Privacy Policy

---

 Your privacy is very important to me. You can be confident that your personal information will be kept safe, secure, and used only for the purpose it was provided. I adhere to the current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and professional codes of conduct (such as BACP and UKCP).

This privacy notice explains what I will do with your personal information, from the initial point of contact through to after your therapy has ended.

1. Who I Am and How to Contact Me

I am the data controller for the personal information you provide. My contact details are:

• Name:  Victoria Froome
• Phone:  07546431448
• Email:   victoria@dragonflypsychotherapy.co.uk 
• ICO Registration:  ZB904048

If you have any questions about this notice or how I manage your data, please feel free to get in touch.

2. My Lawful Basis for Processing Your Data

I collect, store, and process your personal information under the following lawful bases:

• Contract: When we start therapy together, I process your data to provide my services.
• Legitimate Interests: If you’ve finished therapy, I keep your records to meet insurance and professional obligations, and to respond to any legal claims.
• Consent: Where you give me explicit consent to process special category data (eg sensitive health information).

3. The Information I Collect

The information I collect includes:

• Contact Details: Name, phone number, email address, and emergency contact.
• Personal Details: Date of birth, address, and GP details (if relevant).
• Session Notes: Brief, factual notes about our sessions.
• Correspondence: Emails, text messages, or messages sent via my website or social media accounts.
• Referral Information: If another professional (eg your GP) or a trusted person provides your details to me.

I do not use automated decision-making or profiling with your personal data.

4. How I Use and Store Your Information

• Initial Contact: When you first get in touch, I use your information to respond to your enquiry. If you decide not to proceed, I will delete your information within one month (or sooner if you ask me).
• During Therapy: Everything you discuss with me is confidential. I keep brief session notes in a secure, encrypted system. These notes are anonymised where possible. I do not share your personal information with third parties, except in specific circumstances      outlined below.
• After Therapy: I keep your records for seven years from the end of therapy (or until you turn 25 if you were under 18 at the end of therapy) in line with professional and insurance requirements. After this, I securely destroy them.

5. Confidentiality and When I May Need to Break It

I take confidentiality seriously. However, there are some circumstances where I may need to share information:

• If you disclose involvement in, or knowledge of, an act of terrorism, money laundering, or drug trafficking.
• If you disclose serious harm to yourself or others.
• If there is a safeguarding concern for a child or vulnerable adult.
• If I am required by law or a court order to share information.

I will always try to discuss this with you first, unless safeguarding concerns prevent it.

6. Data Security and Storage

I take all reasonable steps to ensure your data is secure:

• Paper Records: Stored in a locked filing cabinet in a locked room.
• Digital Records: Stored on a password-protected, encrypted device. Backups are made      securely and comply with UK GDPR.
• Emails and Texts: I delete text messages after one week (with relevant information saved in your session notes) and delete unnecessary emails after one week.

I also use security measures such as strong passwords and access controls to protect your information.

7. Data Sharing

I do not share your personal information with third parties except:

• If I use trusted providers for administrative tasks (eg secure practice management software or cloud storage). These providers are under strict contracts and cannot use your data for any other purpose.
• If required by law or by a regulatory body.

8. Your Rights

You have the right to:

• Access the information I hold about you.
• Ask me to correct or complete any inaccurate or incomplete information.
• Request that I delete or restrict the processing of your personal information.
• Object to how I use your data in certain circumstances.
• Lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how I handle your data.

For more information about your rights, visit the ICO’s website: www.ico.org.uk/your-data-matters.

9. Data Breach Protocol

In the unlikely event of a data breach that poses a risk to your rights and freedoms, I will inform the ICO within 72 hours and will notify you as soon as possible.

10. Website Visitors and Cookies

My website uses Google Analytics to collect standard website visitor information (like how many people visit and which pages are most popular). This does not identify you personally.

I use cookies to make the site work efficiently. 

Final Words

I want you to feel confident that your personal information is safe with me. I am always happy to answer any questions you have about how I handle your data or to discuss any concerns.

If you’d like me to make changes to how I store your information, please let me know.

Thank you for taking the time to read this privacy notice.