I aim to be fully compliant with current General Data Protection Regulation (GPDR) legislation and to let you know how I use and protect the data you’ve given me. GDPR replaces the previous Data Protection Act. I wish to be transparent with regard to the processes I have in place. Identifiable information, if shared, will only be used in accordance with this privacy statement. I follow guidance from my governing bodies, United Kingdom Council for Psychotherapy (UKCP) and my insurers Howden.


As a private clinical practitioner and supervisor, I’m considered the data processor and controller in my practice. As the data controller, I process some of your personal data. During the assessment process information such as GP, next of kin, family members and medication are gathered and held. This is anonymised, coded and securely stored. No one but me can access this information.


Data Processing means  obtaining, recording or holding information. The definition is very wide, and most of what I do involves a degree of processing. I  process the personal data I have collected as controller. I maintain records of personal data and processing activities and hold responsibility should there be a breach.


Consent:  This is a primary concern and is separate to other terms and conditions. As my client, you can withdraw consent at any time. I hope to offer you choice and control. As a clinical therapist and supervisor who occasionally uses creative interventions, I want to ensure you know that any drawings or art done in session is yours. A copy may be kept in your data by agreement and will be stored safely and disposed of in a timely manner. I will never use any of your data/artworks for writing, publishing, research or training purposes.


I have monthly ongoing supervision to support and ensure my practice is safe. When I share client material this is always done confidentially, protecting your identity. I name my own supervisors in my supervision agreement to be transparent to those I supervise. Nobody but me has access to any of your data. I will keep this process under review and refresh it if anything changes.


Note keeping:  I do not keep process notes. I keep minimal content notes which I hold for seven years. After this time frame, they're disposed of securely. You have a right to see the information I hold about you should you wish to. You have a right to change any information which you consider to be incorrect. You can also ask me to delete all/any of the information that I hold. There are however some details I need to keep due to legal and professional obligations.


Data Storage:  I promise to keep all sensitive data safely. This involves my anonymising, using passwords and encrypted documents. I keep all sensitive data in a lockable storage facility. I dispose of data by cross cut shredder. I dispose of emails on an appropriate basis eg those with clinical content are maintained as part of your data as part of legal and professional obligations.


While we work together I will store your name and phone number on my smartphone. I only contact you in response to you or concerning appointments. When we discontinue working I will delete your number. I do not engage with clients through any social media.


In the event of a complaint:  Please contact me directly. And if we cannot resolve this you could then contact the Information Commissioner Office ( ICO). I am registered with them and my reference is A       . or Guidance for GDPR Compliance.


Clinical will:  In the event of a sudden cessation of practice eg through an accident, illness, or death, I have appointed a clinical professional executor who will manage things on my behalf. This is arranged for your welfare as my client and every step is taken to ensure GDPR standards are met.

Your data held through my website with 1&1 consists of:


Email Address

Message (the words you typed into the online form)

Email contents and attachments.

Email, electronic and online privacy My web site is protected by a Secure Sockets Layer (SSL) certificate which means that transferred data has a level of level of encryption that is particilarly important for the exchange of sensitive data.  You can identify my website is protected by the SSL protocol by checking the URL address displayed in the browser starts with https:// or "lock icon".


SSL encryption may help to increase your trust in my website.  The encryption strength is up to 256 bits, but the encryption strength actually used between the server and browser is set at the beginning of a session both need to support 256 bits. Otherwise, the next lower level is automatically chosen. For this reason, you advised to always use the latest version of your browser.  1&1 SSL certificates are provided in collaboration with market leader in security technologies, Symantec™.

My computer is protected by firewall and a secure router. The computer is password protected and has a screen saver which times out when inactive after 10 minutes. Data storeage includes any letters that you may have requested I raise on your behalf with your involvement and consent.

Mobile: my smartphone will store your mobile number and your texts. It is password protected and the screen is secured after 60 seconds inactivity.

Hardcopy data privacy: you may have completed some assessment forms for your first session with me and the content is listed below. You were invited to provide information about yourself that you felt would be relevant to me providing you with psychotherapeutic services. Hardcopy materials are kept in lockable storeage.

  1. Self-Report Questionnaire:
    1. who to contact if you are at risk (explained in the working agreement) and any risks to you both historical and present;
    2. your current difficulties, the symptoms you experience and over time. What treatment you sought and how this helped or didn’t help you.
    3. What your experience of your daily life is like and your commitments
    4. who supports you now (eg your partner) and was/is in your life and a brief introduction to your family members and quality of your relationship with them.
    5. If you experience any risk behaviours or you or your child(ren) are at risk from other’s behaviour(s)
    6. Whether you are being supported by prescription medication(s), or risk issues eg prescription medication misuse or your use of recreational drugs or over the counter medications.
  2. Assessment Screeners:
    1. PHQ-9: measures your levels of low mood
    2. GAD7: measures your levels of anxiety
    3. Robson Self Concept Questionnaire: gives an indication about how you feel about yourself.
    4. CORE-10: measure your levels of distress.
    5. AQ10: a referral guide for Autistic Spectrum Conditions as this group of individuals commonly find engaging in psychological therapies challenging. Knowing if someone may have these challenges enables me to discuss and offer a modified psychological therapy to anyone scoring 7/10 or above.
    6. My Goals: what you would like to achieve in your sessions with me.
    7. EDEQ6: eating disorders screener which measures 4 aspects (restricting behaviours, eating concern, weight concern and shape concern)
    8. SEDS: Diagnostic tool for eating disorders to measure Anorexic and bulimic cognitions and behaviours plus measures on 4 underlying factors (perceived external control, assertion, self-esteem and self-directed hostility)

You are under no obligation to complete any of these questions and you may still have access to sessions with me. Please contact me on 07740 587822 if you would like to talk about the information in any of these documents and your concerns.


Your personal data will never be shared with third parties without first obtaining your consent, however, there are times when information, legally, has to be given even without your consent, these would include; child protection, prevention of harm to yourself or others, the investigation or prevention of serious crime including terrorism, or a Court Order.

Health Insurance Providers


Bupa is registered with the Information Commissioners Office, registration number Z6831692.

If you have any questions about how BUPA handle your information, please contact them directly at


If you would like to know moreabout their privacy policy  please click on the "read more" button.

Western Provident Association Ltd (WPA)

WPA state "our website is encrypted using secure sockets layer by VeriSign."


WPA are the Data Controller.

I also have data control and processor roles in your contact with me for psychotherapeutic Services.


If you would like to know more please click on the "read more" button or contact them for information on the use and storeage of your personal data.


Aviva have a separate policy for cookie data storeage.


If you would like to know more please click on the "read more" button or contact them for information on the use and storeage of your personal data.


If you would like to know more please click on the "read more" button or contact them for information on the use and storeage of your personal data.


Please contact Cigna directly for informaiton about your privacy.

Employee Assistance Programmes and Professional Referrals


Validium is the Data Controller and processor. You will have provided them with personal data which is stored on their application. I have access to some of this personal data so that we can engage in a short term contact to provide therapeutic services to you. 

Everyturn Mental Health

Everyturn Mental Health provide information on their safe use of your data and their cookies.


Their policy is clear and is available by clicking on the read more button below.

Find a therapist

Find a therapist is the Data Controller for any personal information you give them.

You need to view their privacy policy for further information on their use and storage of your data.

National Centre for Eating Disorders (NCfED)

When you contact the National centre you may have paid for your initial session and been given information to complete for you to provide context around your difficulties with food, eating and weight.


Please  view their privacy policy about the use and security of your data.

Print | Sitemap
© Debbie Livingston 2001