GDPR Information Sheet

GDPR Information Sheet 2018-05-04T20:19:59+00:00

We take the privacy of your data very carefully. We want to fulfil the spirit of GDPR which is about protecting your right to privacy, not just the letter of the law. This includes everyone who comes into contact with State of Mind Psychotherapy. This is a working document so will be updated regularly.


Here is a list of what we do to protect your personal information.


  1. Files are held within files that are password protected for access or are locked filing cabinet.
  2. Any specific files, such as databases, also have their own password this allows a second level of protection or in a locked filing cabinet. This includes our master password list which is itself password protected. Specific files are also coded for clients privacy. Records are kept for the purposes of preventative occupational medicine. Records will be kept for 7 years in accordance with IACP recommendations
  3. Protonmail is used for emails, clients are advised to use proton mail for maximum security, Protonmail is compliant with GDPR. Contact forms on State of Mind Psychotherapy website are sent to our Protonmail account. Wherever emails are sent to more than one person, apart from internal emails amongst staff members, or student groups, all recipients of emails are blind copied, with the sender sending the email to themselves so that no one else shows in the received line. This is known as “bcc”. MailChimp is used for Newsletters, this is where the email list is stored, MailChimp has complied with GDPR recommendations.
  4. Where files are of a personal nature they are sent using a password-protected file attached to an email. If we use this second method we send the password via a different method, either using a mobile phone message.
  5. We only use software where data security is fully implemented and where their adherence to GDPR compliance is confirmed in their Terms and Conditions. In particular, we use zoom for all our therapy sessions:
  6. We will never share or sell your information. Clients retain their rights to erasure.
  7. We will review our data protection management annually to ensure it is still fit for purpose and complies with current regulations.
  8. If you would like to have your details removed from our system, partially or entirely, we will be happy to do so, providing that there is no adverse reason (such as a complaint or a legal reason) for us to do so. If you want your information removed we invite you to write to putting “right to erasure” in the email subject field.

You are very welcome to discuss anything with regard to Data Protection with Elva Glynn at