Privacy Policy
This policy, together with our terms and conditions, sets out the basis on which any personal data we collect from you or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By submitting personal data to us and/or by using our website, you give your consent that all personal data that you submit may be processed by us in the manner and for the purposes described below.
Privacy Policy
Introduction
At The Lexicon Therapy Practice, we are committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This privacy notice explains how we collect, use, and protect your data in accordance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR).
This policy applies to The Lexicon Therapy Practice and the independent Clinical Psychologists we manage. In some cases, independent Clinical Psychologists may act as separate data controllers when processing personal data directly. If you have questions about how your personal data is handled, please contact us via our website.
Our Legal Basis for Processing Personal Data
Under the UK GDPR, we process personal data under the following legal bases:
Contractual necessity: If you are in therapy or considering therapy, we process your personal data to provide our services.
Legitimate interest: If you have completed therapy, we retain data to meet professional obligations and ensure quality care.
Legal obligation: We may process personal data to comply with legal and regulatory requirements.
Explicit consent: When processing special category data (e.g., health information), we ensure consent is obtained where required.
What Data We Collect and Why
We may collect the following types of personal data:
Identifying information: Name, date of birth, contact details.
Health-related data: Medical history, mental health concerns, therapy session notes.
Financial details: Payment information for therapy sessions.
Technical data: IP address, cookies, and website usage analytics.
Confidentiality & Sharing of Data
Everything discussed with our Clinical Psychologists is confidential. However, confidentiality may be broken in the following situations:
If we believe there is a risk of serious harm to you or someone else.
If we are legally required to share data (e.g., court subpoena, safeguarding concerns).
If you provide written consent to share your information.
Where necessary, for professional supervision (anonymized case discussions).
We do not sell or share your data with third parties for marketing purposes. If we use third-party services (e.g., cloud storage, email providers), we ensure they comply with UK data protection laws.
Sharing Data with Trustpilot for Reviews
We may share your email address with Trustpilot, an independent review platform, to invite you to provide feedback on your experience with our services. This helps us improve our services and ensures transparency for potential clients. Trustpilot will process your data in accordance with its Privacy Policy, which you can review on their website. If you do not wish to receive these review invitations, please let us know by contacting us.
How Long We Keep Your Data
Adult therapy records: Retained for 7 years after the end of therapy.
Children’s therapy records: Retained until the child turns 25 (or 26 if treatment ended at age 17), in line with NHS guidelines.
General enquiries (if no service is provided): Deleted after 1 year.
If you wish to request early deletion of your records, please contact us.
Data Security
We take data security seriously and use the following measures:
Encrypted cloud storage (GDPR-compliant) for clinical records.
Password-protected devices and files.
Two-factor authentication (2FA) on key accounts.
Access controls ensuring only authorized personnel handle your data.
Your Data Protection Rights
Under UK GDPR, you have the right to:
Access your data (request a copy of your records).
Correct inaccuracies in your data.
Request deletion of your data (subject to legal retention requirements).
Restrict processing in certain circumstances.
Object to processing of your data.
Request data portability (receive an electronic copy of your data in a structured format).
To exercise these rights, please contact [email protected].
Website Visitors & Cookies
When you visit our website, we may collect anonymous analytics data to improve user experience. We use cookies and third-party analytics services (e.g., Google Analytics, Trustpilot), which require explicit consent. You can manage your cookie preferences via our website settings.
For more details, please see our [Cookie Policy].
Making a Complaint
If you have concerns about how we process your data, please contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint.
Contact Details:
The Lexicon Therapy Practice Ltd
77 Newmarket Road, Norwich, NR2 2HW
Company Number: 15353209
ICO Registration: ZB668749
Email: [email protected]
Website: www.lexicontherapy.co.uk