top of page

Privacy policy

This privacy policy explains how I (Dr Rebecca Phillips) use any personal information I collect about you, as a past, present service user (client or patient) or when you use this website.

Dr Rebecca Phillips provides psychological therapy and assessment services at a clinic in Winchester/Basingstoke and online. This privacy notice provides information about the personal information I process about you as a data controller, in compliance with the General Data Protection Regulation (GDPR).

My ICO registration number is ZB676406.

Please contact Rebecca Phillips at drrebeccaphillips@proton.me with any questions or requests about the personal information I process.


1. What are your rights?

I am committed to protecting your rights to privacy. They include:

  • Right to be informed about what I do with your personal data

  • Right to have a copy of all the personal information I process about you

  • Right to rectification of any inaccurate data I process, and to add to the information I hold about you if it is incomplete

  • Right to be forgotten and your personal data destroyed

  • Right to restrict the processing of your personal data

  • Right to object to the processing I carry out based on my legitimate interest


2. Why do I collect information about you?

I may collect information about you because you are a patient or client. You might be a claimant who is part of a legal or litigation claim.

I process the data because it is in my legitimate interests as a clinical psychologist to do so. I need to see and analyse documents containing this information in order to carry out an assessment or to deliver psychological intervention.

Another lawful reason for me processing your data may be Legal Obligation. If I am processing “special category data” about you, this is my second lawful reason to do so. This is likely to apply if you are being assessed as part of a litigation claim.

As a client or patient of Dr Rebecca Phillips my lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment. 

3. What information do I collect about you?

I collect information about you that may include personal or sensitive information, such as:

  • First name or given name

  • Family name or surname

  • Address

  • Telephone numbers

  • Date of birth

  • Gender (or preferred identity).

  • Age

  • Date of Birth.

  • Relationships & children

  • Occupation

  • Address

  • Telephone/SMS number

  • Email address

  • Health insurance details

To make sure that you are assessed and/or treated safely and appropriately, I record your personal information, such as your name, address, as well as all contacts you have with me, such as appointments and the results of assessments and letters relating to your care/report. Your data is kept confidential at all times.

I also process personal data pursuant to my legitimate interests in running my business such as:

  • Invoices and receipts

  • Accounts and tax returns

Please see section below on information about my website cookies.

Patients/Clients (Therapy or private assessment)

When you are a patient or client  I record all your treatment and details of your appointment so that I can plan your treatment correctly. In addition to the personal information above, I may also collect information regarding:

  • Medical conditions (if relevant)

  • Prescribed medication.

  • Psychological history and current difficulties.

  • Sexuality

  • Offences (including alleged offences)

  • Financial information, including bank account details (if you are a private patient/client of Dr Rebecca Phillips)

I may collect some of this information from your insurance company if you have one, and some of this information will be collected directly from you.

Clients involved in Legal proceedings / Court Reports.

In the case of a court report I retain the information as required by the courts or your solicitor.

In addition to the personal information above, I may also collect information regarding:

  • Medical conditions (if relevant)

  • Prescribed medication.

  • Psychological history and current difficulties.

  • Sexuality

  • Offences (including alleged offences)

I may be given some of this information from your solicitor or the party instructing me for the purposes of litigation, and some of this information will be collected directly from you.

In many cases, an individual has consented to the transfer of their personal data to me. Where an individual has consented, he or she may easily withdraw it by notifying me (Rebecca Phillips) at drrebeccaphillips@proton.me

Web access collection of information

I collect information about you when you register with us or place any order for services. I also collect information when you voluntarily complete contact forms. I always try to minimise the amount of personal information that I require in order to provide a specific service or feature.

My website uses Cookies. Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.


Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely. Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use. Cookies are placed by software that operates on our servers, and by software operated by third parties whose services we use.

Requests by your web browser to our servers for web pages and other content on our website are recorded.

Information such as your geographical location, your Internet service provider and your IP address may be recorded. Information about the software you are using to browse our website, such as the type of computer or device and the screen resolution may also be recorded.

I use cookies and information provided by your web browser to track how people use my website to help improve the way I provide content to users.


4. How do I store the information about you?

I take your privacy very seriously.

I am committed to taking reasonable steps to protect any individual identifying information that you provide to me. Once I receive your data, I make best efforts to ensure its security.

All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.  More information is provided prior to first appointment.


5. How long do I keep your information for?

I do not keep your data for longer than is necessary.

Administrative data is retained for up to seven years as necessary, in the unlikely event there are queries from HMRC. Where it is not necessary to retain the data for seven years, it is destroyed as soon as possible.

Patients/Clients (Therapy or private assessment)

Personal data is retained, where necessary, for seven years in compliance with my professional indemnity and professional regulations. For clients under the age of 18, personal data is retained until their 26th birthday or seven years after our last contact whichever is the later.

Clients involved in Legal proceedings / Court Reports

Personal data in legal cases is retained, where necessary, for seven years in compliance with my professional indemnity and professional regulations. For clients under the age of 18, personal data is retained until their 26th birthday or seven years after our last contact whichever is the later. Where this is not necessary, it is destroyed on the conclusion of the case.


6. Who do I share your personal information with?

Your information is kept confidential at all times. Where possible I will anonymise information so that individual patients cannot be identified.

If I become aware of your intent to cause harm to another person/organisation (e.g. terrorism), the law may require that I inform an authority without seeking your permission. In such a situation, the law may require that I share your personal information without your knowledge.

By contacting the Information Security Officer, by email and/or using the address below you can also get more details on:

  • agreements I have with other organisations for sharing information;

  • circumstances where I can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;

  • how I check that the information I hold is accurate and up to date

Special category data and personnel files held electronically are encrypted with restricted access.

For those funding through health insurance, personal information including your name, address, date of birth, membership number, authorisation number may be stored on the Healthcode system for the purposes of invoicing your insurers securely.

Patients/Clients (Therapy or private assessment)

In many circumstances I will not disclose personal data without consent.

Your information may be shared with outside organisations if they are directly involved in your care/case, for instance, your insurer if they are funding your treatment, your GP, or others involved in your care. I will discuss with you who I would discuss your care with, and what details I would share with them.

If your health is in jeopardy I may share your contact information with an emergency healthcare service (e.g. Mental Health Crisis Team).

In many circumstances I will not disclose personal data without consent.

However, when I investigate a complaint I may need to share personal information with other relevant bodies.

If I do need to share your information, I will always try and ask for your permission for this. I may not be able to ask your permission under special circumstances where we are legally required to do so.

Clients involved in Legal proceedings / Court Reports

I share personal data internally strictly on a need to know basis.

I do not share personal data with anyone external to the organisation, other than with:

  • With others pursuant to a court order



7. How you can access your information and correct it, if necessary?

I try to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if I hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. I will then supply to you:

  • A description of all data I hold about you

  • Inform you how it was obtained (if not supplied by you)

  • Inform you why, what purposes, I am holding it

  • What categories of personal data is concerned

  • Inform you who it could be disclosed to

  • Inform you of the retention periods of the data

  • Inform you around any automated decision making including profiling

  • Let you have a copy of the information in an intelligible electronic form unless otherwise requested.

To make a request to me for any personal information I may hold you need to put the request in writing. I want to make sure that your personal information is accurate and up to date. You may ask me to correct or remove information you think is inaccurate, please address these changes to me via “How to contact me”.

Clients involved in Legal proceedings / Court Reports

If your concern is related to a case with a solicitor that I am working for, please refer the queries through them. I may not be able to comply with a request to correct information I hold about you where it pertains to a litigation claim – this would need to be discussed with your solicitor.


8. Complaints or queries

I try to meet the highest standards when collecting and using personal information. For this reason, I take any complaints I receive about this very seriously. I encourage people to bring it to my attention if they think that my collection or use of information is unfair, misleading or inappropriate. I would also welcome any suggestions for improving my procedures. If you do have a complaint, contact the Data Protection Officer who will investigate the matter on your behalf.

If you are not satisfied with the response from me or believe I am not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner’s Office (ICO)

Contact information ICO:
Website: https://ico.org.uk/concerns/
Email: casework@ico.org.uk
Telephone: +44 (0) 303 123 1113


9. Who I am and how to contact me?

Dr Rebecca Phillips is the person that you are supplying your personal information to and can be contacted by:

Email: drrebeccaphillips@proton.me

Privacy policy: Welcome
bottom of page