Privacy Policy

I am committed to protecting and respecting your privacy and data. This Privacy Policy explains how I collect, use, and safeguard your personal information when you engage with my therapy services. Please read this policy carefully to understand my practices regarding your personal data.

1. Gathering Personal Information I collect both personal and sensitive data to enable me to deliver psychological therapy effectively. I gather it at the time of initial contact, during assessments, and therapy sessions. I may also receive your information from various therapy directories and platforms (e.g., Counselling Directory, BACP Directory), or information that you have provided to me by filling out my website page. The information I may collect includes: • Name • Address • Date of birth • Gender (or preferred identity) • Telephone/SMS/WhatsApp contact details • Email address • GP name and practice address • Occupation • Relationship status • Psychological therapy history • Medical conditions relevant to therapy • Prescribed medication • Current and historical psychological difficulties • Lifestyle and social circumstances • Risk information (e.g., suicidal/self-harming history, alcohol/drug use)

2. Information Storage All data collected will be securely saved, ensuring GDPR compliance. Your information may be stored in the following ways: • Paper: I mostly avoid using paper notes, but brief written notes are stored in a locked filing cabinet. • Electronic Devices: All electronic devices (including laptops and mobile phones) used to access stored information will themselves be password protected. I will not store any of your information on my smartphone and will immediately delete any messages, call details, etc., after responding to you. • Online Platforms: I use securely encrypted platforms (e.g., iCloud, ProtonMail, Notion, etc.) compliant with GDPR regulations. For online sessions, I use the MS Teams app and will not record our sessions without your knowledge. • Communication: I use ProtonMail for any therapeutic mail exchanges and will delete the emails after therapy has ended. All brief session notes, letters, and documents are password protected and stored on my laptop, which has a backup to iCloud.

3. Processing and Sharing of Personal Information • Supervision: I engage in regular supervision with qualified professionals who are GDPR compliant. If I discuss you in the session, I would only use your initials to protect your identity. • Sharing with Healthcare Professionals: With your consent, I may share information with your GP or other healthcare professionals involved in your care if required. • Duty of Care and Confidentiality: All information you share with me is treated confidentially unless you request otherwise, such as sharing it with your GP. The only exclusion to confidentiality is if I suspect there is a risk of harm, either to you or someone else. If I believe there is such a risk, I will discuss it with you if possible, so we can consider how to best manage it, which may include involving your GP or other care agencies. Only information relevant to managing the risk would be shared. If I don’t have your permission to share information and I deem there to be a serious and imminent risk to yourself or someone else, my professional codes of conduct and the law may require that I inform an authority and share your personal information without your knowledge and permission. • Erasing Your Information: When we have finished working together, I will retain your information for seven years past the end of our work together, in line with my professional code of practice, for reference in case you return to psychological therapy in the future. After this time, I will shred any written information via a confidential waste service and securely delete any electronically held information.

4. Your Rights You are entitled to view, amend, or delete the personal information that I hold. To make a ‘subject access request’ (SAR) for copies of your records, please contact me. There may be an administrative charge for this, and requests will be fulfilled within one calendar month. If you wish to assert any of these rights, you should contact me.

5. Data Breach I have a legal obligation to report a data breach to you and the Information Commissioner's Office (ICO) within 72 hours.

6. Changes to Privacy Policy I reserve the right to make changes to this Privacy Policy at any time. Any updates will be communicated to you via our agreed method of contact.

7. Consent to the GDPR Agreement Your use and undertaking of the services of Mansee Gupte constitutes your approval and acceptance of this agreement. By consenting to my use and storage of your personal information as detailed above, you have the right to withdraw your consent at any time. If you have any concerns about my use of your data, please contact me directly at contact@manseegupte.com. I will do my utmost to resolve any concerns you have. If for any reason I cannot resolve the issues you may choose to contact the ICO directly.