Wellbeing Psychology

Wellbeing PsychologyWellbeing PsychologyWellbeing Psychology

Wellbeing Psychology

Wellbeing PsychologyWellbeing PsychologyWellbeing Psychology
  • Home
  • Services
  • About
  • Contact
  • Blog
  • Resources
  • Privacy
  • More
    • Home
    • Services
    • About
    • Contact
    • Blog
    • Resources
    • Privacy
  • Home
  • Services
  • About
  • Contact
  • Blog
  • Resources
  • Privacy

Privacy Statement

Date of original privacy statement: 16/07/2022

Date the statement was last updated: 20/12/2025


Key Facts

  • I (Thomas Sidebottom) am a registered and chartered Counselling Psychologist based in the UK
  • Wellbeing Psychology is the name of my private practice
  • I  keep records about you in order to provide you with a service and process payments
  • I cannot work with you unless you allow me to keep these records
  • I follow legislation for storing these records that is governed by the Information Commissioner's Office, and accords with professional codes of practice set out by the Health Care Professions Council and British Psychological Society
  • I use I.T. systems and practices designed to protect the security of your personal information
  • If you have any questions or concerns about this please contact me at admin@wellbeing-psychology.co.uk 
  • If you think I am acting unlawfully you can complain to the Information Commissioner's Office (ICO): www.ico.org.uk/concerns or phone 0303 123 1113


Who is responsible for your data?

Thomas Sidebottom is the data controller for Wellbeing Psychology. This means I am responsible for all personal information held by Wellbeing Psychology and ensuring this data is collected, stored and processed in a secure way that complies with current legislation.


What information do I collect, store and process?

  • Personal information including your name, address, telephone number, email address and GP contact details.
  • Sensitive information about your circumstances including current mental health difficulties, personal history, obstacles to recovery and recovery goals.
  • Sensitive information about your mental health history to develop a broader contextual understanding of current problems.
  • Sensitive information about you from completed psychological assessment measures.
  • Sensitive information about your psychological therapy including records of therapy sessions.
  • Personal information for accounts and billing, such as your name, address and email so I can send invoices and record payments received.
  • If you are referred to me by a health insurance provider, solicitor, or other private mental health company, I will also store and process personal information (as outlined above) provided to me by that organisation.


The lawful bases for processing your personal information

Wellbeing Psychology collects, stores and processes your personal information on the basis that I have an agreement with you to do so, because you have asked me to provide you with a service for psychological therapy. Without collecting, storing and processing the information described above, unfortunately I would not be able to provide you with that service.


In rare and exceptional circumstances I may also rely on another legal basis to share personal information about you for the purposes of protecting life. This could involve sharing personal information about you with your registered GP or the police, if they had a legitimate role in protecting your life or the life of another person connected to you. Under such circumstances I would always try to find reasonable ways of involving other professionals so that you are informed and I have tried to obtain your consent for this. However, if there was no reasonable way of doing so, I may still share your personal information without your awareness or consent using this legal basis.


Who may I share your personal information with?

I hold personal and sensitive information about each of the individuals I work with in confidence. This means I will not normally share your personal information with anyone else. 


However, there are exceptions to this when I may need to liaise with other parties:

  • If you are referred to me by your health insurance provider, a private healthcare company acting on behalf of your insurer, or your solicitor, I will share appointment schedules with that organisation for the purposes of billing. 
  • I may also share personal and sensitive information about you with these referring organisations. This may consist of summary assessment reports, update reports about therapy, and end of treatment reports, to show the work I've undertaken with you has been in accordance with initial agreements and to expected clinical standards. I will explain this to you and seek your verbal consent to share such records with referring organisations at our first appointment. You do not have to consent to this, and if you do not give your consent I will not share that information, but it may affect my ability to offer you a service straight away or in the normal way. Under such circumstances I will consider and discuss alternative arrangements with you. 
  • Even if you consent to me sharing personal and sensitive information with other referring organisations, you have a right to later withdraw your consent to this. If you do so, I will stop sharing such information . However, this is likely to affect our ability to continue offering you a service in the normal way and may result in a pause or break in therapy sessions. Under such circumstances I will consider and discuss alternative arrangements with you.


In exceptional circumstances, I might need to share your personal information with relevant authorities:

  • When there is a legitimate need for another health professional to be updated about your mental health such as your GP. I would discuss such a proposed disclosure with you and seek your consent for this.
  • When there is a risk of harm to yourself, or harm to another adult or child. I will discuss such a proposed disclosure with you and seek your consent unless there was no reasonable way of doing so without increasing the risk of harm.
  • When there is a legal obligation for me to do so such as a Court Order.


How long will I store your personal information?

I only store your personal information for as long as it is required for a specific purpose, such as offering you a service or following professional practice guidelines.


Basic contact information such as your name, address, email and contact telephone number is deleted from my contacts system six months after your final therapy session. I also aim to delete all email correspondence I've sent and received from you, and any emails I've sent or received about you from other parties, six months after your final therapy session.


All other sensitive information I hold about you as described above, is stored by me for a period of seven years after the end of therapy. This may seem like a long time but I do so in accordance with professional practice guidelines published by the British Psychological Society. This is because individuals may return to me for further therapy, or they may request information from me about therapy services previously received so they can approach another provider. I also keep  records of services provided for this long because it's the length of time needed to cover the primary legal limitation period in the UK.


How will I store your personal information?

Wellbeing Psychology has an entirely electronic record keeping and administration system, and I do not keep paper records of any kind. All the data I collect and process is stored electronically using a secure could-based storage system that complies with National and European Union data security standards. I do not store personal or sensitive data of any kind on local devices. My cloud storage system uses end-to-end encryption technology with two factor authentication, meaning only the I can decrypt and access your personal information when it is stored this way, and only on trusted devices owned by me and operated securely. No-one else, not even the technology company operating the servers, can decrypt and access your data.


How will I keep your data secure and confidential?

  • Personal information is kept to a minimum during initial telephone enquiries and never written down or typed out by me.
  • If I send you an email containing any sensitive information I will do so as an attached document or .Zip file that is secured using a pin code. I will assign you a pin after the first appointment, or as soon as possible, and text this to you separately from any emails with attachments.
  • If I send any emails containing personal or sensitive information about you to other organisations, I will only do so using a secure encrypted email service such as Egress Secure, or otherwise as an attached document or .Zip file that is pin or password protected.
  • My I.T. devices that are used to access personal and sensitive data are password protected, pin protected, and/or use biometric approval to be unlocked. All these devices are set to lock after the shortest period of inactivity their settings allow.
  • Wellbeing Psychology has a planned schedule for replacing all hardware devices to mitigate against hardware failure and obsolescence. This means all the devices I  use run the latest software operating systems, with the latest security updates automatically installed.
  • Wellbeing Psychology routinely audits the security of these electronic data systems and the  processing of data within the business. I do this by reviewing the integrity of records of personal and sensitive information, as well as gathering other evidence about my routine data handling practices, so I can evaluate this  against the standards set out in this policy and other key documents regarding compliance. Security risks and vulnerabilities are identified and addressed in an ongoing way to ensure I operate accountably and to the highest professional standards. The results of audits are available on request. The last audit of this kind was completed on 29/04/23.


Your data protection rights

Under data protection law, you have rights including:

  • You have the right to ask me for copies of the information we hold about you. I aim to share this with you within 30 days of receiving a request and we may seek further proof of identity from you before doing so.
  • You have a right to ask me to correct personal information you think is inaccurate.
  • You have a right to ask me to erase some of the personal information I hold if it’s no longer being stored for a legitimate reason or in accordance with the timescales outlined above.
  • You have the right to ask me to share copies of the personal and sensitive information I hold about you that came from another organisation.


If you wish to make a request, please contact me at: 

E-mail: admin@wellbeing-psychology.co.uk

Telephone: 07954601962


Making a complaint

If you have any questions, concerns or would like to complain about my use of your personal information please contact me at:

E-mail: admin@wellbeing-psychology.co.uk

Telephone: 07954601962


If you think I are acting unlawfully you can complain to the Information Commissioner's Office (ICO): 

www.ico.org.uk/concerns

Tel: 0303 123 1113  

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Logo for Wellbeing Psychology private practtice of Thomas Sidebottom Psychologist Lancaster

Copyright © 2022 Wellbeing Psychology is the website and private practice of Thomas Sidebottom registered psychologist offering clinical services in Lancaster and UK wide - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept