Privacy

Privacy Statement

Last updated: 19 April 2026

1. Introduction

At Chris Thomas Therapy, I am committed to protecting your privacy and handling your personal information with care, respect, and transparency. This privacy statement explains how I collect, use, and store your information when you access my transactional analysis therapy services, whether online or in person.

2. Who I Am

Chris Thomas Therapy, 14 Eaves Avenue, Hebden Bridge HX7 6DJ

Email: christhomastherapy@gmail.com

Telephone: 07356 055179

I am the data controller for the personal information you provide.

I am a registered member of the British Association for Counselling and Psychotherapy (BACP) and work in accordance with their ethical framework.

3. What Information I Collect

I may collect and process the following information:

  • Personal details (such as your name, email address, and phone number)

  • Emergency contact details

  • GP details (with your consent)

  • Session notes and therapeutic records

  • Information you choose to share during sessions

  • Payment and invoicing information

Some of this information is classified as special category data, including information relating to your mental health and wellbeing.

4. How I Use Your Information

I use your information to:

  • Provide therapy safely and effectively

  • Communicate with you about appointments and services

  • Maintain appropriate clinical records

  • Process payments

  • Meet professional, ethical, and legal obligations

5. Legal Basis for Processing

Under UK GDPR, I rely on the following lawful bases:

  • Contract – to provide the therapy services you request

  • Legitimate interests – to manage and run my practice

  • Legal obligation – where I am required to comply with the law

  • Explicit consent – for processing special category data

6. Confidentiality

Confidentiality is a core part of therapy. What you share will be kept confidential, with the following exceptions:

  • If there is a serious risk of harm to you or others

  • If there are safeguarding concerns involving children or vulnerable adults

  • If disclosure is required by law

Where possible, I will aim to discuss any necessary disclosure with you first.

7. Online and In-Person Sessions

I offer both online and in-person therapy.

  • Online sessions are conducted using secure platforms (e.g. Zoom or similar). While I take care to use reputable services, no online communication can be guaranteed as completely secure.

  • For in-person sessions, any written notes or records are stored securely.

8. How Your Data Is Stored

Your information is stored securely using appropriate technical and organisational measures, including:

  • Password-protected and encrypted digital systems

  • Secure storage for any paper records

  • Restricted access to personal data

9. How Long I Keep Your Data

I retain therapy records for 7 years after the end of therapy, in line with professional guidelines and insurance requirements. After this period, your data will be securely deleted or destroyed.

10. Sharing Your Information

I do not sell or share your data for marketing purposes.

Your information may be shared only where necessary:

  • With a clinical supervisor (in anonymised form where possible, in line with BACP requirements)

  • If required by legal or regulatory authorities

  • With emergency services where there is a serious risk of harm

11. Your Rights

Under UK data protection law, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate data

  • Request erasure of your data (where applicable)

  • Restrict or object to processing

  • Lodge a complaint with the Information Commissioner's Office (ICO)

12. Cookies and Website Use

If this website uses cookies or analytics tools, these are used to improve user experience. You can manage cookie preferences through your browser settings.

13. Contact

If you have any questions about this privacy statement or how your data is handled, please email: christhomastherapy@gmail.com