top of page
CLIENT PRIVACY POLICY

Data Controller: Sarah Hopton (ICO Registration: ZA190743)

I, Sarah Hopton, am collecting your name, home address, email, and phone number so I can identify you and contact you if needed. That might be for something simple (like rescheduling) or more urgent. I’ll usually contact you by text, email, or phone. In rare circumstances, by post.

I don’t share your data with anyone else—unless I’m seriously worried about your safety or someone else’s. Even then, I’ll always aim to speak with you first. If there’s ever a reason to pass something on (say, to your GP or another therapist), I’ll ask you to sign a separate form giving consent. Nothing happens behind your back.

Clinical Will: what happens if I can’t contact you

If I’m ever seriously ill or in an accident and can’t get in touch with you myself, my colleague Danielle Mills (a BACP Accredited Psychotherapist and trusted associate) has permission to access my client register. She’ll explain what’s happened and help you figure out the next steps. She won’t offer ongoing therapy unless it’s clearly appropriate—but she can guide you to other support.

This is what’s called a clinical will. It’s a safeguard for you.

How your data is stored

I don’t keep paper records. If I do jot anything down in-session, it’s shredded after being scanned.

All your information is stored electronically using Zanda, a secure, GDPR- and HIPAA-compliant system. My devices are password protected and have two-step authentication.

Unless you ask for your data to be deleted, I’ll keep your records for 7 years after we finish therapy. That’s a requirement from both my insurer and accrediting bodies.

  • Texts and app-based messages: deleted 6 months after we stop working together.

  • Emails: same. Gone after 6 months.

Your GDPR rights (in plain English)

The GDPR (General Data Protection Regulation) sets out how personal data is used, and your rights as a client. It covers all EU and UK-based therapy practices.

What counts as sensitive personal data?

  • Health conditions (physical or mental)

  • Sexuality

  • Religion

  • Political opinions

  • Criminal history (alleged or proven)

  • Racial or ethnic background

  • Biometric or genetic data that identifies you

Your rights include:

  • The right to access your data (just ask, I’ll respond within a month)

  • The right to ask for corrections

  • The right to request deletion in certain cases

  • The right to take your data elsewhere (data portability)

When you can ask me to delete your data:

You can request erasure if:

  • You no longer want therapy and I don’t need the data for legal reasons

  • You withdraw your consent

  • You object to how I use your data and there’s no good reason for me to keep it

  • You think your data’s been mishandled or processed unlawfully

But I may need to keep it if:

  • It’s for legal reasons or public interest

  • It relates to research or statistics

  • It’s needed to defend a legal claim

  • It’s part of a child’s records (which has extra rules)

What to expect

  • You’ll be asked to confirm that you’ve read and agree to this Privacy Policy.

  • You can withdraw consent at any time. Just email me: sarah@sarahhopton.com

  • If something feels off about how I’ve handled your data, you can raise it with the Information Commissioner’s Office: ico.org.uk

Final Agreement

Do you agree to Sarah Hopton T/A Life on Dreams Limited using your data as outlined above?
Yes / No

If you’re under 18, a parent or guardian will need to co-sign.

Client 

bottom of page