Data protection and privacy policy

Effective Date: April 30, 2026

This data protection and privacy policy outlines how personal data is collected, used, and protected by the website drsusaneleymorris.com, the affiliated email drsusan@drsusaneleymorris.com and in the counselling psychology practice of Dr. Susan Eley Morris [Stirling, UK]. The policy is intended to ensure transparency and compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. About the website

The website drsusaneleymorris.com is the professional platform of Dr. Susan Eley Morris, a Chartered Psychologist and Registered Counselling Psychologist in the United Kingdom offering psychological services through her private counselling psychology clinical practice, as well as educational content and adult mental health resources to the public.

2. Data Collected and Purpose of Use

a) Booking Psychological Services

When booking an appointment via Acuity Scheduling, individuals are asked to provide personal and health-related information. This data is necessary for the delivery of safe, ethical, and effective psychological services. It may include:

  • Name and contact details

  • Relevant health information

  • Information submitted through intake or consent forms

This information is used solely for clinical and administrative purposes relating to care delivery, communication, and record-keeping.

b) Completing Enquiry Form

When sending a message to drsusan@drsusaneleymorris.com via the Enquiry Form, individuals may be asked to provide contact details. All communication is handled with confidentiality in accordance with professional standards and GDPR. By completing the enquiry form, the individual agrees to the processing of data by Dr Susan Eley Morris’s private practice for the purposes of discussing your enquiry.

c) Arranging a discovery conversation

When discussing arrangements for a discovery conversation, all health information disclosed by the client is handled with confidentiality in accordance with professional standards and GDPR. By self-disclosure, the individual agrees to the processing of data by Dr Susan Eley Morris’s private practice for the purposes of preparation for the discovery conversation appointment.

Explicitly, the lawful basis and the purposes for using the personal information in the private practice is

  • Article 9(2)(h) — health care provision (for clinical data)

  • Article 6(1)(b) — contract performance (for booking/admin)

  • Article 6(1)(a) — consent (for enquiry form)

3. Data Storage and Security

All personal data is stored securely using GDPR-compliant platforms. Clinical notes and sensitive health information are stored using encrypted, secure systems in accordance with HCPC standards. Data is kept by the counselling psychology practice of Dr. Susan Eley Morris for a period of 7 years for adult clients or until age 25 for clients who attended appointments as children. Shredding Scotland are the identified provider for commercial shredding services, including document shredding, digital media and hard drive destruction. All of these services are fully accredited and performed in line with EN15713. Shredding Scotland are confirmed as a trustworthy shredding company committed to compliance, from regular auditing.

4. Access to Personal Data

Access to personal data is strictly limited:

  • Clinical notes are accessible only to the HCPC Registered Counselling Psychologist responsible for care.

  • Administrative personnel may access contact information and relevant correspondence only where required for operational purposes, such as scheduling or billing. These individuals do not have access to clinical notes. All administrative staff are bound by confidentiality agreements and trained in data protection procedures.

5. Individual Rights

Under data protection legislation, individuals have the right to:

  • Access personal data held about them

  • Request corrections or updates to their data

  • Withdraw consent for non-clinical communications at any time

  • Object to processing

  • Restrict processing

  • Data portability

  • Request deletion of personal data where appropriate

Requests can be submitted via email to drsusan@drsusaneleymorris.com

Individuals have the right to lodge a complaint with a supervisory authority. The ICO is the UK supervisory authority. Individuals can contact the ICO directly if you feel your data is being mishandled. How you can contact the ICO is available at this link: https://ico.org.uk/global/privacy-notice/how-you-can-contact-us/

6. Third-Party Providers

Personal data is never sold or shared with external parties for marketing purposes. Third-party service providers used for website production [Squarespace], scheduling (Acuity], communications (Proton], or secure authentication and password-protected storage [Proton, Google Drive, OneDrive] are selected for their GDPR compliance and confidentiality standards. 

7. Cookies

This website may use cookies to enhance user experience and monitor website activity. Individuals can manage cookie settings through their browser preferences. Active consent is required before use of non-essential cookies.

No automated decision-making or profiling takes place.

8. Contact Information

For questions or concerns about this privacy policy or the handling of personal data, please contact:

drsusan@drsusaneleymorris.com

Stirling UK

Chartered Psychologist, Practitioner Psychologist HCPC Registration Number PYL046201, Counselling Psychologist

ICO Registration Organisation name:  Dr Susan Eley Morris  Reference:  ZB934916