Privacy Policy
​
Privacy and Data Protection
Your privacy is of the utmost importance to me. You can be confident that your personal information is kept safe, secure, and used only to fulfil my responsibilities to you as your Psychotherapist or Counsellor.
I follow all current data protection legislation, including:
• The General Data Protection Regulation (GDPR – E.U./2016/679)
• The Data Protection Act 2018
• The Privacy and Electronic Communications (E.C. Directive) Regulations 2003
If you have any questions about how your data is handled, I’m happy to help. You can contact me at 07375 026885 or info@blpsychotherapy.com.
Who Is Responsible for Your Data?
I, Barbara Craig, am the data controller for your personal information.
Address: 49 Minden Close, Basingstoke RG24 8TH
ICO Registration Number: A8739217
How I Collect Your Information
I may collect personal data through:
• My website: www.blpsychotherapy.com
• Phone calls or video sessions
• Written communication
• In-person meetings
• Referrals from GPs, other professionals, or trusted individuals (e.g. parents or carers)
​
Why I Process Your Information
The lawful basis for processing your data depends on our relationship:
• If you are currently in therapy or considering it: I process your data to fulfil our therapeutic contract.
• If therapy has ended: I retain your data under the lawful basis of legitimate interest.
I may also process sensitive personal data (known as “special category information”)—such as details about your mental health, ethnicity, sexuality, or religion—when necessary to provide safe, ethical therapy. This is done under Article 9 of the GDPR: “processing is necessary for the provision of health care.”
​
How Your Information Is Stored
Your personal information is stored electronically in secure, password- and fingerprint-protected files. Identifying details are anonymised and stored separately. Only I have access to this data.
How Your Information Is Used
I use your data to:
• Respond to enquiries
• Assess suitability for therapy
• Provide therapeutic services
• Maintain accurate records for ethical and legal purposes
This may include information about your health, medication, support network, family history, and therapy goals.
How Long Is Your Information Kept
I typically retain your data for seven years after therapy ends, in line with professional and insurance requirements. In some cases, I may need to keep it longer (e.g. for legal defence). If you decide not to proceed with therapy, your data will be deleted within one year—unless you request earlier deletion.
Confidentiality During Therapy
Everything discussed in therapy is confidential. I will only break confidentiality if:
• You or someone else is at serious risk of harm
• I am legally required to disclose information
Whenever possible, I will speak with you first before sharing any concerns, unless doing so would compromise safety.
​
Sharing Your Information
In rare cases, I may share limited personal data with trusted third parties (e.g. GPs, healthcare professionals, payment providers, or technology services). These partners operate under their own privacy policies, which are available on request.
Your Rights
Under data protection law, you have the right to:
• Access: Request a copy of the personal data I hold about you (Subject Access Request)
• Erasure: Ask for your data to be deleted (Right to Erasure)
• Object: Raise concerns about how your data is processed
To make a request, email info@blpsychotherapy.com. I will respond within one month. Please note that in some cases, I may need to retain data to meet legal or insurance obligations.
Concerns or Complaints
If you have concerns about how your data is handled, please get in touch with me directly—I’ll do my best to resolve any issues.
If you wish to escalate your concern, you can contact the Information Commissioner’s Office (ICO):