Privacy Policy

Privacy Policy

On 25 May 2018 the law changed with regard to how organisations have to protect your ‘data’ (personal details and records) and this is called the General Data Protection Regulation or GDPR. The following summary highlights how GDPR is being implemented, by explaining why confidential information is held and how this is protected. Further information about GDPR can be found at

The registered data controller for the service is Dr Helen Galloway.

The purpose of collecting and processing your data is to provide you with a service (psychiatric/psychological care). It is assumed that by engaging with the service you are consenting to records being kept. Keeping records is an essential component of healthcare, which aids in understanding how best to help and forms the basis of any reports needed. The lawful basis under which your data is processed is legitimate interest. The data collected may be described as ‘special category data’ and this is processed under the conditions highlighted by GDPR Article 9”(2)h.

Your confidentiality is maintained at all times (i.e. your information is not shared), unless you have explicitly consented, or there are exceptional circumstances such as risk to yourself or others. In these circumstances, other services such as your GP or police may be contacted without your consent as this is a recognised professional obligation.

Consultation notes and questionnaires will be held for varying lengths of time depending on the content (and then carefully disposed of). Some records may be held indefinitely, e.g. if there were any issues of concern that could lead to police investigation in the future. Your records will be kept for 7 years after the conclusion of our contact, in line with British Psychological Society guidance.

All information recorded on paper will be securely stored in a locked filing cabinet. Confidential digital information will be stored in a secure cloud service offering high levels of security. Confidential information sent by the psychologist via the internet will be securely sent through Protonmail with end-to-end encryption. Letters sent to professionals such as GPs, by surface mail, will be clearly marked Confidential. All electronic devices (e.g. computer, laptop and phone) used to access stored information will themselves be password protected.

Right of access; a ‘subject access request’ or SAR can be made for copies of records but there may be an admin charge and these will be provided within 1 calendar month of the request being made.

If you have any questions about this policy, please discuss them with Dr Galloway at The St Andrews Practice.

Our Vision

Sustainable innovations for mental health & wellbeing


Treating the whole person, emphasising the connections between the mind and the body.


We believe passionately in connecting with people to build relationships that enrich lives.


Strategic, purposeful approach to effective collaboration, partnership, and support that furthers the organization’s mission beyond profit.

Mission Statement

To help you inhabit your strengths, cope with life’s challenges, and thrive in your unique way

Growth Mindset

The cultivation of learning, resilience and adaptability, viewing problems from multiple perspectives.


We are not afraid to be different. We try new things and embrace progress. We are committed to being and staying on the cutting edge.


Advocating for the human rights, dignity, and diversity of every person, with respect and compassion.