top of page

Privacy Policy

Concentric Water Ripples

About this privacy policy

This privacy policy explains how I collect, use, store and protect your personal information when you make an enquiry, attend assessment or therapy sessions, or otherwise communicate with me in relation to psychotherapy services. It is intended to meet the transparency requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data controller

I am the data controller for the personal information I hold about you. My details are:

  • Name: Lenka Horakova

  • Practice name: BGrounded

  • Contact details: lenka@bgrounded.co.uk; www.bgrounded.co.uk

  • Practice address: 174 London Road, Coventry, West Midlands, CV3 4BW

  • ICO registration number: ICO Registration Reference: ZA537676

  • BACP registration Number: 00800588

Mountains

What personal information do I collect?

I may collect and hold the following types of personal information, depending on the nature of our work together:

  • Your name, date of birth, address, telephone number and email address.

  • Emergency contact details, where provided.

  • GP or other healthcare professional details, where relevant.

  • Information you provide in enquiry forms, assessment forms, contracts, consent forms or correspondence.

  • Brief session notes and records relating to appointments, attendance, cancellations, fees and payments.

  • Relevant health, mental health, personal history, family, relationship, employment or risk information that you choose to share as part of therapy.

  • Information needed to comply with professional, legal, ethical, insurance, accounting or safeguarding obligations.

 

Some of the information I process is special category data under UK data protection law. This includes information about your physical health, mental health, personal history, relationships, risk, or other sensitive matters discussed in therapy. I process this type of information because it is necessary for the provision of psychotherapy services, including assessment, therapeutic work, record keeping, professional supervision, safeguarding, and meeting legal or professional obligations. This information is handled with additional care, confidentiality, and security, and I collect and use only what is relevant to our work together.

 

Why do I use your information?

 

I use your personal information only when necessary and appropriate for providing psychotherapy services and managing my private practice. This may include:

 

  • Responding to enquiries and arranging appointments.

  • Assessing whether therapy is suitable and safe for you.

  • Providing psychotherapy and maintaining appropriate clinical records.

  • Communicating with you about appointments, fees, cancellations or practical matters.

  • Managing payments, invoices and basic accounting records.

  • Meeting professional, ethical, legal, safeguarding and insurance obligations.

  • Obtaining confidential clinical supervision, where appropriate, to support safe and ethical practice.

 

Lawful basis for processing

 

For ordinary personal information, I usually rely on one or more of the following lawful bases under UK GDPR: contract, where processing is necessary to provide therapy services or take steps before entering into a therapy agreement; legitimate interests, where processing is necessary to manage a safe, ethical and effective private practice; and legal obligation, where I am required to keep or disclose information by law.

 

For special category data, such as information about health or mental health, I rely on the relevant condition for the provision of health or social care, and, where applicable, on safeguarding, legal claims, vital interests or explicit consent. I will only process special category data where it is necessary for the purpose for which it is collected.

 

 

Confidentiality and when information may be shared

 

Information you share with me is treated as confidential. I will not share your personal information with third parties without your consent unless there is a legal, safeguarding or ethical reason to do so. This may include situations where there is a serious risk of harm to you or another person, concerns about the safety of a child or vulnerable adult, a legal requirement such as a court order, or a need to defend or establish a legal claim.

 

Your information may be accessed or processed by carefully selected service providers who support the running of my practice, such as secure email, cloud storage, practice management, video consultation, IT support, accounting or payment providers. Where relevant, these providers are expected to handle information securely and in line with data protection requirements.

 

I may discuss aspects of my clinical work in confidential supervision. Identifying details are kept to the minimum necessary wherever possible. If I need to share information with your GP, another health professional, an emergency contact, insurer, solicitor, police, social services or another organisation, I will normally seek your consent first unless it is not appropriate or possible to do so.

 

I am a member of the British Association for Counselling and Psychotherapy (BACP) and work in accordance with its ethical framework and professional standards. This includes maintaining appropriate records, engaging in professional supervision, and managing confidentiality, safeguarding and complaints in line with professional expectations.

 

How information is stored and protected

 

I take reasonable steps to keep your personal information secure. Electronic records are stored using password-protected and secure systems. Paper records, if used, are kept securely, and access is restricted. I aim to collect only the information needed for the purposes set out in this policy and to keep it accurate and up to date where possible.

 

Please note that email and text messages may not be fully secure methods of communication. I recommend that sensitive clinical information be discussed in sessions wherever possible, unless we have agreed on another appropriate method.

 

How long is the information kept?

 

I keep client records only for as long as necessary for professional, legal, ethical and insurance purposes. My usual retention period is 7 years after our last contact. If the work relates to a young person, records may need to be kept for longer, for example, until the young person reaches adulthood, plus an additional retention period. After the relevant retention period, records will be securely deleted, shredded or otherwise destroyed.

 

Your data protection rights

 

Under UK data protection law, you have rights in relation to your personal information. These may include the right to request access to your personal information, to ask for inaccurate information to be corrected, to request erasure in certain circumstances, to request restriction of processing, to object to certain processing, and to receive information about how your data is used.

 

Some rights are not absolute and may be limited by legal, safeguarding, confidentiality, insurance or professional obligations. For example, I may need to retain certain records even if you ask for them to be deleted, where this is necessary for legal or professional reasons.

 

Consent and withdrawal of consent

 

Where I rely on your consent for a specific purpose, you may withdraw that consent at any time by contacting me. Withdrawing consent will not affect the lawfulness of processing carried out before consent was withdrawn. Some information may still need to be processed where another lawful basis applies, such as legal obligation, contract, legitimate interests, safeguarding or legal claims.

 

 

Requests, concerns or complaints

 

If you would like to make a request about your personal information, or if you have any questions or concerns about how your information is handled, please contact me using the details above. I will respond as soon as reasonably possible and normally within one month, unless the request is complex.

 

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters. You can find further information from the ICO directly.

bottom of page