top of page







Privacy policy 





As part of my professional duty of care, I have to collect information in order to work with you as best I can. I want you to be fully informed and comfortable about what happens to your information. This privacy policy shows how I will use, store and protect your personal and sensitive information, in line with General Data Protection Regulation (GDPR) which came into effect on the 25th May 2018.

Dr Jo McColl acts as the data controller and is registered with the Information Commissioners Office.

What information is being collected?

In order to work as a clinical psychologist, it is part of my professional practice to collect personally identifiable information. This will include your name, address, email address, date of birth and phone number.  I will also require your GP details and insurers details if applicable. This would be collected in a form prior to your first appointment. Using an iPad, I will take written electronic clinical notes during our sessions in order to help me remember your important details, and to think about and plan our sessions. I am professionally required to keep these clinical notes which may contain sensitive information. These clinical notes will be password protected and stored on a note taking app called Notability. Your electronic clinical notes will also be uploaded to a cloud based storage system called OneDrive. 


I may sometimes use psychological outcome measures (in order to understand more about difficulties and your progress within therapy).   

In order to reduce the risk of data breach it is strongly recommended that you do not disclose sensitive information via email or text message and I will also not do this when sending information to you.

Why is information being collected?

Such information is necessary to fulfil the contracted service that I have been asked to provide (e.g. therapy or a clinical report).   I require your GP details to allow me to contact them should I be concerned about your current level of risk. I require your contact details so I can reach you should an appointment need to be rearranged.  In order for me to contact you by text I will store your first name and surname initial on my mobile phone. No other information will be stored about you in this format. This information is only accessible by me and is password protected. I will delete your details from my phone as soon as we finish working together. We will discuss if you do / do not wish to be contacted by phone and your privacy will always be respected.

Data storage 

Your written information will be kept in a file and stored securely to which I will only have access to. All digital information and storage will be encrypted (e.g, emails, information databases etc). Your information will be retained for 7 years as according to professional HCPC guidelines. Your information will be deleted at the end of these 7 years.

Who will my information be shared with?

The information you provide is confidential, however there are certain circumstances where I have a duty of care to share your information:

  • if there are significant concerns regarding your own levels or risk and safety 

  • to protect a child or vulnerable adult thought to be at risk

  • if I am asked to disclose your personal data in order to comply with any legal obligation

I can also share your information if you have given explicit consent that you wish it to be shared (e.g. with another professional or family member).

I will not routinely share your information with other health professionals (e.g, your GP) unless you specifically ask or if there is any significant risk of harm to yourself or others.

Right to access


You have a right to ask for a copy of your personal information (free of charge) in an electronic or paper format and within one month of your request. 

Right to rectification

You have the right to request changes to factually inaccurate information that I hold about you. If this is a change to a report, this change would be added in a further letter to highlight the inaccuracy.

Right to erasure

GDPR guidance states that people have the right to 'be forgotten' i.e., for information held about them to be erased. Within my practice as a clinical psychologist, and in line with guidance from the HCPC, I have a lawful basis to retain your information for 7 years therefore this right does not apply to health records and I would be unable to erase any part of your health records.  

Links to other websites

My website may contain links to other websites of interest. However, once you have used these links to leave my site, please note that I do not have any control over the destination website. I therefore cannot be responsible for the protection and privacy of any information which you provide whilst visiting other sites and such other sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


If you wish to discuss any of the above, please do not hesitate to ask me. 

Dr Jo McColl

bottom of page