letters, reports and/or outcome measures). Details of contact between Anouska Longley and her client, and any financial transactions, will also be recorded.

If you are referred by your health insurance provider, Anouska Longley will collect, process and retain personal information provided by that organisation. This includes basic contact information, referral information, health insurance policy number and authorisations for psychological treatment.

How long store personal data is stored for:

Anouska Longley will only store your personal information for as long as it is required.

The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted securely.

How your personal information is used:

Anouska Longley uses the information collected to:

Provide services to you.
Process payment for such services.

Who personal information may be shared with:

Information is held about each client and the therapy received in strictest confidence. This means that your personal data will not normally be shared with anyone else with the exception of a clinical supervisor (see below). There are further exceptions to this, when there may be an established need for liaison with other parties:

If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then Anouska Longley will share appointment schedules with that organisation for the purposes of billing. Anouska Longley may also share information with that organisation to provide treatment updates.
In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

In exceptional circumstances, Anouska Longley might need to share personal information with relevant authorities:

When there is need-to-know information for another health provider, such as your GP.
When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
When the information concerns risk of harm to the client, or risk of harm to another adult or a child. Anouska Longley will discuss such a proposed disclosure with you unless she believes that to do so could increase the level of risk to you or to someone else.

Clinical supervision:

To uphold standards of professional practice, required by regulatory bodies including the Health and Care Professions Council (HCPC), all registered practitioner psychologists are required to receive regular supervision from a qualified psychologist. During supervision, details only relevant to your treatment will be discussed. Clients will not be identified by name. Supervisory contacts are bound by confidentiality agreements (as above).

Third Party Processors:

Anouska Longley use a number of third parties, who provide IT and system administration services, to process personal data on her behalf. These third parties have been carefully chosen and use Standard Contractual Clauses to comply with EU data protection regulations. These processors include:

Egress Secure Message Portal to view and respond to recent secure emails sent via Egress Protect.
All third party processors are required to respect the security of your personal data and to treat it in accordance with the law. Anouska Longley does not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with the above instructions.

What is NOT done with your personal information:

Your personal information will not be shared with third parties for marketing purposes.

How the security of personal information is ensured:

Personal information is minimised to phone and email communication. Any sensitive personal data which needs to be sent to clients will be transmitted in an email attachment that is password protected or via secure protected transmission. Anouska Longley will never use open or unsecure Wi-Fi networks to send any personal data.

Personal information is stored on a password protected computer. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/thumbprint scanner, mobile security and antivirus software.

A number of administrative and technical measures are kept in place to ensure the safety and security of your personal information. For example:

Encrypted Cloud Storage
Encrypted and secure third-party practice management and invoicing systems (Healthcode, Bupa Provider, Bupa Global, Axa Provider online, Vitality Provider online)
Regularly deleting emails
All smartphones and computers used are password protected
Use of 2 factor authentication wherever possible for added security

Your right to access the personal information held about you:

You have a right to access the information held about you.
This will usually be shared with you within 30 days of receiving a request.
Further evidence from you may be request in order to check and verify your identity.
A copy of requested personal information will usually be sent to you in a permanent form (that is, a printed copy).
You have a right to have your personal information corrected if it is inaccurate.
If you think that data protection laws have not been complied with, you have a right to lodge a complaint with the Information Commissioner's Office.

Anouska Longley reserves the right to refuse a request to delete a client's personal information where this is therapy records. Therapy records are retained fora period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) [1] and The Health and Care Professions Council (HCPC; 2017) [2].

What happens if there is a breach of data security ?

Should there be any breaches with regard to your personal data this will be reported to the ICO within 72 hours together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. The individuals affected will also be informed if this occurs.

All personal data breaches, however minor, and whether reportable or not, are recorded.

For further information about GDPR or to raise concerns about how I am processing your data, please contact the ICO on http://ico.org.uk/concerns or 0303 123 1113

My ICO registration number: ZA142613

Named Data Protection Officer: Anouska Longley

Anouska Longley

Counselling Psychologist

November 2024

The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
Health and Care Professions Council (2017). Confidentiality - guidance for registrants. London: HCPC