Privacy Policy

Dr Kirsty Pratt: Clinical Psychology Services

I, Dr Kirsty Pratt, am a sole trader offering Clinical Psychology Services.

This privacy notice explains how I use any personal information I collect about you as a service user or when you use my website.

In this document, “we”, “our” or “us” refers to Dr Kirsty Pratt at Dr Kirsty Pratt: Clinical Psychology Services.

For the purpose of the Data Protection Act 1988, I, Dr Kirsty Pratt, am the data controller and I am registered with the Information Commissioners Office.


This document sets out my policy regarding information I record about you. It sets out the conditions under which I process information I collect about you or that you provide to me. It covers information that could identify you (personal information).

In the context of the law and this notice “process” means to collect, store, transfer, use or otherwise act on information.

The protection of your privacy and confidentiality is taken very seriously. I understand that you are entitled to know that your personal data will not be used for any intended purpose and will not accidentally fall into the hands of a third party.

The policy complies with UK law including that by the EU General Data Protection Regulation (GDPR). Except as set out below, I do not share, sell or disclose to a third party any information collected about you. Under no circumstances are your details shared, sold or rented to third parties for marketing purposes.

What are your rights?

  • I am committed to protecting your rights to privacy. They include the following:
  • Right to be informed about what I do with your personal information
  • Right to have a copy of all the personal information I process about you
  • Right to rectification of any inaccurate factual data I process and to add this information I hold about you if it is incomplete
  • Right to be forgotten and have your personal data destroyed
  • Right to restrict the processing of your personal data
  • Right to object to the processing I carry out based on legitimate interest

Why do I collect information?

I will collect information about you if you are a service user. I process data because it is in the legitimate interests as a Clinical Psychologist or Expert Witness to do so. I need to see and analyse documents containing information to carry out an assessment or to deliver psychological interventions.

My lawful reason for processing data is that it is necessary for the provision of health or social care or treatment. The law requires that I determine under which of the defined bases I process different categories of your personal information and to notify you of the basis for each category.

  • Fulfilling contracts

When you become my patient a contract is formed between us. The service I provide to you necessarily entails you providing me with some personal information. Additionally I may use information and data you provide for analysis, research or screening purposes for example, to help me understand the performances of the services I provide. If I use information for this purpose you as an individual will not be personally identifiable.

  • Consent

Whenever possible I aim to obtain your explicit consent to process information. Sometimes you may give your consent implicitly such as when you write to me asking for a response. You may withdraw your consent at any time by writing to me.

  • Legitimate Interests

I may process information on the basis there is a legitimate interest, either to you or me of doing so. Where I process your information on this basis I do so after having given careful consideration as to whether we could have achieved the same objectives by any other means, whether processing or not might cause you harm, whether you would expect me to process your data and whether you would consider it reasonable to do so. For example, I may process your data for the purposes of record keeping, for proper and necessary administration of my business or for protecting and asserting your rights, my rights or the rights of any third party.

  • My legal duty

Sometimes I must process your information in order to comply with a statutory obligation. For example, I might be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal data.

What information do I collect about you?

I collect information about you that may be classified as sensitive or personal data such as your name, gender (or preferred identity), address, date of birth, email address, phone numbers, GP’s name and address, whether you are self-funded or funded by Insurance and the name and policy number of any insurance policy, relationships and children and occupation. I will ask for your consent to share information with your GP and seek consent for you and I to occasionally communicate via e-mail and text message when arranging appointments. When you are a patient, I record all details of your appointments and assessment/ treatments so I can plan and review your treatment appropriately. In addition to personal information above, I may also collect information regarding medical conditions, prescribed medication, psychological history and current difficulties.

I may collect some of this information from your insurance company or referrer, if you have one, and some of this information will be collected by directly from you. I also process personal data pertaining to legitimate interests in running my business such as invoices and receipts, accounts and tax returns.

How do I store your information?

I take your privacy very seriously and make best efforts to ensure its security. All personal information and special category information is stored in compliance with EU General Data Protection Regulations (GDPR) rules.

Hard copies of paperwork are stored in a safe with restricted access and electronic information is stored on encrypted devices.

How long do we keep the information for?

Personal data is retained as necessary for seven years in compliance with professional indemnity and legal obligations. In patients under the age of 18 years, data is retained for seven years after the age of 18 years. Administrative data is retained for up to six years as necessary in the event that there are queries from HMRC. Where it is not necessary to retain the data for six years it will be destroyed as soon as possible.

Who do I share your personal information with?

Your information is kept confidential where possible. There are, however, some circumstances where I have a duty of care to share information. For example, if I became aware of your intent to cause harm to another person / organisation and / or if I believe that you or others are at serious risk of harm either from yourself or others.

 I will share your information with an appropriate professional (e.g. GP, Mental Health Service, and Emergency Service). In most circumstances I will not disclose personal data without your consent.

Your information may be shared with outside organisations if they are directly involved in your care. For example, your GP, your insurer if they are funding your treatment, private medical insurance companies and independent case managers sometimes expect written progress reports to authorise treatment. In this instance they will request your written permission for information to be disclosed. I will discuss with you what information is shared. The process of transmitting information will always be in accordance with GDPR rules.

If you are a supervisee, I will collect sensitive data related to your psychology practice. This data may be shared with a third party if I am legally or ethically obliged to do so. For example, if instructed by a court or if there are concerns about malpractice and a need to report to a professional body.

Clinical Psychologists are required to have regular supervision to maintain high standards. However, steps will be made to protect your identity. I use first names only and do not share identifying details with my supervisor.

How do you access your information and correct it if necessary

Individuals can make a Subject Access Request under the Data Protection Act and the General Data Protection Regulation. Please put your request in writing to the Data Controller – Dr Kirsty Pratt. I will then supply to you:

  • A description of the data we hold about you
  •  Inform you how it was obtained (if not supplied by you)
  •   Inform you why, what purposes we are holding it
  •   What categories of personal data is concerned
  •   Inform you who it could be disclosed to
  •   The retention period of the data
  •   Provide a copy of the information in an electronic format unless otherwise requested

Complaints or queries

Dr Kirsty Pratt: Clinical Psychology Services tries to meet the highest standards when collecting and using personal information and take complaints very seriously. Please contact me if you think my collecting or use of information is unfair, misleading or inappropriate.

Tel: 07895445618


If you are not satisfied with the response from me you have the right to raise your complaint with the Information Commissioners Office (ICO).



Tel: +44(0)303 123 1113

Changes to my privacy policy

If you are a current client when changes are made then you will be notified by e-mail.