GDPR Compliant Privacy Notice

Data Controller: Dr Jonathan Pointer

• Information I Collect: I collect your name, date of birth, residential address, and GP details. I also note current medication and any other mental health professionals and/or clinical teams currently involved in your care.

• Clinical Records: I keep brief clinical notes to record the focus of our sessions. These are stored as a formal record of treatment and are not intended as a detailed personal narrative or therapeutic resource.

• Clinical Supervision: As a requirement of my HCPC registration, I participate in regular clinical supervision. During these consultations, I may discuss our work together; however, I use aliases or "de-identified" information to protect your identity. My supervisor is also bound by professional confidentiality.

• Payments: Payment is made in advance via BACS. Your name will appear on my bank statements as the sender of the payment; however, these are highly secure, paperless digital statements accessible only by me. I do not hold clinical information or invoices within my financial records.

• Security: Handwritten notes are digitized and stored on a password-protected device in an encrypted folder. Original emails containing sensitive details are permanently deleted once the information is transferred to this secure system.

• Confidentiality & Clinical Safety: Your information is private. I will only share it if legally required or if there is a significant concern for your safety. In such cases, I may contact your GP and/or other relevant mental health professionals; I will always endeavor to discuss this with you first.

• Storage: I retain clinical records for 7 years, after which they are securely deleted. Bank statements are retained for the period required by HMRC.

• Your Rights: You have the right to request a copy of your data at any time. For any concerns, you can contact me directly or the Information Commissioner’s Office (ICO).