Privacy Policy

Dr Tamsin Lovell respects your privacy and is committed to protecting your personal data. This policy explains how your information is collected, used, stored, and safeguarded when you access psychological therapy, supervision, or consultancy services.

Dr Lovell aims to be transparent about why she collects personal information and how it is used, so that you can feel confident that your privacy is protected at all times.

This policy includes information defined as personal data under the General Data Protection Regulation (GDPR) 2016 and the UK Data Protection Act 2018.

If you have any questions after reading this policy, you are encouraged to contact Dr Lovell. If you remain dissatisfied, you have the right to contact the Information Commissioner’s Office (ICO) at https://ico.org.uk.

Who is responsible for my data?

Dr Lovell is the data controller.
This means she is legally responsible for the personal data she holds and for ensuring it is managed safely and lawfully.

What personal data do you process?

Personal Data

  • Name

  • Address

  • Date of birth

  • Email address

  • Contact telephone number

  • GP details if provided

If you complete an online contact form, the information you submit plus your IP address will be stored. This is automatically collected by the website platform used to host the form. All web services used by Dr Lovell are GDPR-compliant.

Sensitive Personal Data

  • Signed Therapy or Service Agreement

  • Clinical records (notes, letters, reports, and outcome measures)

  • Any relevant health information required for psychological treatment

If referred through insurance

If your referral comes via a health insurance provider, Dr Lovell may also process:

  • Basic referral information

  • Policy number(s)

  • Authorisation codes

  • Required treatment updates

Why is personal data collected?

Dr Lovell has a legitimate interest in collecting and holding personal data because it is necessary for delivering psychological therapy, supervision, or consultancy services.

No information is passed to third parties without your consent.
Personal data is never sold.

How do you use my personal information?

Your data is used solely for the purposes of:

  • Providing safe and effective therapeutic or professional services

  • Managing appointments and communications

  • Processing payments

If essential information is withheld, psychological services cannot be provided.

How long is my information stored?

  • Basic contact details held on mobile devices:
    Deleted at the end of therapy.

  • Clinical / sensitive records:
    Stored for 7 years after the end of therapy, in line with professional guidelines.

  • After 7 years, records are securely deleted at the end of the calendar year.

  • Anonymised data:
    May be used indefinitely for research, training, or statistical purposes. Once anonymised, it can no longer be linked to you.

By law, financial information (e.g., invoices) must be retained for 7 years for HMRC purposes.

Who will you share my personal information with?

All information is held in strict confidence. It is not normally shared, except in the following circumstances:

1. Health Insurance Providers

Shared only for:

  • Billing

  • Appointment confirmation

  • Required treatment updates

2. Referring Healthcare Professionals

If referred by a GP or psychiatrist, progress reports may be shared.

3. Legal Instructions

If therapy forms part of a legal process, relevant information may be shared with solicitors with your written consent.

4. Exceptional Circumstances

Information may be shared without consent when:

  • There is risk of serious harm to yourself or someone else

  • There is a legal obligation (e.g., Court Order)

  • Another health professional needs essential information for your care

Where possible, Dr Lovell will discuss this with you first, unless doing so increases risk.

Personal data is never shared for marketing.

Where is my data stored?

Your data may be stored in:

  • A secure cloud system

  • An encrypted mobile device

  • A secure email system

  • Password-protected clinical software

Paper files are kept in a locked storage system and shredded once no longer required.

All digital devices are:

  • Password protected

  • Encrypted

  • Protected with antivirus and malware security

All platforms used by Dr Lovell (e.g., OneDrive, Zoom, accounting and form-submission tools) are GDPR-compliant.

What are my rights?

You have the right to:

  • Access the personal information held about you

  • Request correction of inaccurate data

  • Raise concerns with the Information Commissioner’s Office (ICO)

You can submit a Subject Access Request (SAR) by contacting Dr Lovell directly.
To protect your privacy, verification of identity may be required before information is released.

A reasonable administration fee may apply.

Right to erasure

Dr Lovell may refuse to delete clinical records when they are required by law or professional guidelines.
Clinical records must be retained for 7 years (British Psychological Society; Health and Care Professions Council).

Dr Tamsin Lovell
Clinical Psychologist and Founder of The Relationship Psychologist

 

Book a free 15 minute consultation