We understand that your health care information, including appointments, is personal and sensitive. Without confidentiality, it would be very difficult to build enough trust in the relationship between you and The Psychology Rooms. The respecting of client confidentiality is a fundamental requirement for keeping trust. We are committed to maintaining the confidentiality of your information and providing you with information regarding our Privacy Policy.

This Privacy Policy explains when and why we collect personal information about people who use our service, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

The Privacy Policy is set in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) 2018. As per these laws, Dr Yvonne McNeill is known as the data controller.


The Psychology Rooms is a private Clinical Psychology service that offers psychological therapies to individuals, provides clinical opinion on medical treatment when requested to by medical consultants and with patients consent and provides Medico legal assessment to lawyers with patients consent.

Assessment and treatments are carried out in accordance with the British Psychological Society’s standards and guidelines https://www.bps.org.uk/psychologists/standards-and-guidelines.


Demographic information: The personal information we collect might include your name, address, email address in order to register you with our service and organise your appointment confirmation.

Clinical Information. For the purposes of providing treatment, the Practice requires detailed medical information and information required to deliver a clinical service to you under the terms of an agreed clinical contract (for example, background history). We will only collect what is relevant and necessary for your treatment.

When you visit, we will make notes which may include details concerning your medication, treatment and other issues affecting your physical and psychological wellbeing. During therapy appointments we are required to record relevant information that you provide to us. We do this by taking handwritten notes during sessions which are stored in a physical file. We may use this information to create a report, should you or your insurance provider request it.

Financial Information: If you pay directly for your care, we will use your card information to process payment. Your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions
Information from third parties: We may also collect information about you from third parties for example if we need to gather information from another health professional (such as your GP/ consultant or Psychiatrist) to provide a complete health assessment. We would only do this with your consent/ knowledge.

Information to and from insurance company: Your insurer will already have information regarding your demographics, insurance policy and referring diagnosis. The Psychology Rooms will share information regarding the date of your appointment and changes in diagnosis if necessary. Only with your consent/knowledge will reports be provided to your insurer.


How long do we keep your information? The Psychology Rooms will process personal data during the duration of any treatment and will continue to store only the personal data needed for eight years after the contract has expired to meet any legal obligations. After 8 years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
During your treatment your clinical information is held in written notes in your psychology file which is stored in a locked filing cabinet. If you are a patient at the Glasgow Medical Rooms, following discharge your clinical notes are scanned into Glasgow Medical Rooms electronic medical system which is secure. Otherwise paper copies are held securely.

We keep records of invoices, payments and receipts for accounting purposes. We are required to retain this information for 6 years in line with HMRC requirements. After six years we delete and/or shred this information.


The Psychology Rooms will keep your personal information safe and secure, and only staff engaged in providing your treatment will access your patient records. Our administration team will have access to your contact details so that they can make appointments and manage your account. Practitioners will not disclose your Personal Information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests. We will not share your information with third parties for marketing purposes.
The Psychology Rooms will only send reports to other health care providers, insurance companies or lawyers (medico- legal teams, employers) when requested/ acknowledged by and authorised by you.


When you give us personal information, we take steps to ensure that it is treated securely.

During therapy appointments we are required to record relevant information that you provide to us. We do this by taking handwritten notes during sessions which are stored in a physical file. We may use this information to create a report, should you, your GP, insurance provider or lawyer request it. Your psychology therapy notes/file are securely stored in a locked filing cabinet during therapy and on discharge in a secure electronic medical records system.

When processing your invoices with your insurance company The Psychology Rooms uses the secure system established by your insurer. If information must be sent by email, The Psychology uses Gmail as our email client. Gmail is a secure and encrypted email service and is fully GPDR compliant. All reports that are sent electronically are sent as attachments which is password protected.

All reports stored electronically will be stored on a password protected computer and in a password protected file.

All significant data breaches that threaten the security of your information will be reported to the Information Commission Officer.


How can I see all the information you have about me?

You can make a subject access request (SAR) by contacting us. We may require additional verification that you are who you say you are to process this request. We will aim to provide you with this information within one month of your written request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.

What if my information is incorrect?

Please contact us. We may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information in the same format as the subject access request.

How can I have my information removed?

If you want to have your data removed we have to determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.

Right of portability

You have the right to have the data we hold about you transferred to another organisation.

How do I make a complaint?

If you wish to raise a complaint on how we have handled your data, you can contact us by letter to have the matter investigated. If you are not satisfied with our response or believe we are not processing your data in accordance with the law you can complain to the Information Commissioner’s Office https://ico.org.uk