Privacy Policy

1. Introduction

Welcome to Stephanie Gooding’s Privacy Policy. Our commitment to your privacy and the protection of your personal data is paramount. This policy outlines how we handle the personal data you share with us through our website, whether you're just visiting, booking an appointment, or signing up for our newsletter.

Our practice operates within the strictures of the General Data Protection Regulation (GDPR) and complies with relevant UK laws, ensuring that your personal data is processed responsibly, transparently, and securely. We collect and use your data solely for the purposes of providing you with the highest standard of psychological services, improving your experience on our site, and communicating with you as detailed herein.

Should you have any questions about this policy or how we handle your data, please feel free to contact us at hello@stephaniegooding.co.uk.


2. Data Controller Information

The data controller responsible for your personal data is Stephanie Gooding, a Chartered Counseling Psychologist registered with the Health Care Professions Council (HCPC) under registration number PYL33222 and a full member of the British Psychological Society 165060. Our practice is committed to adhering to the HCPC's standards of conduct, performance, and ethics, ensuring your personal data is handled with the utmost care and professionalism.

3. Type of Personal Data Collected

We collect and process the following personal data:

  • Full Name and Contact Information: To identify you and communicate regarding appointments and services.

  • Email Address: To send appointment confirmations, reminders, and, if opted-in, our newsletter.

  • General Practitioner (GP) Details: To liaise with your GP as necessary for your continuity of care, with your consent.

  • Emergency contact: in case of accident or illness during an outdoor course which requires emergency treatment. 

  • Therapy Session Notes: If you have 1:1 sessions, to maintain a record of your therapy sessions, supporting the continuity and quality of your care.

  • Personal information collected when applying Earthworks courses, to be aware of present issues to facilitate psychological safety and to help you to get the most useful content from the outdoor programmes.

This data is collected directly from you through our website forms, during therapy sessions, or in communications with our practice.

4. Legal Basis for Processing Personal Data

Our processing of your personal data is based on the following legal grounds under the GDPR:

  • Consent: You have given clear consent for us to process your personal data for specific purposes such as email communication and therapy notes.

  • Contractual Necessity: Processing your personal data is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract, such as scheduling appointments.

  • Legal Obligation: We are required to process certain data, like therapy session notes, to comply with legal obligations, including those set by the HCPC.

5. Data Storage and Security

Our practice takes the security of your personal data very seriously. Personal data is stored securely in the following ways:

  • Physical Records: Stored in a locked storage cabinet accessible only by Stephanie Gooding.

  • Digital Records: Including email addresses and therapy session notes are stored on encrypted cloud storage services, such as Evernote, which are password protected and accessible only by Stephanie Gooding.

We implement robust security measures, including encryption and password protection, to prevent unauthorized access, disclosure, alteration, or destruction of your personal information.

It is important to note that every system cannot be 100% secure, however, we do everything within our capabilities to ensure that your information is stored as securely as possible.

6. Supervision and Tape Recording of Sessions

Supervision is a standard practice intended to ensure the quality of psychological therapy. During supervision, client confidentiality is maintained, with only first names mentioned and no other identifying details shared.

Tape recording of sessions is conducted only with your explicit consent and for the purpose of supervision only. These recordings are securely stored on a password-protected and encrypted device and are destroyed after use.

7. Data Retention Policy

We retain personal data for a period of 7 years following the conclusion of your therapy to offer continuity of service. Should you request the earlier destruction of your notes, we will accommodate your request in accordance with legal and ethical guidelines.

8. Data Subject Rights

Under GDPR, you have several rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.

  • Rectification: You can ask us to correct any inaccuracies in your data.

  • Erasure: Also known as the "right to be forgotten," allowing you to have your data deleted.

  • Restrict Processing: You can ask us to pause processing your data under certain conditions.

  • Data Portability: You can receive your data in a format that can be transferred to another controller.

  • Object: You can object to the processing of your data in certain circumstances.

  • Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing.

9. Data Sharing and Third Parties

Your data may be shared with third parties, such as your GP, only with your consent or for legal reasons. We will not share your information without your consent unless required by law.

10. Contact Information for Privacy Concerns

For any concerns or to exercise your GDPR rights, please contact Stephanie Gooding at hello@stephaniegooding.co.uk, +44 7565 882517. 

11. Changes to the Privacy Policy

This policy may be updated to reflect changes in legal requirements or our data handling practices. Users will be informed of any significant changes through our website or direct communication.

12. Compliance and Cooperation with Authorities

We are committed to GDPR compliance and will cooperate fully with data protection authorities as required.

13. Complaints Process

Should you have a complaint about how we handle your data, please contact us directly. If the issue is not resolved to your satisfaction, you may file a complaint with the HCPC or the Information Commissioner's Office (ICO).