Privacy Policy

Privacy Policy

Last updated: May 2025

This Privacy Policy explains how I handle your personal data in the context of therapy services provided in my private practice. It covers how I collect, store, use, and protect your personal and health information, including when you complete forms, attend sessions, communicate with me by email, or use my website. 

By submitting your information through my website or via email, you consent to the collection, storage, and processing of your personal and health information in accordance with this Privacy Policy.

I am Brandon Southcott, an Accredited CBT Therapist & EMDR-Certified Therapist.

• Email: info@brandonmindcare.com
• ICO Registration Number: ZB998700

As the data controller, I am responsible for ensuring that your personal data is processed securely and in accordance with GDPR.

I collect the following personal data:

• Personal Identification: This includes your name, email address, phone number, and address. I may also collect your GP contact details as part of the onboarding process if you begin therapy.
• Health Data: Information relevant to therapy (e.g., mental health details, medical history, goals), which is necessary for providing therapeutic services.

This data is collected through:

• The contact form on my website
• Direct communication (e.g., phone, email)
• Therapy sessions

Your data is used for the following purposes:

• To respond to your inquiry and provide information about therapy
• To schedule appointments and manage session bookings
• To provide therapy services and support during the course of therapy
• To comply with legal and ethical responsibilities regarding client records and confidentiality

Your personal data is stored securely on password-protected platforms such as Google Workspace.

All therapy sessions are conducted virtually using secure, encrypted video conferencing platforms. The main platforms I use are Google Meet and Microsoft Teams. For EMDR-specific therapy, I use Bilateral Base EMDR Light Bar, which offers integrated, encrypted video conferencing designed specifically for EMDR work. These platforms employ industry-standard encryption and security measures to protect your data during sessions; however, no system can guarantee complete security. By attending therapy via these platforms, you consent to their use and acknowledge that limited data such as IP addresses and session metadata may be processed by these providers in accordance with their privacy policies. You are responsible for ensuring your own device and internet connection are secure and private during sessions.

I use Google Workspace (Gmail) for email, which is both encrypted in transit and at rest. Email is suitable for arranging appointments and administrative matters. As with any online communication, no system can be guaranteed 100% secure. You may choose to send forms or personal information by email, or if you prefer, I can provide an alternative secure method (e.g., encrypted document link or e-signature). I do not keep paper records; all records are maintained electronically.

I retain client records for a minimum of 7 years in accordance with professional guidelines and regulatory requirements. After this period, all personal and clinical data will be securely deleted or anonymised.

In the event of a personal data breach, I have procedures in place to detect, investigate, and respond promptly. If the breach is likely to pose a risk to your rights or freedoms, I will notify the Information Commissioner’s Office (ICO) within 72 hours and inform you without undue delay.

I do not share your personal data with third parties unless:

• You provide explicit consent (e.g., sharing information with a GP or another health professional).
• There is a legal requirement (e.g., safeguarding concerns, a court order, or a duty to protect the welfare of yourself or others).
• There is a risk of harm to yourself or others, in which case, I may need to share relevant information with appropriate parties (e.g., emergency services, healthcare professionals) to ensure safety.

I use third-party services such as Google Workspace to store and manage personal data. These services comply with data protection laws and are bound by their own data protection obligations.

As a client, you have the following rights:

• Access: You can request to see the data I hold about you.
• Correction: You can request corrections to any inaccurate or incomplete data.
• Erasure: You may request erasure of your personal data; however, I am required to retain therapy records for a minimum of 7 years in accordance with professional guidelines and legal obligations.
• Objection: You can object to how your data is being used.
• Portability: You can ask for your data to be provided in a machine-readable format.

You can also withdraw consent at any time. To exercise any of these rights, please contact me at: info@brandonmindcare.com

Please note: Some of these rights, such as erasure or withdrawal of consent, may not apply where data is processed under a legal or professional obligation, such as the requirement to retain therapy records.

My website uses cookies to improve user experience and understand website performance. Cookies may collect non-personal data such as how long visitors stay on the website or how they navigate it. You can control cookies through your browser settings. No personal data is collected via cookies unless you submit it through the contact form.

This privacy policy may be updated periodically. The most recent version will always be available on my website. Significant changes will be communicated to you directly if applicable.

If you have any questions about how I handle your personal data or wish to make a request about your data, please contact me at:

• Email: info@brandonmindcare.com

ICO Registration Number: ZB998700