top of page

Privacy Policy for Dr Lana Jackson Ltd


Dr Lana Jackson Ltd (trading as Dr Lana Jackson Psychology) takes the privacy rights of all its clients seriously and adopts a high standard of compliance and confidentiality when dealing with your data. 


In this privacy policy “we”, “us” or “our” means Dr Lana Jackson Ltd. 


This document provides information on how Dr Lana Jackson Ltd handles your personal information. Dr Lana Jackson Ltd is a private clinical psychology service. The information that we hold is confidential and often sensitive in nature. Any personal information we hold about you is stored and processed under our data protection policy, in line with General Data Protection Regulation (Regulation (EU) 2016/679). We are committed to protecting your privacy at all times. 


We keep this privacy policy under regular review and we will make any updates necessary on this web page. We will endeavour to get in touch directly to update you on any changes that we make.


It is very important that the information we hold about you is accurate and up to date.  Please let us know if at any time your personal information changes by emailing us at


Why do we need to collect information about you?

We are required by the Health and Care Professions Council (HCPC) and British Psychological Society (BPS) to keep documentation of your personal data. The personal and sensitive data we collect is necessary for us to provide good quality psychological assessment and treatment services to you.


What information we collect

Personal data means any information capable of identifying an individual. We may process the following categories of personal data about you:

  • Personal Data: We will collect personal details such as your/your child’s name, phone number, address, email address, education or employment, GP details, and insurance details if applicable.

  • Sensitive Data:  We need to collect the following personal data about you, your child and any services you receive from us, which is known as special category data under the law, meaning that it must be handled even more sensitively.  This may include the following:

    • Personal details such as racial or ethnic origin, religion, or sexual orientation.

    • Details of the mental and physical health of people within the family, including information about any health or social care you may have received from other providers such as GPs, hospitals, as well as medications administered.

    • Background information relevant to the presenting problem such as family relationships and early childhood development.

    • Assessment, treatment, and consultation notes, including letters, notes, assessments and questionnaires associated with any support we offer.

By providing us with special category data you confirm that you specifically consent to our processing of that data.

We have a legitimate interest in using this data as clinical psychologists to provide psychological assessment and intervention, in accordance with the guidelines of our governing body the Health Care Professions Council (HCPC).  This ensures best practice care is achieved for our clients and is necessary for us to provide psychological therapy to clients.  We will only use your data for the purpose of providing these services to you and for processing payment for these services.  We also collect information through cookies to track how people use our website to help improve the way we provide content to users (see below for more details). Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.


What we do with your personal information

We will only use your personal information to provide the services you have requested from us. If you do not provide the personal information requested, then we may be unable to provide a therapy service to you. We use the information we collect to: 

  • Provide the best possible support and service to you/your child.

  • Maintain, improve and administer our services.

  • Process payment for such services.


How we collect information

The information will be provided by yourself directly to Dr Lana Jackson Ltd, via online enquiry, email, telephone call or face to face/online session. With your explicit consent, we may also obtain data from other agencies involved in your/your child’s care such as GPs, previous mental health workers or teachers if this seems appropriate and useful.  


If you are referred by your health insurance provider, or case management service, then we may also collect and process personal and sensitive data provided by that organisation/third party. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.


We may automatically collect certain data from you as you use our website by using cookies and similar technologies.  Please see our Cookie Policy for more details about this below.


How we ensure the security of your information

  • Paper-based patient records and notes are kept to a minimum and stored in a locked filing cabinet. Data stored on paper will be shredded and disposed of securely when it is no longer required and/or has reached the end of the data retention period.

  • Personal information is minimised in phone and email communication. Sensitive personal data, including letters, will be sent to clients in an email attachment that is password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. We will never use open or unsecure Wi-Fi networks to send any personal data.

  • Patient information is securely stored through Cliniko, a clinical practice management software that utilises advanced security measures, including data being sent via HTTPS (end-to-end encryption). Cliniko uses a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm. All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.

  • Basic patient contact details (name and email address) is stored on Xero our accounting and invoicing software.

  • Any computers or mobile devices containing personal information are password protected and protected with a passcode/thumbprint scanner.

  • Electronic data will be backed up regularly and these backups will be tested regularly. Where data is uploaded to cloud systems, these will be compliant with GDPR.


Data retention

We retain your personal information as long as is necessary to provide our services and to comply with our legal and professional obligations. Personal data is retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) [1] and The Health and Care Professions Council (HCPC; 2017) [2]. For clients under the age of 18, personal data is retained until their 26th birthday or seven years after our last contact whichever is the later.


You have the right to ask for the information we hold on you to be erased prior to this time. However, in this event, we have to determine if we need to keep the data. Reasons for this could include legal issues or if the request falls within the timeframe that there is a professional regulatory reason to hold data. In this instance, we may not be able to erase your data before that time has passed, or until legal issues are finalised.


Sharing your information

All the information you share with us is strictly confidential. However, the following exceptions apply:

  • If you are referred from a case management organisation, an insurance company, or if your sessions are funded by an organisation such as a local authority, they may require information about the assessment, treatment plan and outcome of treatment to be shared. We will also share appointment schedules with that organisation for the purposes of billing. 

  •  If significant risk towards yourself/your child or others is identified, confidential information may be shared with the NHS or other statutory services. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.


If you would like us to share information about your/your child’s treatment with outside organisations that are directly involved in your/your child’s care/case, for instance, your GP or psychiatrist, or your child’s school, we will require your consent. We will tell you with whom we would discuss your/your child’s care, and what details we would share with them.  


Clinical psychologists are required to have regular clinical supervision to discuss their work with another psychologist. This is to ensure that best practice is followed, and to support the psychologist’s continued professional development. Conversations about your treatment in supervision are confidential and held anonymously.


External professional advisers (such as our accountant) may be given access to our invoicing software (Xero).


We require all third parties to whom we transfer your data to respect the security of your personal data and treat it in accordance with the law.  We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.  


We will never use or share your personal information for marketing purposes. 


Your data protection rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.

  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.


Please contact us at  if you wish to make a request.


Cookie Policy

Cookies are small text files which are placed on your computer by websites you visit. They are widely used to ensure websites work efficiently, alongside providing insight about the volume of visitors to the website and how visitors move around the website. Cookies are sent automatically by websites as they are viewed, but in order to protect a user’s privacy, a computer will only permit a website to access the cookies it has sent, and not the cookies sent by other sites. Users can also adjust the settings on their computer to restrict the number of cookies that it accepts, or notify them each time a cookie is sent. For further information about cookies please visit


What sort of cookies do we use on our website?

There are several Cookies that are stored when you visit our website. These are used by us to monitor the performance of the website.


We use Google Analytics, a popular web analytic service, to analyse how users use the site. It counts numbers of visitors and tells us things about their behaviour overall, such as typical length of stay on the site or average number of pages a user views. We do not directly control these cookies. You can check Googles Analytics privacy policy here for more information:


Can I browse your website without receiving any cookies?

Cookies don’t stay around forever and your web browser will eventually delete them. When a website stores a cookie, it states how long the cookie should stay on the computer for – this can be for the current visit only or for a period of time, for example one week. You can choose to delete our, or any websites’ cookies from your web browser at any time (for help on how to do this, go to You can also set your web browser to not accept any cookies if you wish.


Please note that we only use cookies for the purpose of enhancing your online experience and no personal data is collected from you through this process.


This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.


What happens in the event of a data breach?

To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. In the unlikely event of a data breach we will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. Breaches which carry any risk to data subjects must be reported to the ICO within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects and measures to prevent the breach from happening again. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.


Complaints or queries

If you have any concerns about our use of your personal information, you can make a query or complaint to us at


If you believe that your rights under the GDPR regulation have been infringed, or that the processing of personal data relating to you does not comply with this Regulation, you can inform the ICO (Information Commissioner’s Office): 

Helpline number: 0303 123 1113

ICO website:


Contact Details:

If you have any questions about this Privacy Policy, or your data, please contact us:


Full name of legal entity: Dr Lana Jackson Ltd. (trading as Dr Lana Jackson Psychology). Dr Lana Jackson Ltd is registered with Companies House (registration number 15590796).

Data Protection Officer: Dr Lana Jackson Clinical Psychologist

Email address: 


This Privacy Policy was last updated on the 28th March 2024. This Privacy Policy aims to be compliant with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.


[1] The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.

[2] Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.

bottom of page