GDPR (General Data Protection Regulation) & Privacy Policy

This document explains how and why A Therapy Mind collects your personal data, what it is used for, how it is processed and how it is kept safe

Kate Ibbotson is the owner of A Therapy Mind. The business trading address is 7 Newby Close, Menston, UK, LS29 6QT.
Kate is the person responsible for keeping your information safe and secure, giving you access to it if you need it, and disposing of your information if you ask or when a reasonable time period has elapsed. If you have any questions about this GDPR and Privacy Policy you can contact Kate via email on

Why do we have a privacy policy?
A Therapy Mind is committed to providing privacy for our clients. We want to provide a safe and secure experience hence are committed to only using client data as set out in this policy. Please be assured that we will not sell or share any information about you with any third parties without your consent, or unless we are required to do so by law.

What sort of data do we collect?
This section explains the types of personal data collected from you, the client, as well as how and why it is used. The types of personal data collected fall into one of three categories:

1) One-to-one, couples and group clients 

This includes clients with whom we work one-to-one (for psychotherapy sessions) or in groups (for talks or workshops), either in a designated group meeting space, over the phone, or via Zoom or other online meeting systems. If you are one of these clients, you will have initiated our contact via the website, telephone, email, a message through a social media platform, through Eventbrite or via the website and we will have agreed to work together.

This category also includes prospective clients, who have initiated contact with us but who have not yet made any specific appointments.

The personal data that we collect and store about you includes:

  • your full name,
  • your telephone number(s),
  • your physical address(es),
  • your email address(es),
  • your Zoom or Skype name if applicable
  • any other online identities that you wish to share
  • information about why you require psychotherapy services
  • your GPs details
  • your next of kin details
  • any details you wish to share about other agencies or individuals who are supporting you with your mental health

We collect this personal data via secure software, email or telephone conversations OR during video or face to face sessions. We only collect the minimum amount of information required in order to be able to make you, visit your home for a scheduled appointment, make an appointment to meet with your group for a talk or workshop, or meet with you online for a virtual appointment.

All the personal information that you provide to us is held on our secure software which is provided and supported by a third party. We endeavour to ensure that your personal information is maintained and updated correctly. It is your duty to inform us of any changes to your personal information to ensure that it is up to date.

2)  Email list subscribers
This category includes clients who have signed up for the A Therapy Mind email list to receive newsletters and other relevant information, on an average monthly basis. The email list is powered by MailChimp, which is GDPR-compliant.  You have the option of signing up to the email list by ticking the consent box in the separate terms and conditions document. Or you can sign up via the website or through A Therapy Mind’s social media platforms. You also have the option of unsubscribing from the email list at any time by clicking on the link at the bottom of each email. The personal data that is collected and stored about you when you sign up for the email list resides on the MailChimp server. It includes: your full name and your email address.

3) Audio Recordings of sessions – this would only be with express permission from you and your permission would always be sought before any recording took place. Please see below.

  • If you give consent to record, I would still seek permission on the day (and you could say no)
  • I would only create an audio recordings of the session (not visual)
  • It would be stored securely
  • The audio would be shared with my supervisor for assessment purposes and would be deleted after assessment
  • I wouldn’t use your full name or any other identifying information at any point

How do I get a copy of the information you hold on me?
As set out in the Data Protection Act and General Data Protection Regulation (GDPR), you have the right to request a copy of the personal information we hold about you and to correct any inaccuracies. To action this, please write to us confirming your requirements at

What if I do not agree with the privacy policy?
If you do not agree with the details set out in this policy, please do not submit your data but don’t hesitate to discuss your concerns by getting in touch.

How do I opt out of you keeping my data on your secure database?
If you do not want us to use your information in future, wish to know what information we keep of yours, or want to request that we delete or amend information from our database, please write to us confirming your requirements at and we will respond appropriately. If you are subscribed to the email list via MailChimp you are able to unsubscribe at any time by clicking the ‘unsubscribe’ link at the bottom of any of my email newsletters to you.

How do you tell me about changes to your Privacy Policy?
This privacy policy may be changed at any time by A Tidy Mind. If we change the policy in the future, we will advise you of this on our website:

How long will you keep my data?
The GDPR requires that personal data be held only for a reasonable amount of time. If we have worked together, we will hold your personal data for 2 years after our last communication, after which we will consider you a ‘past client’, and then will dispose of all of your personal data. If you wish to work with us again after this, you may contact us and we will resume our working relationship. We will re-collect the relevant personal data from you at this time.

How do you safeguard my data?
Your data is stored in secure software which is password protected and your information is accessed through a laptop or phone which are also password protected. Any data recorded via paper is inputted into the secure software and the paper then shredded.

In the case of any of these storage methods being stolen, breached, or hacked, we will do the following within 72 hours of discovering the incident:

  • Notify the police if it is a physical theft or loss of my laptop or phone
  • Notify Outlook (my email provider) if it is a case of email hacking.
  • In the event that it is a data breach or hacking of MailChimp or Eventbrite, it is more likely that the company would notify us, rather than the other way around.
  • In any of these cases, report the data theft, breach, or hack to the ICO (Information Commissioner’s Office), which is the Regulator for the UK, if the incident has a high likelihood of severity of a resulting risk to the affected clients’ rights and freedoms.
  • In any of these cases, we would contact all of the clients whose personal data has been compromised and would provide advice in order to help them protect themselves of any effects of the breach.

If you have any queries about our privacy policy, please get in touch via email: