Privacy Statement
​
​​
In order to provide you with the best possible service, I need to collect and maintain your personal contact details and therapy session records. This privacy notice explains how I will manage your personal information from the moment of initial contact to after your therapy has ended. Your privacy is extremely important to me, and you can trust that your personal data will be handled safely, securely, and only for the purposes for which it was provided. I follow current data protection laws, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003. I also adhere to the standards of conduct and perforce set out by the Health Care’s professional Council (HCPC) for protecting client privacy and confidentiality.
Lawful Basis for Processing Your Personal Information
The GDPR requires a lawful basis for processing personal data. For clients who have completed therapy, I process your personal information under the lawful basis of legitimate interest. If you are currently in therapy or considering it, I will process your personal data as necessary to fulfill our contract. Special category data, such as sensitive information you may share, is handled appropriately under the lawful basis of providing health treatment (therapy) and fulfilling a contract with a healthcare professional Louise Anderson,
​
How Your Information Is Used
Your personal data will only be used for administering the therapy service I provide, such as scheduling or rescheduling appointments. I will retain your personal information only as long as necessary, in accordance with guidelines from the Information Commissioner’s Office (ICO).
-
Initial Contact: When you first reach out to book an appointment, I will collect brief information, such as your name and contact details, to manage the booking. This data is essential for informing you of any unforeseen changes to your appointment. If you decide not to proceed with therapy, I will delete your personal data within one month unless you request earlier deletion.
-
During Therapy: Your contact details, such as email or phone number, may be used to confirm appointment times or send therapy-related information, as agreed. A personal details form, completed during your first appointment, includes your name, address, date of birth, and GP contact information. This form is stored securely, and I will not contact your GP without prior discussion unless there is a duty of care that necessitates it.
-
Confidentiality: I am committed to keeping our sessions confidential. Confidentiality will only be broken under legal or ethical obligations, such as disclosing abuse, neglect, or if you pose serious harm to yourself or others. In such cases, I will aim to inform you before taking any necessary action, unless safeguarding issues prevent this. I may discuss our work with my colleagues, but this will be done without revealing your identity.
I maintain brief notes of our sessions to track our progress, which are stored securely and separately from your personal details. -
After Therapy: I retain therapy notes for seven years after therapy ends, as per industry guidelines. These notes do not include any personally identifiable information. After this period, your notes will be confidentially destroyed. Your personal details form will be destroyed at the end of therapy, except for essential records like your name, date of birth, and client reference number, which are kept for legal purposes.
-
​
Sharing Your Information with Third Parties
I may share limited personal data with third parties, such as an accountant for invoicing purposes or reception staff for booking appointments. These third parties are carefully selected, and your data will only be used for the specific purposes for which it was provided. Your information will never be sold or shared for marketing, research, or other purposes without your explicit consent.
​
If a third party, such as your employer, pays for your appointments, only attendance details will be shared for invoicing purposes. Information discussed during your sessions will remain confidential unless you provide written consent for its disclosure.
​
Data Security
I take data security very seriously. My email account is password-protected, and devices used to communicate with you are equipped with security measures such as antivirus software. Unnecessary email correspondence will be deleted within one month; if it needs to be retained, it will be printed and stored securely.
​
Website Visitors
When visiting the cognisance website, you consent to the collection and use of information as described in this privacy notice. The website does not store data from the contact form, which instead sends it to me via encrypted email. The site uses cookies and Google Analytics to collect anonymous data on website usage, helping improve the site’s functionality. You can opt-out of Google Analytics if you wish to do so.
​
Your Rights
Under the GDPR, you have rights regarding the personal data I hold about you. These include the right to access, correct, delete, or restrict processing of your personal data. In some cases, I may be unable to comply with a request, for example, if required by law to retain certain records. For more information about your rights, please visit ico.org.uk/your-data-matters.
If you wish to exercise any of these rights, please contact
Complaints
If you have concerns about how I handle your personal data, please contact Louise Anderson at
​
If you wish to make a formal complaint, you can reach out to the ICO, which oversees data protection law in the UK. More information is available at ico.org.uk/make-a-complaint.
​
Changes to this Privacy Notice
This notice may be updated periodically, so please check back for any changes.