GDPR Agreement 

​

This agreement outlines how any personal data collected or provided—by either yourself or me—will be securely stored, processed, and protected in accordance with the General Data Protection Regulation (GDPR).

​

1. How Your Personal Information Is Collected

Your personal data may be collected through the following means:

• Emails sent to info@samanthamillertherapy.com

• Phone calls or text messages to 07821 201 555

• The Start of Counselling form, completed during the initial stages of therapy

• Emails submitted via my website: www.samanthamillertherapy.com

• Messages received through professional directories (e.g. BACP, Counselling Directory)

• For online sessions, I use Zoom and Google Meet. Any chat messages exchanged within these platforms are deleted immediately after each session or at the end of our work together.

​

2. How Your Information Is Stored

• Personal data received via email or phone is stored on password-protected devices to which only I have access.

• Any completed agreements or therapy forms are stored either electronically on a secure, password-protected device or, if handwritten, in a locked, secure drawer.

• Brief session notes are stored electronically on a password-protected device and anonymised using your initials.

​

3. Purpose of Collecting Your Information

• Your contact details are used to respond to queries, schedule appointments, or notify you of changes in our therapy arrangement.

• As part of my ethical commitment to regular clinical supervision, anonymised information may be discussed with my supervisor to ensure the quality of my work. Your identity will never be disclosed and you will be referred to by initials only.

​

4. Data Retention

• Text messages are deleted immediately after reading and any scheduling changes are transferred to my diary.

• Your contact details will be saved under your initials in my phone and will be deleted once therapy concludes.

• Emails are reviewed and deleted on a weekly basis.

• Forms you complete and session notes I create will be kept for the duration of our work and securely stored for a further five years following the end of therapy, in line with the requirements of my insurance policy. After this period, all documents will be permanently destroyed.

​

5. Your Rights

You have the legal right to:

• Access the personal information I hold about you

• Request corrections or amendments

• Request deletion of your data

All such requests will be addressed within one month of receipt.

​

6. Data Breach Procedure

In the unlikely event of a data breach, I am legally required to notify both you and the Information Commissioner’s Office (ICO) within 72 hours.

​

7. Legal Disclosure and Safeguarding

Confidentiality will be maintained at all times, except in the following circumstances:

• If there is a legal requirement to disclose information (e.g. terrorism, money laundering)

• In cases involving safeguarding concerns for children or vulnerable adults

• If I am required to give evidence in a court of law

• In situations where I believe you are in immediate danger or in crisis, I may need to contact your GP or appropriate support services. I will always seek to discuss this with you beforehand, wherever possible.

In the event of my death or incapacity, your personal information will be passed to a designated clinical executor for the sole purpose of notifying you. All personal data will be destroyed thereafter.

​

8. Updates to This Agreement

Should any changes or amendments be made to this GDPR agreement, I will inform you promptly and provide an updated version for your review and consent.

9. Your Consent

By reading and engaging with my therapeutic services (Samantha Miller Therapy), you acknowledge and accept the terms outlined in this GDPR agreement. This includes the collection, use, and storage of your personal data as described above.

You have the right to withdraw your consent at any time by contacting me directly.