Privacy Policy | Psychotherapy | Dundee & St Andrews

This privacy policy explains how your data is processed and stored in relation to your interactions with the Practice.

WHAT INFORMATION IS COLLECTED AND HOW IS IT STORED?

The Practice collects sensitive data (e.g. name, date of birth, address, details of health conditions and presenting issues). Hand-written notes will be taken during sessions. The personal information you share with the Practice is used in order to provide a service that meets your needs. Hand-written notes are kept in a single file within a locked storage unit. E-mails will be printed and included in your file. The electronic version will then be deleted. An electronic log including a client code, presenting issues and dates of sessions are kept separately for tax purposes and auditing by regulatory bodies. Banking information (e.g. dates of payments, payment amount and name of the bank account holder) may be shared with financial services. Hand-written notes and e-mails will be held for a period of five years, after which point they are destroyed. The electronic log with client code, presenting issues and dates of sessions will be held for an indefinite period of time.

Cookies are data stored on your browser and are typically used to keep track of your settings and the actions you take on websites. The Practice do not access or use this data. However, this data may be used by Wix (the software developers of this website) to monitor and analyse the performance, operation and effectiveness of their platform.

Dundee Psychotherapy do not use AI to process sensitive data about you.

WHO IS THE DATA SHARED WITH?

As outlined in the Terms and Conditions, your case may be discussed in supervision. This is to ensure that your therapist is working ethically.

Information about you will be kept confidential and will not be shared with any other third-parties. The only exception to this is if your therapist believes you to be at risk.

You may request that your therapist share information with a third-party (e.g. a GP, insurance company or Disability Service), the content of which will be agreed with you.

USE OF ZOOM FOR ONLINE THERAPY SESSIONS

This part of the Privacy Policy explains how online psychotherapy sessions are conducted through Zoom Video Communications, Inc. (“Zoom”), and how your personal information is handled in relation to these sessions. This Practice does not control Zoom’s data collection or retention policies. By agreeing to undertake psychotherapy sessions via Zoom, you acknowledge and consent to the terms outlined below.

Zoom provides encrypted video conferencing services and is a third-party platform not owned or controlled by this Practice. Meeting links are shared only with clients directly and are password-protected.

When you participate in a Zoom session, Zoom automatically collects certain data, including:

Meeting metadata: dates, times, duration of sessions, and IP addresses.
Participant details: the name you choose to display during the meeting.
Technical information: device and connection data required to operate the service.

This information is stored on Zoom’s servers and subject to Zoom’s own privacy policy and security measures. Dates, times, duration of sessions and participant name are also stored in the account of the Host (your therapist).

Psychotherapy sessions conducted via Zoom are not recorded by this Practice. No recordings will be made unless explicitly agreed in writing in advance.

You are responsible for the device and internet connection you use to access Zoom. You should ensure your chosen display name does not reveal information you do not wish to share (e.g., you may wish to use your first name or initials only). It is your responsibility to ensure your environment is private and secure during the session.

YOUR DATA RIGHTS

Under The Data Protection Act (2018) you have eight rights in relation to data held about you:

1. the right to be informed;

2. the right of access;

3. the right to rectification (incorrect information to be corrected);

4. the right to erasure;

5. the right to restrict processing;

6. the right to data portability;

7. the right to object;

8. rights in relation to automated decision making and profiling.

To find out more information, please visit The Information Commissioner's Office website.

Updated: 30th September 2025