Policies

Privacy Notice

Dana Baboe
Hansby Drive, Speke, Liverpool
Tel: 07850 426400
Email: [email protected]

1. Introduction

As a trainee therapist, I am the Data Controller and Data Processor for all personal information I collect from my client(s). I take confidentiality and data protection seriously and handle all data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Lawful Basis for Processing

The lawful basis on which I process personal data is Legitimate Interests. This means that the data I collect is necessary for providing therapy and is information you would reasonably expect me to hold and use.
For certain special categories of personal data (for example, health-related information), I rely on your explicit consent to hold and process it for therapeutic purposes.

3. Data I Collect

If you enquire about therapy, I may hold any information you provide via email, text, or message.
If you engage in therapy with me, I may hold:

Basic details (name, email address, phone number)
Information you share during sessions
Audio recordings of sessions (for training and reflection purposes)
Session notes and intervention records
Correspondence between us (emails, texts, messages)
Information received from third parties (e.g. GP, EAP, insurance provider)

Some of this may include special category data relating to your health or personal circumstances.

4. Purpose and Sharing of Data

Your data is used solely to:

Provide therapy and manage our therapeutic relationship
Support training and reflective learning in my development as a therapist
Comply with professional, ethical, and legal requirements

Your data will not be shared with anyone unless required by law or ethical duty (e.g. if there is a risk of harm to yourself or others, or if required by a court of law).
If there is ever a need to contact your GP or another relevant professional, this will be discussed with you first whenever possible.

5. Data Storage and Security

I use the following secure systems and storage measures:

Emails – stored on a secure, password-protected email server.
Texts/messages – stored on a password and fingerprint-protected mobile phone.
Session notes – stored in a locked filing cabinet.
Audio recordings – stored on an encrypted, password and fingerprint-protected hard drive.
Appointments and reminders – managed via Carepatron, a GDPR-compliant, secure practice management platform. Only your basic contact details (e.g. name, email, appointment times) are stored.
- Carepatron uses industry-standard encryption and data protection protocols.
- Once therapy ends, your details are deleted from Carepatron, and the platform permanently removes them in line with GDPR requirements.

6. Data Retention

All data (except Carepatron data) is retained for 7 years after therapy ends, in line with insurance and professional requirements.
After 7 years, paper records are shredded and electronic files permanently deleted.
Audio recordings are deleted once no longer required for supervision or reflective purposes.

7. Data Security Measures

I maintain appropriate technical and physical safeguards, including:

Password and biometric protection for all devices
Encrypted storage of electronic files
Regular updates and antivirus protection
Secure deletion and shredding of data when retention periods expire

If a data breach occurs, I will notify the Information Commissioner’s Office (ICO) and any affected individuals within 72 hours, and take all reasonable steps to minimise harm.

8. Your Rights

Under GDPR, you have the following rights:

Access – to request copies of your data
Rectification – to correct inaccurate information
Erasure – to request deletion of your data
Restriction – to temporarily limit processing of your data
Portability – to receive your data in a transferable format
Objection – to certain types of processing (I do not use your data for marketing, profiling, or automated decision-making)

Requests will be completed as soon as possible and within 30 days, except in cases of illness or leave, in which case you will be informed.

9. Contact

If you have any concerns or wish to exercise your data rights, please contact:
📧 [email protected]
📞 07850 426400

If your concern is not resolved, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Disclosure Statement

Dana Baboe
Hansby Drive, Speke, Liverpool
Tel: 07850 426400
Email: [email protected]

1. The key to successful therapy

There has been a lot of research conducted to discover what makes therapy work and consistently the findings show that the key factor is the relationship that develops between therapist and client. The other most important thing is that the therapist adapts to the client’s characteristics, culture and preferences.

2. My commitment to you

All relationships are based on trust, and the therapeutic relationship is no different so I will always do my best to understand you and your issues without making any presumptions. Everyone is different and you are entitled to be you and to hold your views about the world. If I struggle to understand, I will ask. I will not judge you and I will presume good intent. I will also be honest so that you will always know where you stand with me.

3. What you can talk about

It is common for clients to be worried about disclosing information, wondering if it is safe to do so. I offer you this list of some things (and there are many others) that clients may have experienced and which can be discussed subject to the requirements for disclosure which appear on the following page:

Abuse: domestic, sexual, physical or emotional (past or present).
Self-harm or suicidal thoughts/attempts.
Guilty secrets.
Problems with eating (e.g. bingeing or purging).
Criminal convictions (see below for current criminal activity).
Disturbing thoughts or wishes.
Sexual issues.

4. Requirements for disclosure

Having given examples of things that you can discuss with me, it’s important that you know that the law forbids our normal confidentiality if:

I become aware of information that I either know or believe might help prevent another person from carrying out an act of terrorism or might help in bringing a terrorist to justice in the UK, or about specified activities related to money and property used to assist terrorist activities.
If I observe physical signs that an act of female genital mutilation may have been carried out on a girl under the age of 18 or I am informed by a girl under the age of 18 that she has undergone an act of female genital mutilation.
The police request information about the driver of a vehicle at the time of an offence it must be disclosed by me as failure to do so would constitute a criminal offence on my part.
I become aware of drug trafficking or money laundering that may be required to be reported under the Drug Trafficking Act 1994, Proceeds of Crime Act 2002 or the Money Laundering Regulations 2007, if this happens, I may seek legal advice as to any statutory duty.
I must disclose information that I am ordered to by a court or by a statutory request for access to personal data made under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

I may break our normal confidentiality if I become aware (or have good reason to suspect) that you have knowledge of:

A past, present or future incident/situation that may be dangerous or harmful to you, another adult or a child and that is not known to the relevant authorities.
Future or past criminal activity that has not been resolved in law. This means any criminal activity, of which the relevant authorities are either unaware or a case they know about which they consider not to be closed (provided you do not present information in therapy that would reasonably re-open the case). This does not include parking or traffic offences unless there is intent, by you or anyone else, to cause danger to yourself or others, or that it is deemed to be a serious offence. In such circumstances, I will work with you to see if we can work together to make appropriate disclosures. For our purposes, a serious offence is:

‘Murder, manslaughter, rape, treason, kidnapping, child abuse or other cases where individuals have suffered serious harm or there is serious harm to the security of the state or to public order and crimes that involve substantial financial gain and loss.’

Other than as required by law, I may discuss your case with my clinical supervisor, my clinical supervisor will have access to your details if I am suddenly unavailable to contact you and offer you ongoing care. I may talk or write to your GP but I will not give any personal details beyond what we are working on.