top of page
Privacy Policy

Effective: 25th June 2018


  1. Data Collection

  2. Confidentiality & Risk

  3. Information Sharing

  4. Data Protection Principles

  5. Rights of the Individual

  6. Data Security

  7. How Long Information is Stored

  8. Cookie Use

  9. Contact Details


  1. Data Collection


Dr. Esther Cole is a self-employed, Health & Care Professions Council (HCPC) registered Clinical Psychologist, running a small psychological therapy practice, trading as “Lifespan Psychology”. She is committed to protecting your personal information and making all efforts to ensure that your personal data is processed in a fair, lawful, open and transparent manner.


Dr. Cole is a "data controller" for the purposes of the Data Protection Act 1998 and the EU General Data Protection Regulation 2018. This means that she is responsible for, and controls the processing of, your personal information. 


Dr. Cole’s work involves assessment and psychological therapy, or intervention, for mental and physical health, cognitive and neurological problems, emotional and behavioural difficulties. In order to provide the safest care for you, or your child, there is a minimum amount of data that will be collected, which includes an initial registration form. This will be processed for the purposes of offering safe, effective psychological treatment.



Dr. Cole will only ever collect information about you, or your child, in relation to your care needs. Dr. Cole therefore has a legal, “legitimate interest” to process your information (in order to provide psychological assessment and treatment).


The EU GDPR (2018) recognises that some types of personal information are more sensitive and need additional protection. Sensitive personal information can include information about a person’s health, race, ethnic origin, political opinions, religious beliefs, genetics, sex life or sexual orientation, to state some examples. A legal condition required for processing sensitive personal information is that processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis and/ or the provision of health care.


2. Confidentiality & Risk


All client information is private and confidential. Dr. Cole adheres to the HCPC Standards of Conduct, Performance and Ethics, British Psychological Society (BPS) Practice Guidelines and the EU GDPR 2018. The HCPC codes of conduct require that GP details are taken, but a GP will not be contacted without prior consent of the client. Confidentiality might be broken if there were concerns about the client’s safety, the safety of someone else was at risk, or if you were to disclose information about a crime. Dr. Cole would always try and contact you first, in the event that confidentiality needed to be broken, due to this duty of care.


3. Information Sharing


The personal information collected about you will only be used so that Dr. Cole can support you. She will never sell or share your personal information with organisations, so that they can contact you for any marketing activities. You will not be emailed with marketing information and your details will not be passed onto any third party or organisations, without the client’s expressed consent. With your express permission, information may be passed onto health, social care or educational services, in the public or private sector on a need to know basis, in order to provide you, or your child, with the best possible care.


When sessions finish, or if you put sessions on hold, notes will no longer be taken and no further liaison with other professionals about your care will take place (except where there are risk issues identified).


4. Data Protection Principles


The six principles that underpin the GDPR are that data is:

• Processed lawfully, fairly and transparently

• Only collected and used for particular lawful purposes

• Adequate, relevant and not used excessively for that purpose

• Accurate and up to date

• Stored no longer than necessary

• Kept secure, and its integrity and confidentiality are protected.


5. Rights of the Individual


You have a right to request access to your personal information, request the correction of inaccurate data and to prevent your personal information being used in a way likely to cause you, or another person, damage or distress.


Access: You have the right to request access to a copy of the personal information that is held about you.  You can make a request free of charge. In some circumstances, it may not be possible to release all the information about the individual to them, for example, if it contains personal data about another person.


Right to object: You can object to the processing of your personal information, even when Dr. Cole is doing so on the basis of a legitimate interest. For example, if there is something about your particular situation, which makes you want to object to processing the data on this ground. Please contact Dr. Cole to discuss any objections you may have.


Rectification: You can ask Dr. Cole to change, or correct, any inaccurate or incomplete personal information held about you, or your child.


Data portability: The right of the individual to have their data transferred to another data controller.


Erasure: You have the right to ask Dr. Cole to delete your personal information. However, this would also need to be discussed, on a case-by-case basis, and in correspondence with the HCPC, as to whether this was legal.


If factual errors, or omissions, have been made in either the registration forms you have provided, or in reports/correspondence, then you can request that this be amended. If this information has been shared (with your consent) with another agency (e.g. work, an insurance company or school), then Dr. Cole will contact the recipients to inform them of these amendments.


The Information Commissioner’s Office (ICO) must be informed of a data breach within 72 hours. If necessary, individuals whose data may be affected by the breach must be informed ‘without undue delay’.


6. Data Security


Dr. Cole takes looking after your information very seriously. In order to prevent unauthorised access, alteration, destruction or disclosure, appropriate physical, electronic and organisational measures have been put in place to protect the personal information under her control.


Unfortunately, the transmission of information using the internet is not completely secure. Although Dr. Cole does the utmost to protect your personal information sent this way, the security of data transmitted by e-mail cannot be guaranteed.  If you wish to send an email containing personal or sensitive information, please use a password protected document, or sign up to an encrypted email server.


All paper notes are stored in a locked filing cabinet. If data is provided electronically, then this will be password protected and stored on a password protected, encrypted computer. Any other notes in relation to sessions and reports are stored in the same way.


Emails from clients containing sensitive information will be printed off and filed in a locked cabinet, or password protected in a document, electronically on an encrypted computer or encrypted, portable memory stick.


7. How Long Information is Stored


Information is held for as long as is reasonable and necessary for your clinical care, and in line with current guidance from relevant professional bodies.  Session notes, registration forms and identifiable information will be kept for a minimum period of 7 years after you complete sessions with Dr. Cole. The BPS Professional Practice Guidelines (3rd Edition) on Managing Data and Confidentiality currently recommends that information is held for 7 years after the end of treatment. For children under 18, this will be until 7 years after they turn 18, in line with NHS code of practice for records management. After this period all notes, both paper or electronic, will be deleted or destroyed.


Enquires made via the website ( are sent securely via email ( Any correspondence via email will be regularly deleted. Initial enquiries will be deleted after one month.

8. Cookie Use

Cookies are text files used to determine how you interact with websites. This site operates with the use of cookies. These can be blocked by activating the relevant settings on your browser. In doing so, the performance and accessibility of this site may be affected. If you refrain from changing your browser settings, this site will assume you have given consent for the use of our cookies.


Descriptions on each cookie including their purpose and lifespan can be found below:

  • svSession (Name) - Permanent (Lifespan) - Creates activities and BI (Purpose)

  • Hs (Name) - Session (Lifespan) - Security (Purpose)

  • incap_ses_${Proxy-ID}_${Site-ID} (Name) - Session (Lifespan) - Security (Purpose)

  • incap_visid_${Proxy-ID}_${Site-ID} (Name) - Session (Lifespan) - Security (Purpose)

  • nlbi_{ID} (Name) - Persistent cookie (Lifespan) - Security (Purpose)

  • XSRF-TOKEN (Name) - Persistent cookie (Lifespan) - Security (Purpose)

  • smSession (Name) - Two weeks (Lifespan) - Identify logged in site members (Purpose)


9. Contact Details

From time to time, this Privacy Policy may be updated to further improve the quality of service. For further information, comments or queries, please do not hesitate to get in contact with Dr. Cole through the following means:-


Call centre: 0800 086 2105

Work: 07500565182



Registered address: Lifespan Psychology, 27 Old Gloucester Street, London, WC1N 3AX


Clinic address: Lifespan Psychology @ Sheridan Therapy, 141B Kingston Rd, South Wimbledon, London, SW19 1LJ.

Data Collection
Confidentiality & Risk
Data Protection
Rights of the Individual
How long
Contact Details
Data Security
bottom of page