top of page

Confidentiality & Data Protection

Privacy Statement

Information shared in therapy remains confidential. If disclosure of information is required eg. by an insurance company or occupational health team then consent is sought prior to disclosure. If there was concerns about your safety or the safety of others then  your GP and other relevant professionals will be notified to ensure you receive the care you require.

Your personal data is processed in line with GDPR legislation (General Data Protection Regulation) Data Protection Act 2018.

This policy statement sets out how data is used and protected, and what happens to any information that you give through the therapy services.

Any information collected by Natasha Goodchild when you enquire or use these services will only be used in accordance with this statement.

To be able to fulfil the role as a CBT and EMDR therapist  notes will be taken during each session.  Clients are discussed within clinical supervision (CBT/EMDR) to ensure the best possible interventions and care is provided within my scope as an EMDR practitioner/CBT Psychotherapist. Your information will never be shared with a third party for marketing purposes.

How is information collected about you?


Via email

When you enquire about the therapy services via email, this is stored on a password protected email service (GMAIL). No data transmission over the Internet can be guaranteed to be 100% secure.


Over the phone

When you enquire about the therapy services over the phone, I will collect information from you as a prerequisite for inviting you for an assessment. If you engage in therapy services any notes taken during this telephone call will be stored in a secure locked cabinet that only Natasha has access to.


In person/Online (MS Teams)

When you attend for therapy sessions either in-person or online, I collect and record data  through paper notes. This is crucial for effective therapy to take place. This information is stored in paper format in a locked cabinet that only Natasha has access to, or on password protected laptop and password protected cloud document service (BOX).



What type of information is collected? And what it is used for?


Personal Information

The following personal information may be collected from you, either at the early assessment stage (on the phone/via email/via my website/online platforms), or face to face/MS Teams:

  • Name

  • Email address & mobile number

  • Date of birth

  • Insurance Details (if you are paying through your health insurance policy)

  • History of your relevant early experiences

  • Relevant Physical and mental health history

  • Current physical and mental health symptoms

  • Questionnaire scores (questionnaires that assess the severity of your symptoms)


This information is collected where it is relevant to your therapy, and to ensure the service provided to you is as effective as possible. It enables therapy to be monitored and evaluated.  



Who your information may be shared with?

Third parties

There may be occasions the personal information you share may be shared with third parties,  specifically, an insurance company or other health professionals involved in your care (see below). At all times Data Protection Act 1998 is complied with. You will be made aware of any information that is to be shared at assessment and given the choice as to who the information is shared with. In some cases this may mean that we are unable to continue with therapy if permission is not granted to share with certain parties.


For Supervision

For supervision: In order to ensure the quality of the therapy with you, Natasha undertakes supervision with experienced CBT and EMDR therapists. During supervision,only your first name is shared with the supervisor and  aspects of your therapy may be discussed . However, this will be done respectfully, only as clinically relevant and without any unnecessary identifying details. The supervisor is bound by the same rules of confidentiality as Natasha.


Your insurance company

If you are claiming the cost of your sessions through your insurance company, your insurance company may request details of your treatment and progress in order to authorize further funding for your treatment. Under these circumstances, the minimum amount of information necessary will be shared with your insurance company.

There are three situations where information may be shared with third parties, without your consent:

  1. A Court Order.

  2. If there is imminent risk to self or others.

  3. If there are child protection issues.

If this was to be the case you will be notified of this.


As per the BABCP Standards of Conduct, Performance and Ethics appropriate action must be taken to protect the rights of children and vulnerable adults if they are thought to be at risk, including following national and local policies.


Retention period-how long is your data stored.

The retention period is 7 years for notes taken during therapy. The reason for this length of time is to comply with legal obligations such as the Limitation Act 1980 and also those from insurance companies. It is also useful to have previous notes should you wish to return to therapy at a future date. All notes are stored in a locked cabinet to which only Natasha has access, or in a password protected Laptop or online document service (BOX).



Security of information shared over the internet.

Your personal data is processed in line with GDPR legislation Data Protection Act 2018 and all appropriate measures are taken to keep it secure. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure and this is transmitted at your own risk.



Right of Access

You may request details of personal information which is held about you under the Data Protection Act 2018. Depending on the volume of information requested and the administrative costs involved in providing you with this information, there may be a charge for this information. You will be informed of the costs at the time the request is made. Requests for information must be put in writing. If you would like to request access to the information held on you, please email me.


Requests that are considered excessive or unreasonable may be refused. In the event your request to obtain details of information held about you is refused, you will be provided with an explanation as to why that is.


Right to rectification

If you believe that any information, I am holding on you is incorrect or incomplete, please email me with details and I will promptly correct any information found to be incorrect.

Right to lodge a formal complaint with a supervisory authority

If you believe that your rights under the GDPR regulation have been infringed, or that the processing of personal data relating to you does not comply with this Regulation, you can inform the ICO (Information Commissioner’s Office) or by phoning their helpline on 0303 123 1113.

bottom of page