New Road Psychotherapy

Data Protection, Confidentiality and Record-Keeping Policy

Effective Date:12 March 2026

Who We Are

New Road Psychotherapy, owned by Rory Singer, is a Limited Company (On Top Of The Mountain Ltd). We employ therapists on a sessional basis to provide therapy. All records are stored at 8 The Drive, Hove, BN3 3JT, or in secure online cloud storage.

Information We Collect

During the referral process and therapy, we collect the following information:

  • Full names of clients (and parents/carers for young people).
  • Dates of birth.
  • Address, telephone numbers, and email addresses.
  • GP details and school contact details (for young people).
  • Reasons for seeking therapy and family history.
  • Medical information, social interactions, and support networks.
  • Brief records of therapy sessions and review meetings.

Why We Store Your Information

Under GDPR, we store information based on:

  • Consent: We ask clients or parents for permission to store and use data.
  • Necessity: We only collect what is required to provide effective therapy.
  • Safeguarding: Information may be used to protect vulnerable children and young people.

Storage and Retention

Records are digitally stored in password-protected, cloud-based storage. Access is strictly limited to your therapist, the Centre Manager, and Clinical Managers. Records are securely disposed of seven years after therapy ends, or seven years after a client's 18th birthday, whichever is later. Invoicing may require contact details to be stored in our bookkeeping software.

Confidentiality and Disclosure

Confidentiality is a priority. Information is shared internally for management and clinical supervision. We do not disclose details to external parties without consent, except in these cases:

  • Safeguarding concerns regarding serious risk to a child or others.
  • Legal obligations related to terrorism or money laundering.
  • Court mandates for information disclosure.

Whenever possible, we consult with clients before sharing information.

Access to Records

Clients have the right to access their records and request corrections to inaccurate data. Access may be denied if disclosure could be harmful or if the information was provided confidentially by a third party. To maintain the effectiveness of therapy for young people, we generally agree with parents that specific session notes remain private.

Client Artwork

We provide secure storage for artwork produced during face-to-face sessions. Clients can take their work home or have it disposed of. If contact is lost, we hold artwork for three months before secure disposal.

Use of Google Meet – Privacy and Data Protection

To conduct online sessions we may use Google Meet, a secure video-conferencing platform provided by Google LLC.

Data Protection

New Road Psychotherapy remains the Data Controller for all personal information relating to your therapy. The use of Google Meet does not change our responsibility for protecting your personal data. Google Meet acts as a Data Processor, providing the technology that enables the video connection between therapist and client.

Information Processed During Online Sessions

When a session takes place via Google Meet, the following data may be processed only for the purpose of delivering the online session:

  • Your name or email address used to join the meeting
  • Audio and video transmitted during the session
  • Technical information (IP address and device information) required to establish the connection
  • Meeting metadata (date, duration, and participants)

Recording

Sessions conducted via Google Meet are not recorded by New Road Psychotherapy unless there is a clear clinical or training reason to do so and your explicit written consent has been obtained in advance.

Data Storage and Security

Google Meet uses encrypted connections to transmit audio and video. However, as with all online communication platforms, absolute security cannot be guaranteed.

Where possible, we take steps to minimise risk by:

  • Using secure professional accounts
  • Restricting meeting access
  • Using private meeting links

Location of Data

Google may process data on servers located outside the UK or European Economic Area. Where this occurs, Google applies recognised safeguards such as Standard Contractual Clauses to protect personal data in accordance with UK GDPR requirements.

Client Responsibilities

To help maintain privacy during online sessions, clients are asked to:

  • Join sessions from a private location where they cannot be overheard
  • Use a secure internet connection where possible
  • Avoid recording the session without prior agreement