07585119298 [email protected]

Privacy and Cookie Policy for Therapy Services

Your privacy and confidentiality are fundamental to our therapeutic relationship. This policy explains how I collect, use, protect, and share your personal information in accordance with UK data protection laws, ICO guidelines, and the BACP Ethical Framework.

1. Who Am I?

I am Michael Lipo, a freelance therapist practising in Wokingham, providing individual therapy, relationship therapy, and clinical supervision. I am registered with the British Association for Counselling and Psychotherapy (BACP) and adhere to their Ethical Framework.

Data Controller Details:

Michael Lipo

49 Denmark Street

Wokingham, RG40 2AY

Email: [email protected]

Phone: +447585119298

2. What Information Do I Collect?

Personal Information:

  • Contact details (name, address, phone number, email)
  • Date of birth and age
  • Emergency contact information
  • GP details
  • Relevant medical or mental health history
  • Session notes and therapeutic records
  • Payment information
  • Correspondence between us

Sensitive Personal Data:

As a therapist, I necessarily process sensitive personal data relating to your mental health, relationships, and personal circumstances. This is essential for providing effective therapeutic support.

3. Legal Basis for Processing

I process your personal data under the following legal bases:

  • Consent: You have given explicit consent for processing sensitive personal data for therapeutic purposes
  • Legitimate Interests: For administrative purposes, safeguarding, and professional development
  • Legal Obligation: Where required by law or professional regulatory requirements
  • Vital Interests: In exceptional circumstances where there may be risk of serious harm

4. How Do I Use Your Information?

  • Providing therapeutic services and maintaining therapeutic records
  • Scheduling appointments and managing our therapeutic relationship
  • Processing payments and maintaining financial records
  • Communicating with you about your therapy
  • Meeting professional and legal obligations
  • Clinical supervision (anonymised where possible)
  • Safeguarding where there are concerns about risk of harm

5. Confidentiality and Sharing Information

Your confidentiality is paramount. I will not share your personal information without your explicit consent, except in the following circumstances:

Exceptions to Confidentiality:

  • Risk of serious harm: If there is immediate risk of serious harm to yourself or others
  • Child protection: If there are concerns about the safety of a child under 18
  • Vulnerable adult protection: If there are concerns about abuse of a vulnerable adult
  • Court order: If legally compelled by a court
  • Terrorism or serious crime: As required by law

Clinical Supervision:

I receive regular clinical supervision as required by BACP. Your case may be discussed in supervision for professional development and to ensure quality of care. Information is anonymised wherever possible, and supervisors are bound by the same confidentiality requirements.

6. How Do I Store and Protect Your Information?

I take appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure.

Electronic Records:

All electronic client records are stored securely on Google Drive with encryption and password protection. Access is restricted to myself only. In the event that I become incapacitated or deceased, my Clinical Supervisor has access to my notes primarily to organise the transition of work and information to another therapist once agreed with you.

Practice Management:

I use Zanda Health for appointment booking and confirmation emails. This system stores only your first name, surname initial, and email address. If you choose to make payments through Zanda Health, these are processed securely via Stripe, which is PCI-DSS compliant.

Communication:

  • General enquiries and appointment scheduling: [email protected] (ProtonMail provides end-to-end encryption)
  • Secure messaging for sensitive information: WhatsApp or Signal (both offer end-to-end encryption)
  • Online therapy sessions: Google Meets with encryption enabled

Payment Processing:

I primarily accept payment via bank transfer. Where payments are made through the Zanda Health invoice system, these are processed securely via Stripe. I do not store your payment card details.

Therapeutic Executor:

I have appointed a therapeutic executor (who is also my clinical supervisor and a registered professional bound by the same confidentiality requirements) to act on my behalf should I become incapacitated or deceased. This person would only access my records in such circumstances to ensure continuity of care or appropriate destruction of records.

7. How Long Do I Keep Your Information?

In accordance with BACP guidelines and insurance requirements:

  • Adult therapy records: Retained for 7 years after therapy ends
  • Records involving minors: Retained until the individual reaches age 25, or 7 years after therapy ends (whichever is longer)
  • Financial records: Retained for 6 years for tax purposes
  • Safeguarding records: May be retained longer if required by relevant authorities

8. Data Breach Procedures

Whilst I take all reasonable measures to protect your personal information, I recognise that breaches can occur despite best efforts.

In the Event of a Data Breach:

If a data breach occurs that poses a risk to your rights and privacy, I will:

  1. Take immediate action to contain and remedy the breach
  2. Notify the Information Commissioner’s Office (ICO) within 72 hours where required by law
  3. Inform you directly without undue delay, explaining what information was affected and what steps are being taken
  4. Document the breach, including facts, effects, and remedial action taken

Prevention Measures:

To minimise the risk of data breaches, I:

  • Verify email addresses before sending any correspondence
  • Use encrypted communication platforms where possible
  • Regularly review and update security measures
  • Maintain secure password practices and device protection
  • Ensure proper disposal of confidential materials

If you suspect a data breach has occurred, please contact me immediately at [email protected] so that I can investigate and take appropriate action.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to professional obligations)
  • Right to Restrict Processing: Limit how your data is used
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for processing (may affect therapy provision)

Please note: Some rights may be limited due to professional obligations to maintain therapeutic records and safeguarding requirements.

10. Complaints

If you have concerns about how your personal data is being processed, please contact me first. If you remain unsatisfied, you can make a complaint to:

Information Commissioner’s Office (ICO)

Phone: 0303 123 1113

Website: ico.org.uk

British Association for Counselling and Psychotherapy (BACP)

Phone: 01455 883300

Website: bacp.co.uk

11. Contact Me

If you have any questions about this privacy policy or how your personal data is processed, please do not hesitate to contact me using the details provided at the top of this document.

12. Cookies and Website Use

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help the website function correctly and provide information about how the site is used.

Cookies Used on This Website

This website (mltherapyservices.co.uk) is built on WordPress and uses the following types of cookies:

Essential Cookies:

These cookies are necessary for the website to function correctly and securely. They cannot be disabled as they are required for basic site operation, security, and navigation.

  • WordPress cookies for site functionality and user sessions
  • CloudFlare cookies for security and performance protection

Analytics Cookies:

With your consent, we use Google Analytics to understand how visitors use the website. This helps us improve the user experience and ensure the site meets the needs of those seeking therapy services. Google Analytics collects anonymous information including:

  • Which pages are visited
  • How long visitors spend on the site
  • How visitors navigate through the site
  • General geographic location (country or region only)

No personally identifiable information is collected through analytics cookies. This data is never linked to your therapy records or personal information submitted through the contact form.

Contact Form:

When you submit an enquiry through the website contact form, you provide your name, email address, phone number, and reason for contact. This information is transmitted securely and stored in accordance with this privacy policy.

Third-Party Services

Google Maps: This website may use Google Maps to display location information. When you interact with embedded maps, Google may place cookies on your device. Please refer to Google’s privacy policy for information about their data processing.

Google Search Console: This service helps monitor the website’s performance in search results. It does not collect personal information about individual visitors.

Your Cookie Choices

Cookie Consent:

When you first visit the website, you will see a cookie consent banner allowing you to accept or decline non-essential cookies (such as analytics). Essential cookies are set automatically as they are required for the site to function.

Browser Settings:

You can control and delete cookies through your web browser settings. Most browsers allow you to:

  • View which cookies are stored
  • Delete some or all cookies
  • Block cookies from specific websites
  • Block all cookies entirely
  • Delete all cookies when you close your browser

Please note that blocking essential cookies will prevent parts of the website from functioning correctly.

Opting Out of Analytics:

To opt out of Google Analytics tracking across all websites, you can install the Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout

What We Do Not Use

This website does not use:

  • Advertising or marketing cookies
  • Cookies that track you across multiple websites
  • Cookies to build detailed personal profiles
  • Social media tracking cookies
  • Cookies to sell your data to third parties

Updates to Cookie Usage

If we change the cookies used on this website, we will update this section and notify visitors through the cookie consent banner where appropriate.

13. Changes to This Policy

I may update this privacy and cookie policy from time to time to reflect changes in law, best practice, or my services. Any significant changes will be communicated to you, and the updated policy will be available on my website.

This privacy and cookie policy is designed to be transparent about data processing while maintaining the trust and confidentiality essential to therapeutic relationships.

Last Updated: January 2026