Privacy Policy

As part of my professional duty of care I have to collect information about you to work with you as best I can.  It is important that you are informed about what happens to your information.  This privacy policy explains how I will use, store and protect your personal information in line with General Data Protection Regulation (GDPR).

Data Control

Dr Naomi Harding is the data controller for Solasta Clinical Psychology Psychology Practice.

What personal information is being collected?

As a clinical psychologist I need to collect a range of personal information. This includes:

Personal data: basic contact information: name, address, email, contact number, GP

contact details and insurers details (where applicable).

Sensitive personal data: therapy records which include therapist notes, letters or reports written by myself or other professionals and outcome measures.

If you are referred by your health insurance provider, then I will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.

Why is this information being collected?

It is necessary to collect this information to provide psychological assessment and treatment. I require your GP details to allow me to contact them should I be sufficiently concerned about your current level of risk. I require your contact details so that I can reach you should an appointment need to be re-arranged.

If you do not provide the personal information requested, I may not be able to provide a service to you.

I may also ask for information on how you found this service for the purpose of marketing research.

What I do with your personal information?

I will only use your personal information to provide the services you have requested. Your written information will be kept in a file and stored securely within a locked filing cabinet to which only I have access. Information may also be scanned and uploaded to an individual electronic casenote within a very secure and confidential practice management software system. All digital information and storage will be encrypted (e.g. emails, information databases etc).

I will keep your preferred telephone number stored in the memory of my business mobile phone.  I will store your first name and surname initial.  No other information will be stored about you in this format. This information is only accessible by me and is password protected. I will delete your details from my phone as soon as we finish working together. We will discuss if you do/do not wish to be contacted by phone and your privacy will always be respected.

I will keep your email address stored in my Protonmail email account.  This is accessed on my business mobile only.

Who will your information be shared with?

The information you provide is confidential, however, there are certain circumstances where I have a duty of care to share your information.  For example to communicate with other family members or professionals if there is:

Risk to self or another

If you and I agree it might be helpful to do so.  I will not routinely share your information with other professionals (such as your GP) unless you ask me to do so. 

Other circumstances which may require me to disclose your personal information

To comply with any legal obligations.

If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. I may also share information with that organisation to provide treatment updates.

How long is personal information stored?

Your information will be retained in accordance with professional HCPC guidelines. Your information will be deleted or shredded 7 years after we end working together.  If you are under 16 years of age, I will retain your information until your 25th birthday. After this time, this data is deleted at the end of each calendar year.  Basic contact information held on my business mobile phone will be deleted once our work is completed.

What I will NOT do with your personal information

I will not share your personal information with third-parties for marketing purposes.

I will not share your information with anyone other than in the circumstances described above.

Your right to access the personal information I hold about you

You have a right to access the information I hold about you.

I will usually share this with you within 30 days of receiving a request.

There may be an administration fee for supplying the information to you.

I may request further evidence from you to check your identity.

A copy of your personal information will usually be sent to you in a permanent form

(that is, a printed copy).

You have a right to have your personal information corrected if it is inaccurate.

If you want to have your data removed, I have to determine if I need to keep the data.  If I am not required to retain the data, I will delete it.


If you wish to make a complaint regarding how I have handled your data, you can contact me on

If you think I have not complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.