top of page

Client Privacy Policy​

​

Effective Date: 22 July 2025

​

This privacy policy explains how I collect, store, and use your personal information as a client or prospective client in my psychotherapy practice.

​

1. Who I Am​

Layla Eissa, a UK-based BACP-registered therapist working as a sole trader, providing online psychotherapy.
If you have questions about this policy or your data, you can contact me at:

Email: layla@laylaeissa.com
ICO Registration Number: ZB943411

​

2. What Information I Collect​

When you engage in therapy with me, I may collect the following:

​

  • Contact details (name, phone, email, address)

  • Emergency contact information

  • GP details (optional – only used in an emergency with consent)

  • Health and wellbeing history

  • Therapy session notes (brief factual notes, not transcripts)

  • Any correspondence relating to our sessions (e.g. emails about scheduling)

  • Payment information (e.g. transaction records – not card details)

​

3. Why I Collect This Information

I collect and store this information in order to:

  • Provide a safe and ethical therapy service

  • Contact you about sessions or relevant changes

  • Manage appointments and payments

  • Comply with legal and professional requirements

  • Keep brief records of our sessions for continuity of care

​

4. Lawful Basis for Processing Your Data

Under UK GDPR, I rely on the following lawful bases:

  • Contract: To provide therapy as agreed

  • Legitimate interest: For safe and effective therapy and communication

  • Legal obligation: For record keeping or compliance with legal requirements

  • Consent: For specific uses (e.g. sharing info with a GP, only if needed and with your permission)

​

5. How I Store and Protect Your Data

  • Your information is stored securely, either on encrypted digital systems or in password-protected files.

  • Notes are anonymised and kept separately from contact details.

  • I use secure email and video platforms for all communication and sessions.

  • Only I (your therapist) have access to your data.

​

6. How Long I Keep Your Information

  • I retain client records for 7 years after the end of therapy, as recommended by BACP and my insurance provider.

  • After that time, all data is securely deleted or destroyed.

  • If you make an enquiry but do not proceed with therapy, your data is deleted within 3 months.

​

7. Confidentiality and Sharing

Everything discussed in therapy is confidential. I will not share your information without your consent, except in the following situations:

  • If I believe you or someone else is at serious risk of harm

  • If I am legally required to disclose information (e.g. court order, safeguarding concern, terrorism)

  • In supervision (required by BACP) — your identity is anonymised

If I ever need to break confidentiality, I will aim to discuss this with you first wherever possible.

​

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request corrections to inaccurate data

  • Request that your data be deleted (subject to legal obligations)

  • Object to or restrict certain forms of data processing

  • Withdraw consent (where applicable)

To exercise any of these rights, contact me using the details above.

​

9. Complaints

If you are unhappy with how I handle your data, you can contact me directly.
You also have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk

​

bottom of page