Privacy Policy

 Privacy Statement for Derek Norval Therapies in accordance with General Data Protection Regulation (GDPR)


The aim of this Privacy Policy is to enable clients and potential clients to know how I use and protect the information you share with me in the course of contacting me and/or working with me.

I will make every effort to protect your privacy. All information supplied by you, that could enable you to be identified, will only be used as described in this Privacy Document.

My core aim is to store and use your information in accordance with UK regulations codified by the GDPR office. You can find further information at  The Information Commissioners Office (ICO) is a regulatory body independent of the government.

In the event that it becomes necessary to make changes to this Privacy Statement e.g.; to comply with changes in regulations, such changes will become effective immediately and this document will be updated on my website.

How I collect, store and process your information

As a therapist it is necessary for me to collect contact details; name, email address, postal address, phone numbers etc. in order to respond to your communications and to provide the service you have requested. I may ask for your doctor’s contact details, and any medication prescribed, or purchased over-the-counter, that you are currently taking. I may also ask you about relevant physical or mental conditions that you are living with.

I will also collect information about the problems bothering you, what your desired outcome from my treatment would be and what experience you have had of receiving therapies.  Much of this information will be gathered using a form that will be emailed or posted to you before any treatment commences. The form sets out your rights as a client and requires your signature.

As part of the therapy process, I will need to make notes during the session to enable me, after each session, to create a more detailed record of our work in the sessions.

I am required by a number of legitimate organisations to store some information. Those organisations include:

  • HM Revenue & Customs
  • Insurance company
  • Regulatory authorities

The information will be stored securely on a computer and on paper. It will be coded to avoid identification of clients by any unauthorised person accessing it illicitly. It will be retained for a maximum of seven years from the date of our last session and then destroyed.

Payments Information

In the case of you paying me by cheque, debit or credit card or by electronic transfer, my banker will be in receipt of your name and bank details and I will have no control over how the bank stores your information. This information will be seen by trusted associates contracted to me to perform tasks such as administration including book-keeping, and accountancy on my behalf. They will only have access to your name for record-keeping purposes. They will not have access to the details of our detailed conversations.

Digital Information

To enable me to test the results of any business promotion activities online, I use software applications such as Google Analytics. This measures my presence on Search Engines. This information is statistical and generic and will not be stored with any individual client records.

Mailing List

When you agree to be on my mailing list, you will receive various communications about news updates, special offers or other items that I think you may find interesting. Neither the mailing list, nor any item from it, will be supplied to, or shared with, any person or organisation outside of Derek Norval Therapies.

Security of Information

It is important to me to keep your information safe and secure. I have done everything I can to set up appropriate procedures to keep your information safe and secure from unauthorised access, whether stored on paper or electronically. Paper documents are stored in locked filing cabinets and electronic storage requires a password to access it.

I am bound by regulatory authorities to disclose to appropriate authorities any indication you may state, or imply, that there is a serious risk of you harming yourself or others, or by engaging in terrorism activities.

Occasionally, in order to provide professional development opportunities, your issues may be discussed with other professional therapists. When this happens, no clue as to your identity will be given.

Giving your consent

Initial Enquiry

When you initially contact me to seek information about my available treatments or other professional services such as presentations, talks or workshops, such information as you may give will be used to discuss, in detail, your enquiry with you. By continuing to communicate with me you will be deemed to be giving consent to using your information as stated above and elsewhere in this statement. If you subsequently decide not to use my services, any information you have given me will be destroyed, unless you expressly consent to it being retained for future communication with you.

Working with me

Once you choose to work with me, you will be asked to complete a form consenting to me continuing to store information you have shared with me. Storage and processing will be as described earlier in this statement.

If, at any stage of our working relationship, you feel that a use of your information has not been consented to by you, contact me urgently explaining what you believe are the facts of the situation and I will investigate it.

Your right to access your information held by me.

I will be pleased to facilitate your access to any information about you held by me for any purpose including amendment, updating, copying or deletion. To access any information please contact me on or call 07785 937377.

When storing clients’ information, I make every effort to store accurate and relevant data. You have a right to request the following:

  • Be supplied with copies of your personal information
  • Amend inaccuracies
  • Request that data be deleted/destroyed

Where I am contractually or legally obliged to retain client Information I will be unable to commit to its destruction.  E.g.; regulatory organisation’s requirements, requirements of accountancy or other obligations to comply with UK law.

Security of Client information  

Your information will not be distributed, shared or sold to any third party, individual or organisation. The only exception to this would be a legal obligation to disclose such information.

Other external websites

You may notice links to other selected websites on my website. These have been selected in the belief that they may be of interest to anyone perusing my website. Anyone that chooses to follow a link that leaves my website needs to be aware that I have no control over external websites.

I cannot be held responsible for the safeguarding of privacy of any information you choose to supply to any external website. When visiting any website, you are advised to examine the privacy statement on that site.