Privacy Policy

Effective Date: May 24, 2025

At Michael Boyce Therapy, I am committed to protecting your privacy and personal data. This Privacy Policy explains how I collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the British Association for Counselling and Psychotherapy (BACP) Ethical Framework.

​

1. About Me (The Data Controller)

I am Michael Boyce, a BACP registered therapist. I am the sole practitioner at Michael Boyce Therapy and act as the Data Controller for the personal data I process. This means I am responsible for deciding how your personal data is collected, used, and stored.

• Contact Email: michaelboycetherapy@gmail.com

• ICO Registration: I am registered with the Information Commissioner's Office (ICO) under registration number: [Currently awaiting confirmation of registration number].

​​

2. What Personal Data I Collect

I collect and process personal data that is necessary for providing you with safe, ethical, and effective counselling services. This may include:

• Contact Information: Your full name, email address, emergency contacts.

• Identification Data: Your date of birth.

• Session Information (Clinical Data): Brief, anonymised notes regarding session content, themes discussed, and therapeutic process. These notes are for clinical purposes only, to aid my memory, and to ensure continuity of care. They are not verbatim transcripts.

• Health and Background Information: Relevant personal history, current circumstances, significant life events, and any health information you choose to share that is pertinent to your therapy. This is considered "special category" data under GDPR, and I process it with your explicit consent for the provision of health care services.

• Communication Records: Records of emails or other communications between us related to scheduling, administrative matters, or your therapy.

• Payment Information: Records of payments received. I do not store your credit card or bank details directly. Payments are processed via bank transfer and are subject to their privacy policies.

​​

3. How I Collect Your Personal Data

I collect data in the following ways:

• Directly from You: When you contact me via email, complete any intake forms, during our initial consultation, and throughout our therapy sessions.

• From Third Parties: Very occasionally, with your explicit consent, I may receive information from a third party (e.g., a referring GP or psychiatrist), but this will always be discussed with you first.

​​

4. How and Why I Use Your Personal Data (Lawful Bases)

I use your personal data for the following purposes and rely on specific lawful bases under UK GDPR:

• To Provide Counselling Services: This is the primary purpose. I use your contact details to schedule sessions and communicate with you. Your session notes and background information are crucial for delivering effective and tailored therapy.

  • Lawful Basis:

    • Contract: To fulfil my contractual obligations to you in providing counselling services.

    • Legitimate Interests: For managing my practice and clinical administration.

    • Explicit Consent: For processing "special category data" (health information) necessary for the provision of health care. You provide this consent by engaging in therapy with me.

• Clinical Supervision: As a BACP registered therapist, I am required to engage in regular clinical supervision. During supervision, aspects of our work may be discussed with my qualified supervisor. This is done anonymously to protect your identity.

  • Lawful Basis: Legitimate Interests (professional development and ethical practice) and Explicit Consent (for special category data).

• Administrative Purposes: For managing appointments, payments, and responding to your enquiries.

  • Lawful Basis: Contract and Legitimate Interests.

• Legal and Ethical Obligations: To comply with my professional and legal responsibilities (e.g., BACP Ethical Framework, safeguarding duties).

  • Lawful Basis: Legal Obligation and Legitimate Interests.

​​

5. Sharing Your Personal Data

I will never sell your personal data. I will only share your data in the following limited circumstances:

• With Your Explicit Consent: If you explicitly request or agree for me to share information with a third party (e.g., another healthcare professional).

• Clinical Supervision: As noted above, discussions with my clinical supervisor are anonymised and focus on my practice, not your identity.

• Legal or Ethical Obligation (Limits to Confidentiality):

  • If I believe you are at serious risk of harming yourself or others.

  • If I become aware of safeguarding concerns regarding a child or vulnerable adult.

  • If I am legally compelled by a court order.

  • In such rare cases, I will, where possible and appropriate, endeavour to discuss this with you before disclosing information.

• Emergency Situations: In the event of an immediate and serious emergency where your life or the life of another is at risk, and I cannot obtain your consent, I may disclose necessary information to emergency services.

​​

6. Data Security

I am committed to ensuring the security of your personal data. I implement appropriate technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, and destruction. These measures include:

• Confidentiality: All information shared during sessions is treated with the strictest confidence.

• Password Protection: All electronic devices (computer, tablet) used for data storage are password protected.

• Encryption: Where possible, data is stored on encrypted drives or cloud services.

• Secure Platforms: Online sessions are conducted via Google Meet, which offers security features. I cannot guarantee the security of your internet connection or device.

• Anonymised Notes: Session notes are brief and anonymised.

• Secure Email: Emails containing sensitive information are sent with appropriate care.

​​

7. Data Retention

I retain client records for a period of 5 years (as stipulated by my professional insurance provider, "Holistic Insurance") after the cessation of therapy. This retention period is in line with BACP guidelines and for professional accountability and legal compliance. After this period, all records are securely destroyed or permanently deleted.

​

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right to be informed: You have the right to know how your personal data is collected and used, as outlined in this Privacy Policy.

• Right of access: You have the right to request a copy of the personal information I hold about you. This is known as a Subject Access Request (SAR).

• Right to rectification: You have the right to request that I correct any inaccurate or incomplete personal data I hold about you.

• Right to erasure (the "right to be forgotten"): You have the right to request the deletion of your personal data. Please note that this right is not absolute and may be subject to legal and ethical obligations for data retention (e.g., BACP guidelines).

• Right to restrict processing: You have the right to request that I limit the way I use your personal data in certain circumstances.

• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

• Right to object: You have the right to object to certain types of processing of your personal data.

• Rights in relation to automated decision-making and profiling: You have the right not to be subject to decisions based solely on automated processing. This is not applicable to my counselling services.

To exercise any of these rights, please contact me via email at michaelboycetherapy@gmail.com. I will respond to your request within one month.

 

9. Links to Third-Party Websites

Our website may contain links to other websites or online platforms, such as our profiles on Psychology Today and Bark.com. These links are provided for your convenience and to offer additional information about our services.

Please be aware that we are not responsible for the privacy practices or the content of these third-party websites. When you click on such links, you will be redirected to an external site that operates under its own privacy policy and terms of service. We encourage you to review the privacy policies of any third-party websites you visit to understand how they collect, use, and share your information.

 

10. How to Complain

If you have any concerns about how I handle your personal data, please contact me directly at michaelboycetherapy@gmail.com in the first instance. I take all complaints seriously and will do my best to resolve the issue.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection.

• ICO Website: www.ico.org.uk

• ICO Helpline: 0303 123 1113

 

​​11. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my practices or legal requirements. Any updates will be posted on this website with a revised effective date. I encourage you to review this policy periodically.