(referred to as “Leanne Gassert”)

Leanne Gassert is aware of her obligations under the General Data Protection Regulation (“GDPR”) and is committed to protecting the privacy and security of each client’s personal information. This policy describes how personal data is collected, used and stored during and after your time as a client.

Please note in this policy:“you”, “your” and “yours’” refers to any client receiving counselling and psychotherapy care at Leanne Gassert, whether current or at any time in the past. “She”, “her”, and “hers” refers to Leanne Gassert t/a “Bruntsfield Counselling and Psychotherapy”.

1. Data controller details

Leanne Gassert is a data controller in that Leanne Gassert determines the processes to be used when using a client’s personal data. Contact details are: Leanne Gassert, Bruntsfield Counselling and Psychotherapy, 43 Bruntsfield Place, Edinburgh, EH10 4HJ.

2. Data protection principles

In relation to your personal data, Leanne Gassert will comply with her obligations under GDPR. This says that the personal information held about you must be:

  • processed fairly, lawfully and in a clear, transparent way;
  • collected only for valid reasons and for the course of your time as a client and not used in any way that is incompatible with this purpose;
  • only used in the way that you have been told about;
  • accurate and up to date;
  • kept only as long as is necessary for the purposes outlined in this privacy policy;
  • processed in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed;
  • kept securely.
3. Types of data/information held

Personal data or information means any information about an individual from which that person can be identified, such as:

  • your personal details including your name, address, date of birth, email address, phone numbers;
  • banking or financial information;
  • gender;
  • marital status;
  • personal medical or health information, including past medical history
  • letters of referral to or from Leanne Gassert regarding your care.

Please note: it does not include data where the identity has been removed

4. How your personal data is collected

Personal data about you is collected in a variety of ways and this will usually start when you make an initial enquiry to Leanne Gassert by phone, visit or book an on-line appointment.

Leanne Gassert keeps both paper and electronic records. Information written down on paper may be transferred to her electronic system. Hard copies containing personal data are kept secure in cabinets that are locked at all times. Electronic copies of data are kept secure on computers that are password protected, backups of data are done via encrypted media and the provider of iCloud storage has confirmed they are taking appropriate measures to protect all personal data stored by her.

5. Why your personal data is processed

GDPR permits Leanne Gassert to process your data for specific reasons only, these are classified as legitimate interests. Most commonly, Leanne Gassert will use your personal information in order to:

  • perform the services contract between you and Leanne Gassert (your requesting care and our agreement to provide it to you constitutes a contract) which will include confirming appointments, informing you of changes to appointments, changes to facilities or services at Leanne Gassert;
  • provide you with the best possible therapeutic care by (where necessary) recording health information which would be in your best interest;
  • carry out legal duties such as those required by me or my appointed regulator;
  • protect your and my legitimate interests, where fundamental rights do not override those interests.

In exceptional circumstances, Leanne Gassert may use your personal information where:

  • to protect your or someone else’s interests;
  • it is in the public interest or for official purposes.
6. How your personal information will be used

Your personal information is collected by Leanne Gassert in order to perform the contract of providing counselling and psychotherapy care to you and to enable her to comply with legal obligations.

7. If you do not provide your data to us

One of the reasons for processing your personal information is to allow Leanne Gassert to perform obligations under the contract with you. If you do not provide your personal data needed to do this, Leanne Gassert will be unable to perform the services of providing care in your best interests Not providing your personal data means that Leanne Gassert will be unable to meet legal obligations and ethical duties and this may prevent her from providing any care to you.

8. Change of purpose

Leanne Gassert will only use your personal information for the purposes for which it has been collected unless it is reasonably considered that she needs to use it for another reason and this is compatible with the original purpose. If any of your personal information is needed for an unrelated purpose, Leanne Gassert will notify you and will explain the legal basis which allows us to do so.

Please note: that she may process your personal information without your knowledge or consent, where this is required or permitted by law.

9. Automated decision-making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

10. Sharing your personal data

Your personal data may be shared with third parties such as in order to keep your GP informed about your progress with counselling and psychotherapy care (where appropriate) or to facilitate a referral to another healthcare practitioner, where this becomes necessary.

11. Data security – protecting your personal data

Leanne Gassert has put in place measures to protect the security of your personal information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. Leanne Gassert has implemented processes to guard against such, including but are not limited to: data encryption, firewalls, up to date security software, data backups, password security protocols, locked filing cabinets for paper files, secured windows and doors at at 43 Bruntsfield Place, Edinburgh, EH10 4HJ, the premises from which she operates.

12. Cookie policy

Leanne Gassert’s website uses basic cookies in order to facilitate use and online experience of the website and ensure that it functions as it is intended to. To avoid any doubt, “cookies” are small text files that are automatically saved to your device when you access

13. How long your personal data is kept for

In accordance with GDPR principles, your personal data is kept for as long as Leanne Gassert needs it in order to perform her professional and ethical obligations under the contract with you, which will be at least for as long as you are a client. Leanne Gassert is legally required to keep your personal data for at least six years after your time as a client has ended. Once Leanne Gassert no longer has a lawful use for retaining your personal information, it will be disposed of in a secure manner that seeks to maintain data security.

In some circumstances Leanne Gassert may anonymise your personal information so that it can no longer be associated with you, in which case she may use such information without further notice to you.

14. Your duty to notify changes to your personal data

It is important that the personal information Leanne Gassert holds about you is accurate and up-to-date. Please keep Leanne Gassert informed if any of your personal information changes during your time as a client with the practice.

15. Your rights in relation to your personal data

GDPR gives you certain rights in relation to the personal data held by Leanne Gassert, as follows:

  • right of access – you have the right to access your personal data being held;
  • right for any inaccuracies to be corrected – if any data is incomplete or inaccurate, you can require it to be corrected;
  • right to be informed – Leanne Gassert is required to tell you how your personal data is used, and this is the purpose of this privacy policy;
  • right to have information deleted – if you would like Leanne Gassert to stop processing your data, you have the right to ask for it to be deleted from Leanne Gassert’s systems where you believe there is no reason to continue to process such data;
  • right to restrict the processing of the data – for example, if you believe the personal data held is incorrect, Leanne Gassert will stop processing such data (whilst still holding it) until you have corrected/updated such data.
  • right to portability – you may request transfer of the personal data held about you for your own purposes.

If you want to access your personal data, review, verify or correct it, request your personal data to be erased, object to the processing of it, or request the transfer of a copy of your personal information to another party, please contact Leanne Gassert by email at or in writing to Leanne Gassert – Bruntsfield Counselling and Psychotherapy, 43 Bruntsfield Place, Edinburgh, EH10 4HJ.

16. No fees

You will not have to pay a fee to access your personal data held by us (or to exercise any of your rights in relation to your personal data set out in this privacy policy. However, Leanne Gassert may charge a reasonable fee for a second or subsequent copy of personal data, or, if your request for access is clearly unfounded or excessive. Alternatively, your request may be refused in such circumstances.

17. What Leanne Gassert may need from you

Leanne Gassert may need to request specific information from you in order to confirm your identity and ensure your right to access the information (or to exercise any of your other rights under this privacy policy). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. You agree to supply this or any other information required in order for Leanne Gassert to meet her obligations under GDPR.

18. Right to withdraw consent

Where you have provided consent to the collection, processing and transfer of your personal data, you have the right to withdraw that consent at any time. There will be no consequences for withdrawing your consent. However, in some cases, Leanne Gassert may continue to use such data where so permitted by having a legitimate legal reason for doing so.

To withdraw your consent, please contact Leanne Gassert by email at: or, in writing and send by post marked for the attention of: Leanne Gassert, Bruntsfield Counselling and Psychotherapy, 43 Bruntsfield Place, Edinburgh, EH10 4HJ.

19. Making A Complaint

If you have any questions about this privacy policy or how your information is handled, please contact Leanne Gassert by email: or in writing and send by post addressed to: Leanne Gassert – Bruntsfield Counselling and Psychotherapy, 43 Bruntsfield Place, Edinburgh, EH10 4HJ.

You have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (“ICO”).