Privacy policy

Effective from 25th May 2020


We collect and hold information about clients under the legal basis identified as “legitimate interest”, as defined under the general data protection regulations (2018). This privacy policy explains how we use any personal information we collect in carrying out our role as educational psychologists. It also informs you of your rights and our responsibilities in the processing of personal information under the general data protection regulations.


What information do we collect?

We collect information about our client’s current and previous psychological and physical well-being, and current and previous social, educational and family circumstances. We also collect information about our clients when they voluntarily complete questionnaires. We may also collect sensitive personal information defined as “special category data”, as part of a psychological assessment. CCTV may be used in our consulting rooms in order to protect your security and well-being and for safeguarding purposes.


How will we use the information?

We collect information in order to provide psychological formulations, recommendations and interventions. This information is confidential.


Psychologists may discuss client’s personal information in supervision with a supervisor, who is another psychologist, for the purpose of ensuring that their practice is safe and effective, and as mandated by their professional bodies. We do not reveal names when we share information in supervision. Supervisors do not share our client’s personal information with anyone else.


If applicable, we will from time to time write to referrers and stakeholders, such as parents, named individuals in schools and other agencies.  For example, following an assessment of learning abilities or emotional well-being. We will always obtain consent and discuss the content of such letters or reports before sending them.


Sharing personal information with third parties

We do not discuss personal information with third parties. However, if our professional opinion was

that there was an immediate and serious risk that a client might harm him/herself, or someone else, then we may have to share personal information with a third party, such as a GP or the emergency services, without first obtaining consent. This might be because it is not practically possible to obtain consent or because attempting to do so might lead to a delay in accessing health and therefore endanger our client’s life or that of another.


In some cases where we have to share personal information with third parties to protect our client or another person, we will only share personal information insofar as it is relevant and necessary to protect our client or another person.


In some circumstances it may be that personal information is requested by a court of law, coroner’s office or professional body. In such circumstances our client may have limited or no rights of refusal.


Access to personal information and correction

Clients have a right to request a copy of the information we hold about them. To obtain a copy of some or all personal information, please contact us at:


We need to make sure that personal information is accurate and up-to-date. Clients may ask us to correct or remove information they think is incorrect or inaccurate.


Our clients have the right to ask us to erase personal information we hold about them. We can refuse the request if such personal information is needed in the defence or exercise of legal claims, or if we believe there is an overriding legitimate interest to retain your information.


Storage of information

We keep personal information in electronic records. Paper records are scanned, stored electronically and destroyed.


We store your information as described below:

Computers are password protected and the hard drives are encrypted. IPads and mobile devices are secured with fingerprint touch ID, passwords and two-factor authentication. Any apps on iPads and mobile devices that can access your data require further password authentication to open on the device. Passwords are changed regularly, and it is company policy that passwords are not shared. The information you provide relating to the assessment, such as questionnaires and previous reports, is stored on an encrypted cloud-based server. We create a report that contains all the information that we gather and our findings and conclusions, this is computer generated and stored as above.


If we take hand written notes and records during an assessment, these notes are scanned and stored as above. Original paper copies are destroyed.


Q-Interactive is a cloud-based assessment tool which is used in our assessments. Your name and date of birth is required by the assessment tool, no other personal information is uploaded. It has a two-factor authentication security system and Pearson, the owners of Q-Interactive, assure us that it is GDPR compliant.


CCTV recordings made in our consulting rooms are stored on an encrypted cloud-based server for 30 days then automatically deleted. In some circumstances, we may feel it necessary to save recordings for longer, in which case they may be stored for up to a maximum of six years, as per ‘Length of storage’ below.


Will we send emails and text messages to you?

As part of providing our service to you we will send your report to you via email. The report will be password protected and the password sent separately. To protect your information, we prefer to send passwords by SMS (text messages).


Also, as part of this service, we need to send details of your appointment, gather information and communicate other relevant information to you. We will do this via email and/or telephone.


Length of storage

Personal information and the records of our work are kept for six years. We then erase those records.


Right to complain

You have the right to complain to the Information Commissioner’s Office without prejudice about the processing of your personal data at:


You can contact us at:

Policy review date: April  2023.