Privacy Notice

Third-Party Recipients of Personal Data

I have a data processing agreement in place with Google to ensure they process your data only as instructed and maintain high security standards. Other third parties include:

  • My professional supervisor (BACP accredited professional)

  • My website host: Squarespace

1.Introduction

  • Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure. I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018.

  • Data Controllers and Processors: 

    • The data controller is Helder Franco (psychodynamic counsellor/psychotherapist). 

    • I use Google Ireland Ltd (Google Workspace) as a data processor to provide video conferencing and secure document storage.

2. My lawful basis for holding and using your information.

  • The GDPR requires a "lawful basis" for processing your data:

  • During Therapy: I process your data because it is necessary for the performance of our contract.

  • Sensitive Data: for "special category" data (such as health/counselling records), the basis is the provision of health treatment under a contract with a health professional, which in this case is a psychodynamic psychotherapist.

  •  After Therapy: once therapy ends, I use legitimate interest as the basis for holding your information for a set period of up to one year.

3. How I use your information

  • Initial Contact: When you enquire via www.zephyrpsychotherapy.uk, I collect your name and contact details to satisfy your enquiry. If you choose not to proceed, this data is deleted within 3 months.

  • During Therapy: I keep written notes of sessions to help the service run smoothly. These are kept securely on an encrypted device. Clinical notes and administrative files are stored in Google Drive. I ensure that my Google account is configured for high-level security, including two-step verification, to protect your sensitive "Special Category" data. 

  • While you are accessing counselling/therapy: I will use Google Meet for our sessions. No sessions are recorded unless explicitly agreed upon in writing for specific clinical purposes

  • Website Visitors: I use Squarespace to host my site. It may use cookies to help the site work efficiently.

4. Third-Party Recipients
I do not share your data with third parties for marketing purposes. I may share data with:

  • Professional Supervisors: To ensure ethical practice with fellow BACP accredited professionals (client identity remains anonymous).

  • IT Providers: Secure cloud storage, website provider and email provider. These are Squarespace and Google Ireland Ltd (for Google Workspace)

  • Legal Necessity: If required by a court of law or for safeguarding.

5.Data Retention & Security

  • Retention: Your records are kept for a maximum of two years after therapy ends, as required by insurance/professional standards, and then securely destroyed.

  • Security: I use password-protected devices and cloud based, encrypted data storage products via Google Workspace. I record and store my session notes securely using Google Workspace (Docs/Drive), which is password-protected and utilizes two-factor authentication for enhanced security.


6. Your Rights

  • You have the right to:

  • Ask for a copy of the information I hold about you.

  • Ask me to correct mistakes or delete your information.

  • Withdraw consent for me to use your data.