The General Data Protection Regulation (GDPR) is concerned with the personal information about you and how it is collected, stored and shared. This is the GDPR statement of by Dr Mari Kovanen, CPsychol, a counselling psychologist offering psychological therapy in person and online as well as related online resources. Here you find information on how I collect, store, and share information collected. Please note that information collected varies according to your interaction with me, i.e. whether you access services online (such as free resources) and/or in person / online therapy.

Web access and collection of information online

When you contact me to request any services, I collect information about you. I also collect information about you when you voluntarily book for a free 15min consultation, complete contact forms and/or subscribe to my mailing list or free online resources. Information is also collected about you when you visit my website by using Google Analytics and cookies. When you enter my website, you are required to confirm whether you allow information to be submitted to Dr Mari Kovanen, CPsychol, before entering the site. If you do not allow personal information collected on the website to be sent to me (do not accept the link emailed to you after the initial sign up), you may be unable to engage in the website activity that requires having your contact details to send you the requested information. I aim to minimise personal information collected when providing a specific service or accessing a specific feature of the website.

  • Storing pre-consultation information (collected when booking a consultation online): When you book online, you are asked to provide some details about you and what you are looking for. The details collected are name, whether seeking online/in-person therapy, individual/couple therapy, reasons for seeking therapy, current coping strategies, whether able to commit to weekly sessions and whether you approve being sent emails relating to therapy sessions.
  • Storing information when accessing free resources: When you sign up for free resources and updates, MailChimp is used for delivering the materials and storing your information. Only your first name and email address are collected. You can update your email preferences at all times by following the link at the end of every email.

Cookies and marketing

On the website you are informed of the use of cookies to ensure the ease of use. Facebook marketing is at times used to inform about new blog posts or other services. If you have visited my website, you may see information about my services and updates.

Health record collection and confidentiality (for the use of therapeutic work only)

Your health record is kept confidential within the service and all information is stored securely. I follow the ethical guidelines of the British Psychological Society (BPS) and HCPC (Health Care Professionals Council) and ICO to ensure that your information about you is collected and stored securely.

When you contact me to access psychological therapy with me, I collect your personal information including: your name, date of birth, address, phone number, email address, family relationships, occupation, previous psychological therapy, medical history, and medication. I keep records of your appointments, brief notes on the topics covered during the sessions and your concerns, and any letters and/or psychometric testing concerning you.

Session related information attendance and topics covered in the sessions will be initially stored electronically without identifying details and protected by a coding system. Your personal details and any information collected during the initial intake meeting (including possible referral letters, questionnaires) are stored in paper format in a locked cabinet. Once you have finished working with me I store hard copies of the sessions notes in your file that is in a locked cabinet. The information is kept up to 7 years after you have completed working with me for legal reasons.

As part of the intake process, I collect information about whether you are happy for your GP to be informed about your contact with me and if additional support is required from them. At times I may seek further consent for sharing information if necessary.

Working with private medical insurance companies: I share your attendance with the referring insurance company. If we need to request further sessions for you, I share some details of your sessions such the focus, progress, and need for further sessions with the insurance company. You get to see the report prior to it being shared and you may request information being omitted if you wish to do so.

Storage Methods for clinical services:

  • Paper written notes as described above
  • Electronic storage: unidentifiable, brief session notes covering the topics covered are held stored electronically and protected with a password until we stop working together. Then the notes are printed out and placed in your hard copy file which stored in a locked cabinet.
  • Phone: I use a very basic mobile phone for communication and I do not store your contact details on it. SMS is not used for general communication.
  • Smartphone is used for using SumUp payments only. It
  • Email: I used GMAIL based email. Your email address and our correspondence will be stored in my email account.
  • Website: your personal information is not stored on my website, other than to momentarily collect & send it to my Gmail account for the purposes of our initial contact. See for further information regarding collecting and storing information for the purposes of accessing free resources online above.

Sharing information


As part of ethical practice, I am required to seek regular consultation with another psychological therapist who is qualified in this process. This is to ensure that I am able to work to my best ability and offer an ethical service that is helpful to you.  The consultation process is also protected by confidentiality and my consultant will not know you personally nor professionally. It takes place verbally and I refer to you by your first name. This process is to ensure my professional development.

You are asked to sign a consent form if your information is necessary to share with a third party. I ask you about sharing information with your GP during the first session. As discussed above the exceptions to sharing information about you may take place if there was a danger to yourself or others.

In case of emergency

If I have a reason to believe that you are at risk to you self, to someone else or there are child protection issues I am required to act upon these concerns. In that case I am obliged to breach confidentiality by speaking to e.g. a crisis team (harm to self) or the police (harm to others / an organisation e.g. in case of terrorism) or child protection services / NCPCC. If I have to breach confidentiality, where ever possible I aim to discuss this with you first.

If I was to encounter an emergency myself and was unable to contact you myself, your name and contact details might be shared with a trusted person to inform you about the changes in our meetings. No other personal information would be shared.


Complaints should be addressed to HCPC. However, to prevent matters from escalating, I hope we can establish a therapeutic relationship, which includes open communication and you are able to raise any concerns in the session. I also hold a Professional Indemnity Insurance.

Your rights

You have the following rights…

  • To be informed what information is collected and how it is stored
  • To see the information I hold about you
  • To rectify any inaccurate or incomplete personal information
  • To withdraw consent to me using your personal information
  • To request your personal information be erased (although if the information is needed for me to practice lawfully and ethically I can decline)

Client agreement

A printed copy of the privacy policy will be given to you and signed by both you and me when therapy starts. This is to acknowledge that we agree on the policy.