Privacy Policy and Data Protection for Clients

I am committed to protecting your privacy and protecting your personal data. This privacy policy explains your rights, and my obligation, to you as someone seeking or using the therapy services of Sarah O’Malley/Intrepid Health under the General Data Protection Regulations (GDPR).

Your confidential information and how it is used.

Upon starting therapy, basic personal information will be collected for contact and identification reasons. This information may include your phone number, email address, postal address. It also includes our email correspondence and any text messages.

During or directly after your sessions I will take brief notes on the session. These may include personal and sensitive details about your life. These notes are used solely for the delivery of a therapy service to you and are held in strictest confidence.

Your rights

You have the right to request a copy of the information that I hold about you and to ask for the notes to be supplemented, updated or corrected. If you would like a copy of some or all of your personal information, please email or write to me via the contact details stated in this agreement and the information will be provided to you within 30 days. You may ask me to correct or remove any information you think is inaccurate.

How long I keep your information for

Your information is kept for the time necessary to provide the therapy service requested, however outside of this I will hold your details and session notes for a period of 7 years following the end of treatment to comply with legal obligations that are placed upon me by my insurers (please note: this legally overrides the right to have your data deleted).

In the case of a child under 13 then records will be kept 7 years after they reach the age of majority (18).

After this date, all data will be securely deleted.

If you complete and return the confidential Client Booking Form but do not undertake therapy with me that document will be securely destroyed after 30 days.

Sharing of data

There may be times when your information needs to be shared with third parties. Unless there are legal obligations on me not to do so, I will explicitly ask your consent before doing so, and the data will be sent to third parties securely.

Security of your data

Information will be kept securely and confidentially in line with the data retention policy as stated above.

Your contact information will be stored on my code locked mobile phone.

Our email correspondence is password protected and my email service ensures that the emails are secure and encrypted.

All other electronic data is stored in encrypted documents on a secure server.

All paper notes are kept in a locked filing cabinet. When paper notes are digitised the paper copies are securely destroyed.

Unfortunately the transmission of information via the internet and email may not be completely secure. Although every effort is made to protect your personal data the security of your data cannot be guaranteed and any such transmission is at your own risk.

If our sessions are online they will be conducted using Zoom ( or the ( services. The data transmitted during meetings, webinars and chat sessions are encrypted and secure. Both services are compliant with the GDPR.

Lawful basis for processing your information

The lawful basis for my holding and using your information is in relation to the delivery of a contract to you, as a health care professional. As a member of AAMET I operate under a strict code of confidentiality.

Sarah O’Malley/Intrepid Health operates in accordance with the General Data Protection Regulations (GDPR) and is the registered Data Controller with the Information Commissioners Office.