Last Updated: July 2025

​

At Donohue Consulting, we are committed to maintaining the privacy, confidentiality, and data protection of all our clients. This policy outlines how we collect, use, store, and protect your personal information in line with the UK General Data Protection Regulation (UK GDPR) and our obligations as a registered Data Controller with the Information Commissioner’s Office (ICO).

​

Information We Collect

In the course of providing psychological consultation and therapy services, we collect and process personal and sensitive information including:

• Name, contact details, date of birth.

• Emergency and GP contact information.

• Medical history and mental health background.

• Session notes and treatment plans.

• Correspondence and administrative records.

​

This data is collected solely for the purpose of delivering safe, ethical, and effective psychological services.

 

Lawful Basis for Processing

We process personal data under the following lawful bases, as set out in Articles 6 and 9 of the UK GDPR:

• Provision of Health or Social Care (Article 9(2)(h)).

• Legitimate Interests (Article 6(1)(f)), where necessary for our professional obligations.

• Consent (Article 6(1)(a)), for specific situations where required.

​

We only collect the minimum necessary data and ensure its use aligns strictly with the delivery of therapeutic services.

 

How Your Information Is Used

Your personal data is used to:

• Deliver psychological assessments, consultations, and therapy.

• Maintain clinical records in accordance with legal and ethical obligations.

• Communicate with you regarding your care.

• Comply with legal and regulatory responsibilities (e.g. safeguarding or insurance purposes).

​

Your data will never be sold, used for marketing, or shared with third parties unless:

• You give explicit consent.

• It is required by law (e.g., risk to life or a court order).

• It is discussed confidentially in clinical supervision to support ethical practice.

 

Data Security

We use secure, industry-standard systems to store and manage your data. Measures include:

• Encrypted digital records.

• Password-protected systems and restricted access.

• Confidentiality training for all authorised personnel.

​

We regularly review our data protection protocols to ensure ongoing compliance and security.

 

Data Retention

We retain your data only as long as necessary to fulfil our professional and legal obligations.

• Identifiable contact details (e.g. phone number, GP) will be securely deleted once therapy concludes.

• Clinical records and notes will be held for six years following the last session, as required by our insurers and professional bodies (e.g., HCPC, BPS).

• After this period, all remaining data will be securely destroyed unless we are legally obligated to retain it further.

 

Your Data Rights

Under the UK GDPR, you have the right to:

• Access your personal data.

• Correct or update inaccurate data.

• Request erasure (“the right to be forgotten”).

• Restrict or object to processing.

• Receive your data in a portable format.

• To exercise any of these rights, please contact us directly using the details below.

 

Consent

By engaging in services with Donohue Consulting, you acknowledge that we will process your personal data as outlined above. Where required—particularly for sensitive or special category data—we will seek your explicit, informed consent in writing.

 

Contact Us

If you have any questions about this policy or wish to exercise your data rights, please contact:

Dr. Chloé Donohue
Clinical Director, Donohue Consulting
info@donohue-consulting.com

ICO Registration Number: ZB638422

​

We are dedicated to upholding the highest standards of confidentiality, ethics, and privacy. Thank you for trusting us with your care.