top of page

Privacy Policy

Pam Virdi - Psychotherapist/EMDR UK & Europe Consultant

Pam Virdi (PV) is committed to complying with the terms of the General Data Protection Regulation (GDPR) approved on 14th April 2016 and enforced on 25th May 2018, regarding the responsible and secure use of your personal data.


PV has a legitimate interest in processing personal data to provide psychotherapy  and supervision services. The purpose of this statement is to let you know what personal information PV collects and holds and why this data is collected, how long it is kept for and your rights over your personal data.  Pam Virdi is the Data Protection Officer (DPO) for the business.


PV is registered with the Information Commissioners Office (ICO) reference ZA314713.

When you request Psychotherapy or Supervision with PV, or otherwise provide your personal details, you will be asked to consent to processing of your data under the terms of this policy.


1) What information do I collect?


For Psychotherapy clients, I collect personal data provided by you or a referrer, e.g. insurance company/solicitor, appropriate to the service you are accessing, e.g. therapy or supervision. Such information includes for example: your name, date of birth, gender, contact details (phone numbers, email, address), GP/medical practitioner details, next of kin, family details, lifestyle and social circumstances, employment and educational history.   Where relevant, previous reports generated in relation to the accidents or injuries sustained may also be obtained.  I also collect sensitive data in relation to medical and mental health conditions.


I require this information so that I can decide if it is appropriate for me to offer psychotherapy services to you, and if so, it will be used to make contact with you to arrange appointments and to ensure you are able to access support services for yourself should you require this, over the course of your treatment with PV. Information is also held to be able to communicate with you regarding payment (for self-referring clients), e.g. invoicing.


2) What do I use your information for?


I use information held about you in the following ways:

  • To provide clients with the psychotherapy or service requested from me.

  • To notify clients about changes to appointments and other changes to my services.

  • To fulfil my administrative, legal, ethical and contractual obligations as a Psychotherapist and Clinical Supervisor.

  • On occasions, I will provide information on training, workshop, blogs, electronic mailings or newsletters specific to PV services only.


3) What information do I share?


I will not share any information about you with other organisations or people, except in the following situations:

  • Necessary liaison and reporting back to relevant referrers/ agencies - These reports are a brief summary of assessment and treatment outcomes, e.g. progress made in relation to goals.

  • Consent – I may share your information with medical professionals or others whom you have requested or agreed I need to contact. I will ask for separate written consent when this is required.

  • Serious harm – I may share your information with the relevant authorities if I have reason to believe that this may prevent serious harm being caused to you or another person.

  • Compliance with law – I may share your information when I am required to- i.e. safeguarding, terrorism, drug trafficking and serious crime.

  • Clinical Will – I have a clinical will which means in the event of sudden death or a serious accident or illness, a named colleague will be able to access the contact details so clients can be notified

  • Supervision – It is an ethical requirement for any clinician offering Psychotherapy services to have regular supervision. Any supervisor is an accredited member of the relevant accrediting body and works within their ethical framework.

  • EMDR Accreditation – where supervisees are seeking accreditation, personal information is required on the application is shared with the EMDR Association Accreditation Committee. You will know what is being shared as you will have yourself, provided this information.

  • BACS Payments for services provided -Please make payments using your initials only but be aware that your full name may appear on the payment regardless.

  • Accountant -  I have an accountant who will see my bank statements when doing my annual accounts. He has signed a confidentiality statement.


4) How do I keep your information safe?


  • All information you provide to me is stored as securely as possible.  I will take all reasonable precautions to prevent the loss, misuse or alteration of information you give me.

  • All paper forms and correspondence are kept in locked filing cabinets.  All electronic records are stored on my own personal computer which is password protected and has security software installed. I also use a cloud-based service to access and backup files.

  • If emails are sent to you or other parties (with your written consent) then documents attached will be password protected to try to prevent unauthorised access. Passwords will be provided separately.

  • Where electronic communications are made, emails and texts are also stored if they contain clinical information. Texts and emails arranging appointments are not stored.

  • For live chat or audio-webcam appointments, wherever possible, I use Zoon which features end-to-end encryption for added security.

  • Your first name and first letter of your surname will be held in PV’s phone contacts for the duration of your therapy/supervision. At the end of therapy/supervision PV will remove your contact from her phone.

  • Your identifiable personal information is kept separately from any session notes and other descriptive material.

  • Client notes and other documentation are destroyed 7 years after the end of therapy. For young people I treat, notes are kept for 7 years from the date the young person reaches age 18 years.   Paper based records are destroyed using a cross- cut shredder.

  • Whilst I endeavour to keep my systems and communications protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus free.

  • Any known data breaches will be reported to the ICO within 72 hours.


5) Your rights


Under the GDPR, you have the right to:

  • Access your personal data. You can do this by putting your request in writing or making a verbal request to PV using the contact details for the business. You will be provided with your information within 40 days. PV recommends that if you request to see your notes, that you go through them with her, so that any corrections or concerns can be addressed as soon as possible.

  • You can rectify, erase or restrict your data.

  • You can object to the processing of your data

  • Request transfer of data (data portability)

  • Lodge a complaint with Pam Virdi or the overarching regulator, the Information Commissioner’s Office.

  • If you would like to see the information I hold about you, or would like to correct, update or delete any records, please e mail me on

  • To understand how to do this you should visit the Information Commissioners Offices website at

  • There may be a legal requirement for me to keep certain information for 7 years.


You may withdraw your consent for me to hold and process your data at any time.  However, if you do this while actively receiving psychotherapy, your psychotherapy would have to end.  You can withdraw your consent by stating this on an e mail to


If you have any concerns about the way I handle your data, you have the right to contact the Information Commissioners Office (

6) Consent


It is important that you have read and understood the information contained within this Privacy Notice. If you are unsure of anything, please ask PV for clarification.

7) Changes to this policy


I may edit this policy from time to time. If I make any substantial changes, I will notify you by sending you a copy of the amendments.

PV, February 2021

bottom of page