Privacy Policy

Controller
Mark Frost t/a Thurrock Psychotherapy
ICO Registration: ZB923508

Effective date: 20/07/2025

1. Introduction

Your privacy is important. As a sole trader psychotherapist registered with the UK Information Commissioner’s Office, I’m committed to protecting your personal and therapy information. This policy explains:

  • What data I collect

  • How and why I use it

  • Who I share it with

  • Your rights

  • How to contact me

Before using this website, contacting me, or beginning therapy, please read this policy.

2. Data I Collect

2.1 Website Use

Visiting this site automatically generates limited data about your device and usage—such as browser type, IP address, time zone, cookies, pages viewed, and referral sources. I use this to maintain the site's performance, security, and detect misuse.

2.2 Client and Therapy Information

When you reach out or start therapy, I collect your contact details (name, email, phone, address) and therapy information, including medical history and session notes. I also record payment details for session fees.

2.3 Special Category Data

Sensitive information such as mental health, personal history, or psychological wellbeing is processed under GDPR’s “special category data,” essential for providing safe and effective therapy.

3. Legal Basis for Processing

  • Contractual necessity – to arrange, schedule, and provide therapy services

  • Legal obligation – for record-keeping, tax, insurance, and professional regulation

  • Legitimate interests – to maintain website security and practice management

  • Explicit consent – if required for marketing or optional services (e.g. newsletters)

Special category data is processed under contractual necessity and legal obligations (UK GDPR Article 9(2)(h))

4. How Your Data Is Used

  • To schedule and deliver therapy sessions

  • To process payments and provide receipts

  • To meet legal, insurance, and financial obligations

  • To support clinical supervision, in anonymised form

  • To secure the website and monitor usage

5. Who Your Data Is Shared With

Your data remains confidential. It may be shared when required, including:

  • BACPAC/Mayden, our secure client record processor

  • Accountant, for tax and financial records (anonymised)

  • Clinical supervisor, in anonymised form

  • Legal/safeguarding bodies if required by law

All processors are bound by GDPR-compliant agreements.

6. International Transfers

Processing by BACPAC or other providers may involve servers outside the UK. All transfers meet UK GDPR standards using approved safeguards such as standard contractual clauses.

7. Data Retention

  • Therapy and clinical records retained for at least 7 years post-therapy (extended to 7 years after a minor turns 18)

  • Financial records held for 7 years for legal compliance

  • Website analytics retained up to 24 months

8. How I Protect Your Data

Your data is stored securely:

  • We use an online client management system which conforms to highest levels of security (www.bac-pac.co.uk)

  • Password protection, antivirus software, and secure backups are in place

  • We do not use paper records; paper session notes are transcribed to our electronic system. The paper copies are destroyed.

  • Regular reviews and revision of security measures

Despite precautions, online transmission carries some risk. Report any concerns immediately.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your data

  • Correct inaccuracies

  • Erase data where lawful

  • Restrict or object to processing

  • Receive your data in a portable format

  • Know about automated decision-making (there is none)

Contact me at mark@thurrock-psychotherapy.co.uk to exercise your rights. I’ll respond within one month in line with GDPR regulations.

10. Subject Access Requests

You may request copies of your information at any time, free of charge. Responses will be provided within one calendar month in line with GDPR regulations.

11. Data Breach

In case of a breach, I will notify the ICO within 72 hours and inform affected individuals if there is a high risk to their rights and freedoms.

12. Third-Party Links

This site may link to external sites. I’m not responsible for their privacy policies. Review them before submitting personal data.

13. Policy Updates

This policy may be updated. Changes will be marked at the top and communicated to clients. Continued use signals acceptance.

14. Complaints

If you have concerns, contact me first at mark@thurrock-psychotherapy.co.uk. You may also complain directly to the ICO: https://ico.org.uk/make-a-complaint.

15. Contact Me

For questions or data requests, email:
mark@thurrock-psychotherapy.co.uk

Support

Helping individuals through life's mental health challenges.

Growth
Healing

info@thurrock-psychotherapy.co.uk

07919 593533

© 2025. All rights reserved.

Refer Yourself Here