Privacy Statement and GDPR

Consent and Agreement:

Your use and undertaking of the services of Dr. Panagiotis Bouzianis from point of contact onwards constitutes your approval and acceptance of this here agreement and it constitutes consent to my storage and use of your personal information that you have disclosed to me as detailed on this page. You have the right to withdraw your consent at any time by notifying me in writing.



I am registered with the Information Commissioner Office (ICO – reg. ZB384204) as a data controller and I follow General Data Protection Regulation (GDPR) law.

The GDPR states that I must have a lawful basis for storing and processing your personal data and information and that I do so appropriately and confidentially. The lawful basis for my processing any ‘special categories of personal information’ (your personal information) is that it is for provision of health treatment. If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the therapeutic work we have agreed upon. If you are no longer in therapy with me I will store and process your personal information by use of legitimate interest as my lawful basis.


How I gather your personal information/data:


  • By emailing me, directly or via my website and via various therapy directories and platforms (e.g. Counselling Directory), or by phone or text, to request further information about my practice and any subsequent email, text or telephone correspondence thereafter.
  • By brief session notes.
  • Via remote/online sessions, mainly using Zoom (which is secure). Other platforms can be used as well, with your consent and agreement. Please note however that I cannot be held responsible for any breaches that occur due to failures in this technology.


Where I store your personal data:


  • Your contact details and personal data that you communicate to me via any form of contact by email or phone are stored and processed digitally, securely (using biometric locks, antivirus, VPN) and on cloud.
  • Therapy administrative documents (e.g. invoices, reports) are stored and processed digitally, securely (using biometric locks, antivirus, VPN) and on cloud.
  • Brief session notes are stored and processed digitally, securely (using biometric locks, antivirus, VPN) and on cloud. The brief session notes are anonymised, using coded information.
  • Sensitive documents are digitally secured and will generally be sent over to you password protected.


How I use your information:


  • I use your contact details to allow me to provide you with information about the service that you request from me.
  • I use your contact details for tasks related to the service that you request from me, such as administration, billing and scheduling agreements and changes.
  • I keep brief notes to better facilitate the therapeutic work that we agreed with you to do.
  • As part of my commitment to providing a high-quality professional service, I attend clinical supervision regularly. I might use my notes in the context of my own clinical supervision. Sessions with my clinical supervisor are also GDPR regulated, private and confidential and information shared in these sessions is anonymized.
  • With insurers, I keep data sharing to an absolute minimum and in keeping in line with their procedures and policies towards service providers. I use your personal details with secure billing systems provided by insurers.
  • I will never pass on your contact details to any third-party organisations for the purposes of sales, marketing or research.


How long I keep your data for:


  • I aim to confidentially delete/destroy records of your personal data (emails, texts, invoices, therapy notes) that are no longer relevant but I may keep them for up to 7 years after therapy has ended. This is in line with effective clinical practice and administration (e.g. if you return to therapy, or to refer back to an earlier agreement) but also in line with carrying out Indemnity Insurance requirements, legal obligations or where the Law compels me.
  • I do not keep paper records of your information and I do not keep paper notes. After I briefly process any paper correspondence with your personal details I then destroy it confidentially.


Disclosure of your personal information:

I consider your personal and sensitive information privacy and confidentiality as paramount, as they are generally considered by professional regulations and the Law - unless I am under a duty to disclose or share your personal data in order to comply with the Law, e.g. if I am subpoenaed to court, or as a legal requirement such as safeguarding children or vulnerable adults, terrorism, public safety or money laundering.


In the event of a data breach:

I have a legal obligation to report a data breach to you and the Information Commissioners Office (ICO) within 72 hours. Should such an unlikely event transpire, I will aim to rectify it immediately and inform you accordingly.


Website use:

This website uses cookies and Google Analytics. Google Analytics is a service provided by Google that gathers anonymous data on how people are using websites and then provides visitor statistics that help improve the websites. Almost all websites use cookies which can store lots of information which may have privacy implications beyond the scope of this very statement.


Your Rights:

Under GDPR law you have the following rights:

  1. The right to request access to your data: You can request to view or copy the information that I hold about you at any time. Copy requests must be in writing and to be carried out in 30 days’ time.
  2. The right of rectification: At any point during your therapy or during the seven years thereafter, while I retain your records, you have the right to request amendments to your contact details or session notes by speaking or writing to me.
  3. The right to be forgotten: You can request that I delete and confidentially destroy the information that I hold about you and your sessions at any time. This request can be made by contacting me.
  4. The right to be informed about how and why your data is used - this Privacy Statement sees to this but you can ask for clarifications.
  5. The right to object.
  6. The right to portability of your data - to be transfered somewhere else.
  7. The right not to be subject to a decision based solely on automated processing.

Please bear in mind that I would not be able to comply with the above if:

  1. It is necessary for me to retain these records in order to continue providing an effective service.
  2. I am compelled to retain these records by a Court of Law.
  3. I require these records in order to establish, exercise or defend legal claims.

With regards to disclosure of exposure to criminal offending (abuse) and the Crown Prosecution Service, you can read the guidance here:



I will notify you of changes I may make to this privacy policy in the future.

If you have any questions, concerns or objections with regards to the above statement, please do not hesitate to discuss these with me.

Print | Sitemap
© 2021-2022 Dr Panagiotis Bouzianis. All rights reserved.