top of page

Privacy Policy

GDPR Privacy Notice


The purpose of General Data Protection Regulation (GDPR) is to protect the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of data and unrestricted movement of personal data within the EU and its storage within the EEA.

I collect data and store data about you. This purpose of this policy is to explain why I keep your data, where I keep it, how I keep it safe and what your rights are in relation to your data.

I, Dr Laura McGrath, would like to offer the following information:

I am a Clinical Psychologist. The wellbeing and rights of my clients is very important to me. The Health and Care Professions Council (HCPC) regulate my practice. You can find out more about my professional and legal responsibilities on their website:

What information is collected and how is it used?

I keep personal data (e.g. name, address, phone number, email address) for the purpose of identifying and contacting you.

I also keep sensitive data (e.g. summary of the session content).

The information that I collect and store is used to enable me to provide you with a service and process payments. In some circumstances it is used in the prevention of serious harm.

It is not possible for me to offer you a service unless I have your consent to keep records. I keep these records in accordance with the law and the codes of practice required by the UK Health and Processions Council (HCPC).

Where is data stored?

In clinic management software which is stored in an online cloud accessed via a laptop computer. Some information is stored in a paper file. Some contact details are stored in a mobile phone dedicated to this work. Some data is stored in email systems.

How is data kept safe?

Email accounts and clinic management software accounts are kept locked with a strong password which is changed regularly. My laptop is password protected and there is protection from viruses and malware which are regularly updated. All paper notes are kept in a locked filing cabinet. My mobile phone is kept password protected.

How long is data stored for?

Your information will be stored for a period of 7 years following the end of treatment in line with professional guidance from The British Psychological Society and the HCPC. Following this, all information will be securely destroyed.

Will your information be shared?

Confidentiality may only be breached where there are concerns about risk of harm to yourself or others or where the law requires disclosure (e.g. safeguarding concerns). In these cases, it is not necessary to gain consent but this will be sought from yourself if at all possible.

If you are referred by your health insurance provider, information about your appointment schedules will be shared with your provider for the purposes of billing. Treatment updates may also be shared.

Anonymised, non-identifying information about you may be shared with a clinical psychologist colleague in a confidential setting for the purpose of clinical supervision. Clinical supervision is a professional requirement and ensures best practice and adherence to clinical governance.

What are your rights?

You can request a copy of your data and to have inaccurate information corrected. There is no fee for this.

You can terminate therapy at any point without needing to give a reason.

If you have any concerns, please inform me so that I can do my best to address them. You have the right to make a complaint about me if you believe that I am acting unlawfully. If it is specifically in relation to your data, you can contact the UK Information Commissioner’s Office (ICO). If it is a more general complaint, you can contact the HCPC.

Privacy policy: FAQ
bottom of page