Privacy Notice

SDoneva Clinical Psychology

This privacy notice explains how, I, Dr Silviya Doneva collect, use, and protect your personal information when you receive psychological services from SDoneva Clinical Psychology.

I am committed to protecting your privacy and keeping your information secure.

If you have questions about this privacy notice or how your information is used, please contact me at info@sdonevapsychology.co.uk

‍ ‍

Data Controller

Dr Silviya Doneva is the Data Controller and is registered with the Information Commissioner’s Office (ICO) in the UK.

‍ ‍

What Information I Collect and Why

I collect personal information so that I can provide safe and effective psychological care.

Personal information I may collect

This may include:

  • Name, address and contact details

  • Date of birth

  • Gender and pronoun preferences

  • NHS or health identification number (if relevant)

  • Emergency contact details

  • Next of kin or support network information

  • Payment information (for example bank transfer details)

  • Insurance information (if therapy is funded through insurance)

Health information

To provide psychological care, I may also collect information about:

  • Your mental and/or physical health history

  • Medications

  • Allergies

  • Care needs or disabilities

  • Psychological assessments or reports

This information is called special category data and is given extra legal protection.

‍ ‍

Other sensitive information

In some cases, therapy discussions may include information about:

  • Ethnic background

  • Religious or philosophical beliefs

  • Political opinions

  • Sexual orientation

  • Sex life information

I only collect this information when it is relevant to your care.

Confidentiality

Your information is treated as confidential apart from cases that constitute “Exceptions to Confidentiality”.

‍ ‍

Exceptions to Confidentiality

There are situations where information may need to be shared with a third-party/ies, including:

  • When there is a legal requirement (for example a court order)

  • When there is a serious risk of harm to yourself or others

  • When there are safeguarding concerns involving a child or vulnerable adult

  • When you disclose information relating to terrorism or other serious criminal activity.

Any sharing of information will be done carefully and lawfully.

‍ ‍

Legal and Professional Requirements

I may also process personal information to meet legal and professional obligations, such as:

  • Maintaining accurate clinical records

  • Responding to legal requests

  • Meeting safeguarding responsibilities

  • Complying with financial regulations (e.g., tax records)

‍ ‍

Queries, Complaints or Concerns

If you contact me with a query or complaint, I may use information such as:

  • Your name and contact details

  • Correspondence or emails

  • Appointment or service records

This is to help me review the situation and respond appropriately.

‍ ‍

Lawful basis for using your information

Under UK data protection law, the lawful bases I rely on are:

Consent

You have given permission for me to use your information for your care.

You can withdraw consent at any time.

Contract

I need your information to provide psychological services that you have requested.

Legitimate interests

I use information to run the practice safely and provide appropriate care, while protecting your privacy.

Legal obligations

In some situations, I am required by law to process or share information.

Your Data Protection Rights

You have rights over your personal information, including the right to:

  • Access your personal information

  • Correct inaccurate information

  • Request deletion of information in some circumstances

  • Restrict how your data is used

  • Object to certain types of processing

  • Transfer your information to another organisation

  • Withdraw consent where consent is used

If you wish to exercise any of these rights, please contact us.

I will normally respond within one month.

‍ ‍

Where I Get Personal Information From

I may receive information from:

  • You directly

  • Family members or carers (with your permission where appropriate)

  • Other healthcare professionals involved in your care (with your permission where appropriate)

‍ ‍

How and Where is This Stored?

·       Personal details, assessment notes, therapy session notes and symptom measures are usually collected on manual paper files or electronic notes and stored in locked filing cabinets or password protected, accessed by Dr Doneva only.

·       Any paper notes will be securely transferred to electronic records and the original paper copies will be securely destroyed once the information has been transferred. Electronic records are stored securely using Microsoft OneDrive. Access is restricted to Dr Doneva only and protected by password security and two-factor authentication. Devices used to access or store personal information are protected by full-disk encryption, malware protection and password security.

·       Your name, email address and email correspondence will be stored on Dr Doneva’s email account with Microsoft Outlook. Access is restricted to Dr Doneva and protected by password security and two-factor authentication. Devices used to access or store personal information are protected by full-disk encryption, malware protection and password security.

·       Your name, email address, home address and telephone number will be stored securely using Microsoft OneDrive and healthcare systems provided by Healthcode for administrative and billing purposes. Access to this information is restricted to Dr Doneva.

‍ ‍

Who I May Share Your Information With

Where necessary, I may share relevant information with:

  • Your GP or other healthcare professionals

  • Insurance providers (if therapy is funded through insurance)

  • Care providers involved in your care

  • Organisations responsible for safeguarding

  • Authorities where required by law

I will only share the minimum information necessary.

How Long I Keep Your Information For

Therapy records are stored for 7 years after your final session (or until age 26 if you were under 18 at the time of therapy).

Financial data (e.g., invoices) are kept for 7 years in line with HMRC requirements.

‍ ‍

How to Make a Complaint

If you have concerns about how your personal information is used, please contact me first via email on info@sdonevapsychology.co.uk

If you are not satisfied with our response, you can also contact the Information Commissioner’s Office (ICO).

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113

Website:
https://www.ico.org.uk/make-a-complaint

‍ ‍

‍ ‍