top of page

Privacy Policy

St Albans Psychology respects your privacy and is committed to protecting your personal data and we aim to be as clear as possible about how and why we use your information so you can be confident that your privacy is protected.


This privacy policy will inform you as to how your information is processed and describes how we manage your information when you use our services, if you contact us, visit our website or when we contact you. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill dated May 2018.

St Albans Psychology uses the information we collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, Dr Paul Workman is the data controller; if another party has access to your data he will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why he needs to provide them with the information. If your questions are not fully answered by this policy, please contact Dr Paul Workman. 


If you have concerns about the storage and handling of your personal information you can contact the ICO via

Why do we need to collect your personal data?

We need to collect information about you so that we can:

  • Know who you are, so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest. 

  • Provide services to you. The legal basis for this is the contract with you.

  • Process your payment for services. The legal basis for this is the contract with you.

What personal information do we collect?

To provide you with therapy services, we need to collect the following information:

  • Your name and date of birth

  • Your contact details including a postal address, telephone number(s) and electronic contact such as email address. We will collect this information directly from you. We may also collect information about you from third parties; for example, if we receive a referral from another health professional (such as your GP).

How do we use the information that we collect?

We use the data we collect from you in the following ways:

  • To communicate with you so that we can inform you about your appointments with us, we use your name, your contact details such as your telephone number, email address or postal address.

  • To create your invoice, we use your name and email address.

  • Where relevant, to process your payment, we use your address.

  • To keep any clinical notes arising from therapy sessions and related cancellations or communications between us.

As part of clinical practice, all therapists are required to use an external supervisor (typically another Clinical Psychologist) to discuss treatment and ensure best and safe practice for the people they work with. Supervisors are also accredited in clinical practice and supervision. Information but not names will be shared with the supervisor who regularly reviews the clinician's practice. 

Where do we keep the information?

We use computers that are password protected and information stored on hard drives which are encrypted. We store clinical notes on 'WriteUpp' which is a commercially available system specifically designed for this purpose. Passwords are changed every 90 days and it is our policy that passwords are not shared. We store any paper records in a cabinet in a securely locked office.​


For any email correspondence, St Albans Psychology uses 'Proton Mail' which offers end-to-end encryption and zero-access encryption. If you do not use 'Proton Mail', they also offer password protected emails with clients. We can agree to use a password for email correspondence to ensure that any email will be inaccessible to both Proton and your email provider.

How long do we keep the information?

We keep contact information for a period of 6 months if you do not become a client of ours and then permanently and securely delete all information. We keep your medical record electronically for 7 years as this is the minimum/maximum length of time for records to be retained and then permanently and securely erases. We keep electronic invoices for seven years as this is the required length to comply with the HMRC requirements.

Who do we send this information to?

We send information to you and anyone we are required by law to inform. All information that is sent electronically is sent as attachments that are encrypted and password protected.

How can you see all the information we have about you?

You can make a subject access request (SAR) by contacting St Albans Psychology. We may require additional verification that you are whom you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.

bottom of page