Privacy Notice

This Privacy Notice explains how your personal information will be collected, used and stored if you are a service user (client/patient) of The Reframe Room, and/or when you use this website.

If you have any questions please do not hesitate to discuss this with me. You will also receive further information relating to our Therapy Agreement once you book an appointment at The Reframe Room.

1. Who I Am

Anna Daniel, a BABCP‑accredited CBT Therapist, EMDR & NET Therapist, providing psychological assessments and therapy to adults. As a sole practitioner it is my responsibility to look after your personal information carefully, in line with the UK General Data Protection Regulation (GDPR). I am registered with the Information Commissioner’s Office (ICO) as a data controller.

2. The Information I Collect

To provide therapy safely and effectively, I collect and store information such as:

  • Your full name

  • Date of birth

  • Contact details (Telephone number, Email address)

  • GP or emergency contact information

  • Referral details (if someone such as your GP has referred you)

  • Information about your current psychological difficulties and relevant history you choose to share

  • Prescribed medication

  • Medical conditions (if relevant)

  • Offences (including alleged offences)

  • Session notes

  • Payment records (no card details are stored)

I only collect information that is necessary for therapy or required by law.

3. Why I Collect This Information and How I Use It

You do not have to share this information, but without it I may not be able to offer therapy. The lawful basis for collecting your information is because it is my legitimate interest as a registered therapist to do so and necessary for the provision of healthcare. I do not use your information for marketing or share it with third parties for commercial purposes.

I use your information to:

  • Provide safe, effective psychological assessments and therapy

  • Respond to enquiries and communicate with you about appointments

  • Ensure your safety

  • Maintain accurate clinical records

  • Meet legal, professional and ethical obligations

  • Process invoices or insurance claims where relevant

4. How Your Information Is Stored

I take your privacy very seriously and am committed to taking all reasonable steps to protect any identifying information that you provide to me; protecting your data from loss, misuse or unauthorised access.

All personal information provided is stored in compliance with GDPR rules. Your information is stored securely in digital systems only, on a password protected device that only I have access to. I use a GDPR-compliant practice management system (called ‘Konfidens’) for all my clinical work, and only I have access to these records. If you contact me via email, your details may also be stored in secure, password-protected inboxes.

For online therapy sessions, I use a Video Platform also provided via Konfidens, which is secure and end-to-end encrypted to ensure confidentiality and protect your privacy.

5. How Long I Keep Your Information

I do not keep your data for longer than necessary; it is destroyed as soon as possible. In line with professional and legal requirements, I retain clinical and financial records for 7 years from the point of last contact. After this period, it is securely deleted.

6. Sharing Your Information

I take confidentiality very seriously; further details are provided before we begin therapy. Everything you share in therapy is confidential. I would only share information:

  • If you give explicit consent (for example, sharing a report with your GP)

  • If I am legally required to (for example related to a court order)

  • If I believe there is a serious and immediate risk of harm to you or someone else

  • With my clinical supervisor, who is also bound by confidentiality, and your identity within supervision is anonymised

I will always aim to discuss any potential sharing of information with you first, unless I am legally prevented from doing so.

7. Clinical Will

In the unlikely event that I become suddenly incapacitated or unable to continue working, a Clinical Will is in place. This means a trusted colleague will access your records temporarily to notify you and help ensure continuity of care.

8. Your Rights

I am committed to protecting your rights to privacy. Under UK GDPR, you have the right to:

  • Be informed about what I do with your personal data

  • Access a copy of the information I hold about you

  • Request corrections to inaccurate or incomplete information

  • Request that I stop/restrict the processing your data in certain circumstances

  • Request deletion of your data (unless I am legally required to retain it)

  • Withdraw consent (where consent is the legal basis for processing)

  • Object to the processing I carry out based on my legitimate interest

  • Lodge a complaint with the ICO

9. Data Breach

In the very unlikely event of a breach of personal data, I will report it to the ICO within 72 hours and notify any affected individuals where appropriate.

10. Queries, Requests & Complaints

If you have questions related to this Privacy Notice, or would like to make a request in line with your rights above, you can contact me via the form on my website if this is your first contact, or via email if we have had previous email contact. I will aim to provide an initial response within 72 hours.

If you have concerns about how your personal data has been handled and you are not satisfied with the response from me, you have the right to raise your complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns/