Privacy Policy - November 2024
The GDPR (General Data Protection Regulation) is a pivotal advancement in privacy and data protection law. Enacted on May 25, 2018, it mandates that we obtain renewed data protection and privacy consent from all clients. This policy outlines the personal data we collect from clients, how we use it, and how we ensure it is managed responsibly.
This privacy policy explains how Three Minds Psychology Ltd handles personal information collected from you when you visit our website or become a client. Three Minds Psychology Ltd is registered with the ICO (registration number: ZB702406), and our associates are also ICO-registered. For questions or requests regarding the personal information we process, please contact
Protecting your personal information and privacy is essential to us.
Your Rights
You have the following rights under data protection law:
- Right to be informed about our use of your personal data.
- Right to rectification of inaccurate data and to have incomplete data completed.
- Right to erasure of your personal data upon request.
- Right to access copies of personal information we process about you.
- Right to restrict processing of your personal data.
- Right to object to processing based on legitimate interest.
Why We Collect Information About You
We collect personal information as part of our responsibility to clients—past, present, and future. This data is managed lawfully, primarily for the purposes of legitimate interest and the provision of health treatment. Additional details on lawful bases for data processing are available on the ICO website (www.ico.org.uk). We process data in line with the Data Protection Act (DPA, 1998) and GDPR (Regulation (EU) 2016/679) and because it is necessary for the operation of a psychology clinic. The assessment process requires us to analyze documents, and in some cases, the lawful basis may include a legal obligation. Processing “special category data” is further justified to support our health service provision.
Information We Collect
We may collect personal and sensitive information, such as:
- Personal Identifiers: Name, address, telephone numbers, date of birth, gender (or preferred identity), and email.
- Relationship Information: Family, occupation, and other pertinent relationship data.
Due to the nature of our work, we may also collect sensitive data regarding your mental health, medical history, psychological wellbeing, relationships, life events, and any criminal history relevant to the services you’ve requested. This includes information necessary for safe assessment and services. We also record details related to your interactions with Three Minds Psychology Ltd, such as appointments, assessments, and relevant correspondence. We collect data through contact forms on our website, and with your permission, may obtain information from third parties (such as other health providers or family members involved in the assessment process). Additionally, we may use website analytics to track website visits.
In limited cases, and with explicit consent, we may record assessment sessions for the purposes of quality assurance. You have the right to decline any recordings.
For administrative and business operations, we also process data such as:
- Billing and Financial Data: Invoices, receipts, accounts, and tax documentation.
- Assessment Information: Medical conditions, current and historical, prescribed medication, psychological history, social difficulties, any offences (including alleged offences), and payment information.
How We Store Information
All personal data is stored in compliance with EU GDPR guidelines and retained only as long as necessary. Administrative data is kept for up to seven years to address any queries from HMRC. Client data is also retained for seven years after the last contact to meet professional indemnity and regulatory standards. Electronic files containing “special category data” are securely encrypted with restricted access.
Confidentiality
Your personal information is treated as confidential within Three Minds Psychology Ltd, with anonymization applied where possible to prevent identification. In rare cases, we may need to share information if we believe there is a significant risk of harm to yourself or others. In such situations, we may contact necessary services (e.g., GP, emergency services) to ensure safety, with prior discussion whenever possible. If there is intent to harm another person or entity (e.g., terrorism), we may be legally required to inform authorities without your consent.
Access to Your Information
You have the right to submit a Subject Access Request to inquire if we hold personal information about you under the Data Protection Act and GDPR. Upon request, we will provide:
- A description of the data we hold.
- Source of information (if not provided by you).
- Reasons and purposes for holding it.
- Categories of personal data involved.
- Potential recipients of the data.
- Retention periods.
- Information on automated decision-making, including profiling.
Concerns About Your Data
If you have concerns about how we handle your information, please contact the Data Protection Lead at Three Minds Psychology Ltd by emailing
In the event of incapacitation or death of your psychologist, another professional may be granted access to your information to assist in the transition of care, ensure safe record management, and comply with GDPR principles. Access will only occur when there is a legitimate need, and the psychologist will adhere to the GDPR guidelines.