This policy sets out how I manage information or data about users of this website ( and/or patients I work with.

Overall the level of confidentiality and privacy for the practice of psychoanalytically-informed psychotherapy is greater than for usual medical or business practice. My processes around data handling are compliant with the EU’s GDPR (General Data Protection Regulation).

By using any features of this website you demonstrate your agreement with this policy. Patients I work with are free to raise any questions about data processing with me directly.

1. The data that are collected and why.

1.1. Users of the contact form.

In order for people to make an enquiry via this website’s contact form (, I ask for two items of data:

– name; and

– e-mail address, plus whatever information the individual wishes to submit in a free-text box in order to generate their enquiry.

I require this data in order to be able to respond and to facilitate a response that is sufficiently personal for discussing psychotherapy.

1.2. Patients setting up appointments.

For those who (via the website or otherwise) arrange clinical sessions with me, I ask for the following information at the outset:

– full name;

– date of birth;

– e-mail address;

– telephone number; and

– GP practice details (or equivalent physician depending on the country of residence).

In the vast majority of cases, I only require somebody’s full name and e-mail address in order to carry out the administrative aspects of psychotherapy, such as sending details of video-conferencing sessions, arranging appointment dates and times, and sending invoices. I ask for the other information in order to have emergency contact details in the unlikely event of being unexpectedly unable to deliver psychotherapy services, in which case a nominated clinical colleague would be passed contact details only in such a situation in order to help an affected patient (and in which case that clinician would assume ongoing data protection responsibilities); or for the extremely rare event of me ethically being required to break medical confidentiality in order to communicate acute concerns about the welfare or safety of an individual to another professional or agency.

The website does not track users nor collect information such as users’ IP addresses.

2. How data are obtained.

The data I ask for are obtained usually (but not exclusively) via the website’s contact form, by stand-alone e-mail enquiries, or via e-mail exchanges developing from a contact form submission.

During actual psychotherapy sessions information of the most personal and private nature is communicated; however, this information is foremostly of an emotional and psychology nature and does not make any individual person directly identifiable.

3. Data storage.

3.1. People who make enquiries only.

For those who make enquiries, who do not then go on to undergo any clinical sessions, the data submitted as part of enquiries are stored only within my e-mail service and its servers. I use a secure professional e-mail service accessible only to me.

3.2. Patients who have appointments with me.

For those who have clinical sessions with me, only people’s names and initials are stored on my personal computer for the purposes of drawing up invoices. The computer is password-protected and accessible only to me. No other person-identifying information is stored on my computer. Other data are stored only on my e-mail service’s servers.

3.3. Session records.

I do not keep any clinical records coupled to any person-identifying data. Notes made for the purposes of reflective practice, peer discussion and/or supervision are stored on my personal computer; however, these are anonymised and cannot be linked to identifiable persons.

4. Data retention.

4.1. People who make enquiries only.

For people who have made enquiries only I aim to have deleted all data pertaining to them within a maximum of one year. Periodically I manually review the Inbox, Sent and Trash folders of my e-mail in order to do this.

4.2. Upon the conclusion of an assessment or treatment period.

Once a patient has finished a period of working with me, all information relating to that individual is deleted, both from my e-mail service and anything stored on my personal computer. Again, I aim for this to have been done within a maximum of one year, usually much sooner.

5. Data sharing.

Routinely I do not share any person-identifying data with any person or organisation. I will never sell or rent information to any companies or individuals.

As above, the only circumstances when any data that can be linked with a person would be shared would be: (a) in the unlikely event of me not being able to provide clinical services, in which case contact information only would be passed to a clinical colleague; and/or (b) where concerns about the immediate safety or welfare of an individual warrant a proportionate disclosure of personal information to another individual or agency.  

Reflective peer-to-peer discussions and supervision are part of good psychotherapy practice. In such discussions, whilst private and personal themes are necessarily covered, people’s identifying details are either anonymised or not mentioned.

6. Cookies.

Cookies are small files that website servers store within users’ browsers. From your browser it is possible to manually or automatically delete cookies, or to refuse them.

Upon navigating to this website users are asked to accept the use of cookies on the site. The website uses only a very small number of cookies in order for some features to function, namely, the contact form, the cookie banner itself and the Google reCAPTCHA device. As above, there are no tracking cookies or capture of IP addresses.

7. Exceptions.

There may some exceptions to the terms of this privacy policy, for example, instances where a third party is involved in funding an individual’s therapy or where therapy forms a part of an individual’s professional training with a training institution. In such instances there may be a requirement to share very basic information, such as the number of sessions attended. In situations such as these you would be made aware of the data-sharing requirements involving the third party or organisation.

8. Opting out.

The only way to opt out of the terms of this privacy policy is to refrain from using the website. Patients I work with are encouraged to speak with me directly if they have any questions or concerns about my data handling, if they wish to access their own data that I hold, or if they wish to discuss opting out of this policy.

9. Last updated.

Dr Peter Wilkinson, 9th September 2022.