top of page

Data protection & Privacy Policy


mysearchforself specialises in delivering psychotherapy to clients on behalf of individuals and organisations and clinical supervision for other healthcare professionals. Although I need to collect and hold certain personal data in order to deliver services to you I am committed to protecting and respecting your privacy. This policy provides an overview of how I comply with General Data Protection Regulation (GDPR) in regard to any personal data I hold in relation to clients.

If you contact me, whether by telephone, email, website, or other means, I may keep a record of that correspondence. I may ask you to complete various questionnaires and other forms that I will use to tailor my services to your needs. I may keep records of any meetings and sessions in the form of written notes, electronic notes and very occasionally audio or visual recordings. I may receive correspondence from you or from other healthcare professionals relating to your case. I may also produce notes, assessments or reports outside of sessions, requested by third parties such as your insurance company if they have referred you to my service.

How I Obtain Personal Information

What Personal Data Do I Collect and How It Is Used:

Contact information: I hold contact information that you have provided which I use to contact you about appointments or your treatment. This information may include: 

Contact Information​

  • Your Full Name including Title

  • Your Address

  • Your Telephone Number(s)

  • Your Email Addresses

  • Online ID's for services such as Skype etc. (where relevant)

General Information: I hold general information that you have provided which I use to manage the delivery of my service to you. Some of this information also enables me to comply with my legal or regulatory obligations. This information may include:

General Information​

  • Your Date Of Birth and Gender

  • Your Profession (where relevant to the work)

  • A Designated Emergency Contact Name & Contact Number (For medical emergencies)

  • Your G.P's Surgery (For medical emergencies)

  • A record of appointment Times and dates.

  • General Admin & Correspondence

  • Brief notes on sessions (These will be brief and recorded anonymized)

Relationship Information: I hold relationship information that you have provided which I use to give a sense of those around you and how these relationships may affect what is going on for you. This information may include:

Relationship Information​

  • First Names of people you relate to/are important to you

  • Their ages

  • Their relationship to you

  • A Brief note on how you view the relationship

Special Category Information: Due to the nature of my service I may need to process data relating to your physical and mental health. The General Data Protection Regulations deem data concerning health as a special category of personal data which means that I need specific reasons for processing this data. These reasons relate to the type of services that I deliver to you, but I believe it is also important to get your informed consent to holding this data. This information may include:

Special Categroy Information​

  • Your reason(s) for contact me

  • The Issues you feel you wish to discuss

  • Your mental health state from your point of view

  • Notes on how you view your current situation (initial session only)

Payment Information: I am required to hold information on payments received for my financial records. This information may include:

Payment Information​

  • Your full name & title

  • Postal Address (for invoices)

  • Email Address (For invoices)

  • The Date & Amount of the transaction

Who I share your data with

mysearchforself will not share your data with any other party with the exception of the following:

  • You present a risk to yourself

  • You present a risk to others

  • You inform me that you have/or plan break the law.

I have a professional duty of care, if the above exceptions occur to seek help/guidance in such circumstances. However, I would dicuss this with you first.

Your Rights Under Data Protection Legislation

You have various rights under the relevant data protection legislation. Here is a summary of those rights:

Your Rights:

  • Subject Access

    •  You have the right to see what information I hold about you within 30 days of making the request. A request may be subject to a small fee to meet my costs in providing you with details of the information I hold about you.​

  • Rectification

    • You have the right to ask me to correct any personal data I hold about you that is wrong. If you feel this is the case, then please let me know.​

  • Erasure

    • You have the right to ask that I erase any information I hold about you. However, this right may be limited by my need to comply with statutory or regulatory requirements for retaining data. The BACP guidelines recommend retaining clinical notes for 7 years post treatment at which point they will be destroyed. Basic information like contact details held on my phone or email will be deleted after 6 months.

  • Communications​

    • You have the right to ask me not to contact you. This may be for specific purposes or you may not wish to be contacted at all. Obviously, I will need permission to contact you if you are an active client so that I can continue to deliver the agreed services to you.​

How I Keep Your Data Secure

The personal data I hold on you is either stored physically or electronically. All Physical data (personal details, therapy notes) are secured in locked storage when not in use.
All sensitive electronic data will be sent to clients in an email attachment that is password protected. Electronic data is held on a computer owned by Jason Lugg and is password protected. Mobile devices are also password protected.

Data Retention & Destruction

I do not keep any information about you longer than necessary. The length of time I keep your data may be determined by statutory or regulatory requirements. I delete or destroy all personal data when it is no longer required.

Data Controller: Jason Lugg (

bottom of page