Data protection/ privacy policy

The Principles of this policy

Shelly Walker Therapy shall:

  1. Hold an ICO registration as a lawful holder of client data.
  2. Obtain only appropriately relevant information with regards to the purpose of personal therapy.
  3. Keep personal data accurate and up to date.
  4. Hold information for the recommended time of 7 years, after which any information is removed and securely destroyed.
  5. Take appropriate measures to ensure the security of that data.
  6. Ensure that checks are made as to the GDPR compliance of electronic areas where client data is stored.

What is Data protection?

The data Protection Act aims to protect an individual’s rights and freedom to privacy, in respect of personal data processing.

It applies to paper and electronic records containing personal information relating to living individuals who can be identified from the data.

Individuals have the right to gain access to their own data; they are entitled to make a subject access request in order to do this. This implies access to:

  • A description of their personal data

  • The purposes for which it is being

    ICO Registration

    Shelly Walker Therapy holds a valid ICO registration certificate.

Data Classes

Data classes refers to the type of data which is being held about clients. Blossom Tree Therapy holds the following type of details:

  • Personal details – name, email address, phone numbers

  • Some limited medical information (disclosure of serious health conditions and medication)

  • Doctor’s name and address

  • Client notes which are anonymised

Areas in which hard copy data is stored

Client details are collected by means of a client questionnaire and contract, to be signed by both Shelly Walker and the client – so that both parties have access to the terms of engagement.

Both the contract, questionnaire and any notes shall be kept in a securely locked filing cabinet, accessed only the sole key-holder, Shelly Walker.

Areas in which electronic data is stored

  • Gmail

  • Occasionally clients contact Shelly Walker Therapy via business facebook/ instagram page – all details are deleted immediately from this after reading.

  • Mobile phone (current client phone numbers may be occasionally stored. These are removed once therapy is terminated)

In addition:

  • Website – clients can message directly from this but no email addresses are retained.

All electronic areas where client information is collected/stored are GDPR compliant or are currently preparing for compliance.

Security arrangements

  • Hard copy data: Data is kept in a securely locked filing cabinet, accessed only by Shelly Walker, the sole key holder.
  • Electronic data: No data is retained on the hard drive; Client notes, resources used etc are all kept on, Business laptop is password protected and stored in a locked filing cabinet whilst not in use.

Service Providers

I may employ third-party companies and individuals due to the following reasons:

To facilitate my Service;
To provide the Service on my behalf;
To perform Service-related services; or
To assist me in analysing how my Service is used.
I would like to inform Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on my behalf. However, they are obligated not to disclose or use the information for any other purpose.


I value your trust in providing me with your Personal Information, thus I will strive to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and I cannot guarantee its absolute security.

Links to Other Sites

The Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by myself. Therefore, I strongly advise you to review the Privacy Policy of these websites. I have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children’s Privacy

The Service does not address anyone under the age of 16. I do not knowingly collect personal identifiable information from children under 16. In the case I discover that a child under 16 has provided me with personal information, I will immediately delete this from my server. If you are a parent or guardian and you are aware that your child has provided me with personal information, please contact me so that I will take the necessary action.

Changes to This Privacy Policy

I may update my Privacy Policy from time to time. Thus, I advise you to review this page periodically for any changes. I will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.

Contact Me

If you have any questions or suggestions about this Privacy Policy, do not hesitate to contact me.