PRIVACY POLICY

1. Introduction

At Georgina Gibbs Therapy Ltd. (the “Therapist”, “we”, “our”, “us”), we take your privacy and confidentiality very seriously. The Privacy Policy explains how we collect, use, and protect your personal information. It is aligned with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the common law duty of confidentiality, and professional obligations under the BABCP Standards of Conduct, Performance and Ethics.

2. Who We Are

This Privacy Policy applies to Georgina Gibbs Therapy Ltd., a company registered in England & Wales providing therapy services, including Cognitive Behavioural Therapy (CBT), Eye Movement Desensitisation and Reprocessing (EMDR), and Couples Therapy.

We act as the Data Controller for the personal information you provide to us.

Name: Georgina Gibbs Therapy Ltd.

Website: https://www.georginagibbstherapy.co.uk

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Information Commissioner's Office (ICO) Registration Number: ZB970524

3. What Information We Collect

We collect and process the following categories of data:

Personal data:

• Name, Date of Birth and Gender.
• Contact Information: Email address and Telephone number.
• Next of Kin name and number (for emergency purposes only).
• GP details (for emergency and safeguarding purposes only).

Special Category Data:

• Relationship Status.
• Medical History, Medication Use and Substance Use.
• Session Information: Signed therapy contract, notes from assessment and therapy sessions, any outcome measures completed, communication between client and Georgina Gibbs.

Technical Data:

• IP address, device types and Microsoft Teams usage.

Payment Information

• Bank transfer records and payment details (retained as required by HMRC for six years).

4. How We Collect Information

We collect information directly from you in the following ways:

• Online Therapy Enquiries: If you make contact/enquiries via email or the website then you are consenting to your data being shared with Georgina Gibbs.
• Booking Form: You will be sent a booking form to collect personal data if you decide to proceed with therapy after the free consultation call.
• Attending therapy sessions: Sensitive data is collected during the assessment and treatment sessions in the form of session notes.

Information may also be received from third parties (e.g., referrals from healthcare providers) with your explicit consent.

5. How We Use Your Information

We process your personal data for the following purposes:

• To provide therapy services.
• To maintain accurate clinical records.
• To manage appointments, payment and administration.
• To communicate with you regarding your care.
• To comply with legal or professional obligations.

Legal Bases for Processing:

• Consent for therapy services.
• Performance of a contract (providing therapy).
• Legal obligations (record-keeping, safeguarding).
• Legitimate interests (business operations).
• Special category data is processed under UK GDPR Art. 9(2)(h) (provision of health or social care).

6. Website and Cookies (Summarised):

• Our website uses cookies for performance improvement and analytics.
• Google Analytics provides our website with anonymous visitor counts and statistics. We do not carry out any user-identifiable tracking and all cookies expire within a reasonable period of time. Please refer to the cookie policy of Google for more information https://support.google.com/analytics/answer/6004245.
• Consent will be sought for non-essential cookies in compliance with ICO requirements. Visitors can opt out of the use of cookies and Google Analytics via https://tools.google.com/dlpage/gaoptout.
• For full details, please see our Cookie Policy at www.georginagibbstherapy.co.uk.

7. Confidentiality and Sharing of Information

Your information is treated as strictly confidential and will only be disclosed without consent in the following situations:

• Risk of serious harm to you or others.
• Safeguarding concerns relating to children or vulnerable adults.
• Disclosures regarding terrorism, trafficking or serious criminal activity.
• Legal requirements (e.g., court order).
• Disclosures of future criminal offences.

8. Data Storage and Communication

We store data as follows:

• Email: Microsoft Outlook is used for email correspondence. Your email address and our correspondence will be stored in my email account. Email is not a fully secure method of communication, so sharing sensitive personal information is not advisable.
• Phone and SMS: Stored on password-protected devices, with SMS deleted monthly.
• Therapy Contracts: A copy of our signed therapy contract is printed and stored securely in a locked filing cabinet.
• Session Notes: Sessions notes are kept minimal and stored digitally on Microsoft SharePoint in password protected files. They are anonymised and kept separately from identifiable information. All digital notes stored on SharePoint are password protected documents.
• Microsoft Teams: Sessions conducted using encrypted links. While encrypted, no platform is 100% secure.
• International Transfers: Microsoft services may store data outside the UK/EEA. Standard Contractual Clauses (SCCs) and the UK Addendum are applied to safeguard such transfers. 

9. Data Retention

Retention periods are as follows:

• Website/email enquiries: Retained up to 6 months and then securely deleted, unless you request earlier deletion.
• Consultation data (if therapy does not proceed): Securely deleted within 14 days, unless you request earlier deletion.
• Clinical records: Retained for 7 years post-therapy (or longer if required by law). After this period, data will be securely deleted.
• Payment records: Retained for 6 years to comply with HMRC obligations.

10. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate information.
• Request erasure of your data (subject to legal obligations).
• Request restriction of processing.
• Data portability (receive your data in a usable format).
• Withdraw consent (where consent is the legal basis for processing).
• Lodge a complaint with the Information Commissioner’s Office (ICO).

Requests should be sent to This email address is being protected from spambots. You need JavaScript enabled to view it.. We will respond within one month.

11. Security Measures

We implement technical and organisational safeguards to protect your data, including:

• Password-protection.
• Secure filing.
• Therapy Contracts and Confidentiality Agreements.
• Regular professional supervision (with anonymised case discussion).
• Professional Indemnity Insurance is maintained.

12. Contact Us/ Complaints

If you have any questions about this Privacy Policy or concerns with how your data is handled, please contact This email address is being protected from spambots. You need JavaScript enabled to view it. in the first instance.

You also have the right to raise complaints with:

• The Information Commissioner’s Office (ICO):https://ico.org.uk/make-a-complaint.
• The British Association for Behavioural and Cognitive Psychotherapies (BABCP).