Privacy Policy

Carine Avekian

Cognitive Behavioural Psychotherapist

Introduction

I, Carine Avekian, as the data controller and data processor, am committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This privacy policy outlines how your data is collected, stored, and used.

If you have any questions or require any further information, do not hesitate to contact me directly through email at carineavekian@gmail.com.

Lawful Basis for Processing Data

Under the UK GDPR, I rely on the following lawful bases for processing personal data:

·         Contractual Necessity – Processing your data is necessary to provide therapy services and fulfil our agreed-upon contract.

·         Legitimate Interests – Processing is necessary to maintain records, improve services, and communicate with you. During our sessions I will take notes (both digital and paper) and these are stored in your file. Notes allow me to reflect on our sessions, help make clinical judgement and treatment plans throughout your treatment sessions.

·         Legal Obligation – In cases where I must comply with legal and regulatory requirements. As an accredited member of the British Association of Behavioural and Cognitive Psychotherapy (BABCP) I have a duty to abide by their standards of conduct, performance and ethics regarding any client data and confidentiality.

·         Vital Interests – If it is necessary to protect your life or the life of another person in safeguarding situations.

Data Collection

I collect personal data directly from you through our email, telephone, face to face and/or virtual sessions. Data is also collected through the Client Details and Treatment Contract form, which is completed and returned once treatment is agreed. This may include:

  • Full name

  • Date of Birth

  • Gender

  • Contact details (email, phone number, address)

  • Emergency contact details

  • GP details

I may also receive personal data about you from your health insurance provider if they are funding your therapy sessions. This may include those reference above as well as:

·         Policy number and coverage details

·         Referral information

·         Any relevant medical information they provide as part of the claim process

This data is used to verify eligibility for treatment, process payments, and coordinate care with your insurer, where necessary.

During the course of treatment sensitive data may be collected in order to provide adequate, personalised and holistic purposes in line with your treatment needs. This may be collected throughout the course of therapy through telephone, email, face to face, online sessions or through your health insurance provider. The information I may collect may include:

  • Ethnic background

  • Sexual orientation

  • Sexual behaviour and history

  • Relationship history

  • Religion

  • Physical and mental health history (including history of alcohol consumption, drug use and any medication previously prescribed)

  • Current physical and mental health symptoms including suicide risk, alcohol and drug use, and any medication you are currently taking

  • Current or historical risk to and from others

  • Offences and alleged offences

  • Questionnaire scores (questionnaires that assess the severity of your symptoms)

When you visit my website (www.carineavekian.co.uk), certain data may be collected automatically or through user input. This may include:

·         Contact form submissions (name, email address, phone number, and any message you provide)

·         Website usage data collected through cookies and analytics tools (IP address, browser type, pages visited, and time spent on the site)

·         Technical data required for website functionality and security

This information is used to respond to inquiries, improve website functionality, and ensure security. Cookies and analytics data help enhance the user experience. You can manage your cookie preferences through your browser settings.

My website may include feedback provided by previous clients. You will be asked for your consent for this to be included and will always be anonymised using client initials.

How Your Data is Used

Your personal data is collected and processed for the following purposes:

  • To provide effective and personalised cognitive behavioural therapy (CBT) services

  • To communicate with you regarding appointments and treatment/appointments

  • To maintain accurate therapy records.

  • To make onward referrals and/or recommendations

  • Clinical supervision as part of my own professional requirements and development. As part of my professional practice I am required to attend clinical supervision to discuss clients. Client personal details are not disclosed during supervision.

As part of supervision and professional development purposes, I may ask for your consent to record (audio or video) sessions. Your treatment sessions are not dependent on consent for this and you have the right to give consent or not. Should you provide consent, you can withdraw this at any time.  You can request a copy of any recordings made.  Any recording made will be deleted after it has been reviewed in supervision.

Supervision is provided by a BABCP accredited therapist who are bound by ethical guidelines and confidentiality as I am.

  • To comply with legal and professional obligations

  • To respond to enquiries send through my website

Communication

I may contact you via telephone or email for administrative purposes such as appointment scheduling, therapy resources, or other relevant updates. If you prefer an alternative method of communication, please inform me at the outset of treatment.

Data Storage & Security

Your data is securely stored on a password-protected hard drive. Paper records (if applicable) are stored securely and shredded when no longer needed. I take appropriate measures to protect your data from unauthorised access, loss, or misuse. All the data stored is anonymised and any documents with personal data are password protected and stored securely.

During therapy sessions, I may use Google Drive to share resources such as worksheets, reading materials, or therapy-related documents. This is an optional service and will only be used with your explicit agreement. Any shared files will be deleted four weeks after the completion of treatment to ensure data security and confidentiality.

If you choose to add your own documents to the shared Google Drive, this is at your own discretion, and you are responsible for managing any personal data you upload.

In the event of a data breach affecting Google Drive or any other stored client data, I will take the following steps:

1.      Assess the breach – Determine the nature and extent of the incident.

2.      Mitigate the risk – Take immediate actions to limit any potential damage.

3.      Notify affected clients – If your data is compromised, I will inform you as soon as possible with details of the breach and recommended actions.

4.      Report where necessary – If required by UK data protection laws, I will report the breach to the Information Commissioner's Office (ICO) within 72 hours.

5.      Review and strengthen security – Identify weaknesses and enhance security measures to prevent future incidents.

Data Sharing

Your information will be kept confidential. However, there are three circumstances in which I may be required to share your data with third parties without your consent:

  1. Court Order – If I receive a legally binding order requiring disclosure.

  2. Safeguarding Concerns – If there are concerns regarding the safety of a child or vulnerable adult.

  3. Risk to Self or Others – If there is an imminent risk of serious harm to yourself or another person, I have a duty of care to act to prevent harm.

In such cases, I will only share the necessary information with the appropriate authorities or professionals.

Data Retention

I will retain your therapy records for 7 years after the conclusion of therapy, in line with professional and legal requirements. After this period, all records will be securely deleted or destroyed.

Your Rights

Under data protection laws, you have the following rights:

  • The right to access the data I hold about you

  • The right to request corrections to inaccurate or incomplete data

  • The right to request erasure of your data, subject to legal obligations

  • The right to restrict processing in certain circumstances

  • The right to object to data processing

  • The right to data portability

To exercise any of these rights, please contact me at carineavekian@gmail.com. In some circumstances were these rights may not apply please see further information and guidance at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/

Complaints

If you have concerns about how your data is handled, please contact me directly. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Updates to This Policy

This privacy policy may be updated periodically. Any significant changes will be communicated to you directly where possible.

For any questions regarding this privacy policy, please contact me at carineavekian@gmail.com.

Updated: 9th March 2025