top of page

I understand how important your privacy is and I take care to maintain your confidentiality in accordance with current data protection laws and the ethical guidelines of the British Association for Counselling and Psychotherapy. In order to provide you with the best service possible, I will hold your personal contact details and records of your therapy sessions. Please find below important information about how this information will be held and used.

My contact details

Telephone: 07906 270893



Your personal information – what I collect, use and why


a) Client information

In order to provide services, you will be asked for:

  • personal contact information

  • relevant information about your lifestyle and health conditions

  • details of the issues you are looking for help with

  • contact information for your GP and an elected Emergency Contact person

If you are referred by your health insurer, I will also collect and use personal data provided by that organisation, including:

  • basic contact/referral information

  • health insurance policy number

  • authorisation for psychotherapeutic treatment


b) Note-taking

I keep notes of each session, for my use only, to keep a track of everything that is being discussed. When relevant, these notes may contain sensitive personal data such as: racial or ethnic origin; religious or philosophical beliefs; health information; sex life information; sexual orientation information.

c) Financial reporting

While I do not collect or store any payment card or bank account details, I do log invoice and payment information in your client record for financial tracking and reporting. 


My lawful bases for collecting and using the personal information (in a to c above) are:

  • Contract (during the period of therapy)

  • Legitimate Interest (for seven years once your therapy with me has ended)


d) Email reminders

Your email address may also be used to send appointment confirmation or reminder emails. You can opt in or out of this service at any time by letting me know.

e) Session voice recording

During your initial session, I will ask for your consent to voice record therapy sessions so that I may listen back and reflect on our work together to enhance the quality of my service to you. You can opt in or opt out at any time by letting me know. 


My lawful basis for collecting or using personal information for (d) and (e) is:

  • Consent


Data Security

All the personal information described above (except voice recordings) will be collected and stored securely in Cliniko, a secure, encrypted and password protected practice management platform, where it can only be accessed by me. 


Voice recordings are stored digitally on a password-protected device. If you send an email to my email address, only I will have access to it. All phones, tablets and laptops used are fully protected with anti-virus software and password protected.



Your personal information will be held for the duration of your therapy, and for a period of seven years after our final session so I can respond effectively to any potential requests regarding your clinical notes and treatment. After this time, it will be permanently deleted from my Cliniko database.

Voice recordings will be permanently deleted by the final session of therapy.


Where I get personal information from

  • Clients directly

  • Health care providers

  • Insurance companies


Who I share information with

I hold your personal and therapy information in confidence. This means that I will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:

  • If your sessions are paid for or arranged via your health insurer, I will share appointment schedules for the purpose of billing and may also share information with that organisation to provide treatment diagnosis and updates, if this is requested. 


In exceptional circumstances, I might need to share personal information with relevant authorities:

  • When there is need-to-know information for another health provider, such as your GP.

  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.

  • When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will try to discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.


Data processors:

1) Cliniko

This data processor securely stores client personal data in a practice management system and hosts our Telehealth video-conferencing calls. You can view Cliniko’s privacy policy here.


2) Google

This data processor hosts the email account for Abi Gray Therapy. You can view Google’s privacy policy here.

3) Wix

This data processor hosts the website for Abi Gray Therapy. 

My website uses essential cookies - you can find the details here. If you use the enquiry form on my website, the personal information you submit will be stored on a Wix server (deleted within one month) and forwarded to my email address.

4) Other organisations:

  • Insurance companies

  • Health care providers

  • Organisations I need to share information with for safeguarding reasons

  • Financial or fraud investigation authorities

  • Emergency services (where necessary)


Sharing information outside the UK

Where necessary, these data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact me for more information.


Your data protection rights

Under data protection law, you have the following rights:

1.   The right to request access to your data

You can request copies of the information that I hold about you at any time. If during therapy you would like to see your session notes, please let me know.

2.   The right of rectification

At any point during your time using my service or during the seven years thereafter, while I retain your records, you have the right to request amendments to your contact details or session notes. 

3.   The right to be forgotten

You have the right to ask me to erase your personal data in certain circumstances. This request can be made by contacting me at

4.   The right to restriction of processing

You have the right to ask me to restrict the processing of your personal data in certain circumstances.

5.   The right to object to processing

You have the right to object to the processing of your personal data in certain circumstances.

6.   The right to data portability

You have the right to ask that I transfer the personal data you gave me to another organisation, or to you, in certain circumstances.

7.   The right to withdraw consent

When I use consent as my lawful basis you have the right to withdraw your consent. 


You don’t usually need to pay a fee to exercise your rights. If you make a request, I have one calendar month to respond to you. To make a data protection rights request, please contact me using the contact details at the top of this privacy notice.


Breaches of data protection

In the event of any breach of my data protection policies, I will notify you and the Information Commissioner’s Office (ICO) within 72 hours and will seek to rectify this immediately.


Raising concerns

Should you have any concerns about my data protection practices, you can raise these directly with me. You can also notify the Information Commissioner’s Office. I am registered with ICO under the reference number ZA503510.

Last updated 1st June 2024

Privacy Policy

bottom of page