top of page

Privacy Policy


I am committed to respecting and protecting your data. All the personal data you communicate with me through my websites and in the delivery of psychological and therapeutic services is held securely. I do need to point out that I am unable to guarantee or accept liability for how data you might divulge to any third party websites linked to my websites might be used.

Nature of Data Held

In providing you with the best possible service I will require you to provide some data about yourself including:


  • Full name

  • Date of birth

  • Residential address

  • Email address

  • Telephone number

  • Details of your inquiry

  • GP details

  • Next of kin contact details

  • Other information that might facilitate treatment (e.g. medical and family history)

While my websites use up-to-date security features no communication across the internet is totally immune of risk. I cannot guarantee the security of your personal data transmitted through my websites or via email. Some of the information you provide may be considered sensitive personal data under GDPR (General Data Protection Regulations) and might relate to your ethnic or racial origin, political opinions, religious beliefs, physical or mental health, sexual life or criminal record. If you feel uneasy about communicating any information via the internet it is always possible to discuss matters in person when you meet me for an initial consultation.

Lawful Basis for holding and using Client Information

As a member of the British Psychological Society (BPS), the British Association for Counselling and Psychotherapy (BACP), the United Kingdom Council for Psychotherapy (UKCP) and the EMDR Association UK, I abide by the Code of Practice and Ethics required by these organisations. The lawful basis under which I hold and use your information is solely in the service of providing you the best possible psychological consultation and psychotherapy and to collect related payment.

Your data will not be used for marketing or other purposes. It will not be shared with any third parties. In exceptional circumstances and in order to protect life or other circumstances stipulated by UK law, I may be required to pass your personal data to another person or organisation.


I will retain your personal data only as long as necessary to offer you services or as required by statutory regulations. Your personal data we will be held in manner that minimizes risk of unauthorized access. Communication may be printed and held securely or stored on computers used for business purposes.


In order to protect your privacy, it is my policy to minimise the detail of any clinical notes I hold about therapeutic work whether I see you as an individual or as part of a couple. These notes serve as an aide-memoire supporting my work with you and to document management of risk. They do not represent an account of session content.


I use an electronic note and information keeping system known as Bacpac. Bacpac is a GDPR compliant system. Bacpac operates on a secure hosting platform that has been vetted by both the NHS and Ministry of Defence for hosting confidential medical information, so you have complete peace of mind that your notes are stored safely and securely. In terms of accreditation Bacpac is ICO (Information Commissioner’s Office) registered and accredited by the ISO (International Standards Organization), plus it is assessed every 6 months by the BSI (British Standards Institutution) to make sure the highest security standards are maintained. Where hand written notes are made these are, where possible, anonymised and stored and locked securely.

Online Services

In my current practice, my policy is to deliver online services via ZOOM which is GDPR compliant affording the highest standard in security. However, no platform is completely immune from monitoring particularly from state sponsored operators.


When joining by computer or phone there is some device information which is collected for technical delivery purposes only.


These include:

  • Participant name (as entered by the participant when joining zoom)/ phone number

  • Device type e.g. Mac/ Windows

  • Public IP address

  • Location (20-mile radius)

  • Network Type e.g. WIFI or wired

  • Microphone type e.g. built in

  • Speaker type e.g. built in

  • Camera type

  • Data Centre

  • Connection Time

Information about ZOOM GDPR compliance can be found here:

ICO Compliant

I (Kevin Morgan Psychotherapy) am registered with the ICO (Information Commissioner’s Office).  The ICO is responsible for enforcing the data protection legislation in the UK.  It has the power to carry out investigations and advise service providers on how to comply with the GDPR.


This policy is written with the intention of providing transparent information regarding how I control and process personal data. If you have any queries regarding this policy, please contact me using the details shown below. To find out more about General Data Protection Regulations (GDPR) and your rights, please go to or

Contact me

I am happy to discuss any questions you might have with regards to your data. Please contact me on 07741 069467 or via email at

bottom of page