top of page

Privacy Policy

​

Introduction

Kaely Phelps Psychotherapy LTD is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with UK Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR), and where applicable, the Health Insurance Portability and Accountability Act (HIPAA) and New York State privacy laws.

​

Information We Collect

We collect and process the following types of personal information:

Identifying Information:

  • Name, date of birth, address, contact details

  • Emergency contact information

Health Information:

  • Information about your mental health, psychological state, and wellbeing

  • Progress notes from therapy sessions

  • Assessment and treatment records

  • Medication information

  • Information about your physical health where relevant to treatment

Financial Information:

  • Payment details and billing information

Communication Records:

  • Emails, text messages, and other correspondence

  • Appointment scheduling information

 

Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

Consent: You provide explicit consent for us to process your sensitive health data for the purpose of providing therapy services.

Contractual Necessity: Processing is necessary to fulfill our therapeutic contract with you.

Legal Obligation: We may be required to process data to comply with legal or regulatory requirements.

Vital Interests: In rare circumstances, we may need to process data to protect your vital interests or those of another person.

 

How We Use Your Information

We use your personal information for the following purposes:

  • Providing psychotherapy and clinical services

  • Maintaining accurate clinical records

  • Scheduling and managing appointments

  • Billing and payment processing

  • Clinical supervision (with identifiable information removed)

  • Complying with legal and regulatory obligations

  • Safeguarding purposes where there is risk of harm

 

Confidentiality and When We May Share Information

Your therapy sessions are confidential. However, there are limited circumstances where we may be required or permitted to share information:

With Your Written Consent: We will share information with other healthcare providers or individuals you authorize.

Legal Requirements: We may be required to disclose information by court order or legal process.

Risk of Serious Harm: If we believe there is serious risk of harm to you or others, we may need to break confidentiality to protect safety. This includes:

  • Risk of suicide or serious self-harm

  • Risk of harm to children or vulnerable adults

  • Risk of serious harm to others

  • Serious criminal activity

Professional Supervision: Your case may be discussed in clinical supervision with identifying details removed. Supervisors are bound by the same confidentiality requirements.

Regulatory Bodies: We may need to share information with our professional regulatory body (e.g., BACP, UKCP) in case of complaints or investigations.

​

Data Storage and Security

Security Measures:

  • All electronic records are stored on encrypted, password-protected devices

  • We use secure, encrypted email for electronic communications

  • Regular backups are encrypted and stored securely

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or disclosure.

 

Data Retention

We retain your personal data only for as long as necessary:

Clinical Records: Retained for 7 years after the end of treatment for adult clients, or until age 25 (whichever is longer) for clients who were under 18 at the end of treatment, in accordance with professional body guidelines.

Financial Records: Retained for 6-7 years in accordance with tax and accounting requirements.

Correspondence: Retained for the duration of our therapeutic relationship and may be retained as part of clinical records.

After the retention period, records are securely destroyed through secure deletion (electronic records).

 

Your Rights

You have the following rights regarding your personal data:

Right of Access: You can request a copy of the personal data we hold about you.

Right to Rectification: You can request correction of inaccurate or incomplete data.

Right to Erasure: In certain circumstances, you can request deletion of your data (this may be limited by our legal obligations to retain clinical records).

Right to Restrict Processing: You can request that we limit how we use your data.

Right to Data Portability: You can request your data in a portable format.

Right to Object: You can object to certain types of processing.

Right to Withdraw Consent: You can withdraw consent at any time, though this may affect our ability to provide services.

Right to Complain: You have the right to lodge a complaint with:

  • UK: Information Commissioner's Office (ICO) - ico.org.uk

  • US: US Department of Health and Human Services Office for Civil Rights (for HIPAA matters)

 

Accessing Your Records

You have the right to access your clinical records. Please submit requests in writing to hello@kaelyphelpstherapy. We will respond within:

  • UK: One month of receipt

  • US: 30 days of receipt (as per HIPAA)

There is no fee for accessing your records unless requests are manifestly unfounded, excessive, or repetitive.

Please note that in rare circumstances, access to records may be denied or limited if disclosure would cause serious harm to your physical or mental health or that of another person.​

 

Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on our website with the "Last Updated" date revised. For material changes, we will notify you directly via email or at your next session.

​

Consent

By engaging our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein.

For UK Clients - ICO Registration:
This practice is registered with the Information Commissioner's Office (ICO). Registration number: [Your ICO Number]

For US Clients - HIPAA Notice:
This Privacy Policy serves as our Notice of Privacy Practices as required under HIPAA. You have the right to receive a paper copy of this notice upon request.

​

​

Last Updated: January 2026

bottom of page