Clear Mind Therapy Suzie Shepperson Individual and Couples Counselling and Therapy in Surrey

Clear Mind Therapy

Privacy Notice

Data Controller: Suzie Shepperson
Practice: Clear Mind Therapy
Email: clearmindtherapy@icloud.com
ICO Registration Number: ZA239778

Document Version: 1.0
Effective Date: June 2026
Review Date: June 2027

Data Protection Queries

As a sole practitioner, I am not legally required to appoint a Data Protection Officer (DPO).

If you have any questions about how your personal information is collected, used, stored, protected or shared, or if you wish to exercise your rights under data protection law, please contact me:

Suzie Shepperson
Data Controller
Email: clearmindtherapy@icloud.com

I am responsible for ensuring that your personal data is processed in accordance with UK data protection legislation and relevant professional standards.

Introduction

Your privacy is important to me.

This Privacy Notice explains how I collect, use, store, protect and share your personal information when you engage with Clear Mind Therapy for counselling, psychotherapy, supervision, training or related professional services.

I process personal information in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Professional and Ethical Framework of the British Association for Counselling and Psychotherapy (BACP)
  • Other applicable legal and regulatory requirements

Please read this notice carefully. If anything is unclear, I will be happy to discuss it with you.

Your Rights

Under UK data protection law, you have the right to:

  • Be informed about how your personal data is used
  • Access the personal data I hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data where appropriate
  • Request restriction of processing in certain circumstances
  • Object to certain types of processing
  • Request portability of your data where applicable
  • Withdraw consent where consent is used as the lawful basis
  • Complain to the Information Commissioner’s Office (ICO)

What Information I Collect

Personal Information

  • Name
  • Address
  • Telephone number
  • Email address
  • Date of birth (if relevant)
  • Emergency contact details
  • GP details

Health Information

  • Relevant medical history
  • Mental health history
  • Medication information
  • Information relevant to your care

Supervision / Professional Information

  • CV
  • Professional registration details
  • Qualifications
  • Previous supervision history

Administrative Information

  • Appointment records
  • Brief session notes
  • Emails and texts
  • Payment records
  • Invoices

Where Information Comes From

Information is usually collected directly from you.

It may also be received from:

  • GPs
  • Psychiatrists
  • Other healthcare professionals
  • Private medical insurers
  • Employee Assistance Programmes (EAPs)
  • Referring organisations
  • Other professionals acting on your behalf

Why I Collect Your Information

I collect your information to:

  • Provide safe and effective therapy and supervision
  • Assess and support your needs
  • Maintain accurate clinical records
  • Meet legal, insurance and professional obligations
  • Manage appointments and communication
  • Meet accounting and taxation requirements

I do not sell your personal information.

Lawful Basis for Processing

Data Type Purpose Lawful Basis
Contact details Appointments and communication Contract
Clinical / health data Therapy and care provision Health care provision (special category data)
Session notes Clinical practice and supervision Legitimate interests + health care provision
Emergency contact details Safety and safeguarding Vital interests
Financial records Tax and accounting Legal obligation
Supervision records Professional services Contract
Risk/safeguarding data Protection of individuals Legal obligation + vital interests

How Your Information Is Stored

I use appropriate technical and organisational safeguards, including:

  • Locked paper filing systems
  • Password-protected devices
  • Encrypted or secured digital storage where available
  • Restricted access to records
  • Secure deletion or destruction when no longer required

International Data Transfers

Some service providers may process data outside the UK, including:

Apple (iCloud), Google, Microsoft, Zoom, Dropbox, Stripe and PayPal.

Where this occurs, I ensure appropriate safeguards are in place, such as UK adequacy regulations or International Data Transfer Agreements, to protect your data.

Confidentiality and Information Sharing

Information shared in therapy is confidential.

It will only be shared where:

With your consent

  • GP communication
  • Professional reports
  • Insurance reports

Risk of harm

  • Serious risk to you or others
  • Child protection concerns
  • Vulnerable adult safeguarding

Legal requirement

  • Court orders
  • Legal or regulatory obligations

Where possible, I will discuss sharing with you first.

Clinical Supervision

I regularly attend clinical supervision.

Information shared is anonymised wherever possible and limited to what is necessary for safe clinical practice.

Supervisors are bound by confidentiality.

Retention of Records

Record Type Retention Period
Therapy records 7 years after therapy ends (or longer if required by law/insurance)
Supervision records 7 years after supervision ends
Financial records 7 years
Enquiries not taken forward 12 months
Emails/texts Deleted when no longer required unless clinically relevant
Safeguarding records As legally required

Email, Text and Communication

Email and text are used for administration such as appointments and invoices.

These methods are not fully secure, so sensitive clinical information should not be sent unless agreed.

Website, Cookies and Analytics

The website uses cookies to improve functionality and user experience.

Google Analytics may be used to understand website usage in a non-identifiable way.

Non-essential cookies are only used with consent via a cookie banner.

Third-Party Service Providers

I use trusted providers including:

  • Apple iCloud
  • Microsoft 365 / Outlook
  • Google Workspace
  • Zoom / Teams / Meet / FaceTime
  • Stripe / PayPal / UK banks
  • Website hosting providers
  • Accountants and insurers
  • Google Analytics

All providers are subject to appropriate data protection safeguards.

Data Breaches

If a data breach occurs that poses a risk to your rights and freedoms, I will take appropriate action and notify you and/or the ICO where legally required.

Complaints

If you are unhappy with how your data is handled, please contact me first:

clearmindtherapy@icloud.com

You also have the right to complain to:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: https://www.ico.org.uk

Changes to This Notice

This Privacy Notice may be updated periodically to reflect legal or operational changes.

The most recent version will always be available on request or via the website.

Acknowledgement

I confirm that I have read and understood this Privacy Notice.

Client Name: ___________________________
Signature: _____________________________
Date: _________________________________

Change log
17/06/2026

 

 

click
©2026 Suzie Shepperson — powered by WebHealer
Website Cookies  Privacy Policy  Administration