General Data Protection Regulation (GDPR)

Privacy Policy

Published 24th May, 2018

Effective from 25th May, 2018

Issue 1

The current version can be viewed here. (“”).

We care about the privacy of your data and are committed to protecting it. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information. Throughout this policy, when we write “John Thornley” or “we” or “us,” we’re referring to the practice of Dr John Thornley PhD ADHP; Independent Psychotherapist & Counsellor, based in Loughborough, UK.

The scope of this Privacy Policy?

This Privacy Policy (“Policy”) is incorporated into our Terms and Conditions of Service and Document located at our website at (the “Terms and Conditions of Service”) and applies to the information obtained by us through your use of our  website, use of email, Skype service (where applicable) as described in this Policy.

Information collection, storage and use

What Information is collected about you?

When you interact with the website, we do not collect information that, alone or in combination with other data, could be used to identify you (“Personal Data”). Some of the Information we collect is stored in a manner that cannot be linked back to you (“Non-Personal Data”).

The website does not use “cookies”.

Appointment Scheduling

Appointments scheduling services are outsourced, currently by “". These services do not require you to create an account with themselves, however, they do store the following information about you

•   Name

•   Email Address

•   Mobile Telephone Number

•   Any textual notes you may include with your booking

There is no electronic storage of the above data locally at the office. Access to appointment scheduling data from the office is done remotely via a secure web connection.

The stored data may be removed from their database at any time by requesting deletion:- please email me at, with “Reservio Deletion” in the subject line of your message.


The contact email address is "". Unencrypted emails to the office are discouraged for your own protection. Should you wish to contact the office in this way with information you consider sensitive, you should encrypt your message to ensure privacy. From the date of issue of this document, emails containing sensitive information which are not deemed suitably protected will be deleted and unanswered.

Emails are kept on a secure server at “”.

My PGP Public Key can be found at ““, for example, should you use PGP encryption and signing.

SMS (text)

An I do not keep an electronic record of your phone number, I will not be able to recognise your identity. Should you need to communicate with me in this way please identify yourself clearly in the message. I do not discuss case material by SMS. Should you need to do this, please use secure email.


The Skype™ service is outsourced by nature. Privacy issues pertaining to the service can be obtained here “”.


The FaceTime™ service is outsourced by nature. Privacy issues pertaining to the service can be obtained here “”.

Audio Recordings

Audio recordings are sometimes made during a session, such as during a session requiring hypnotherapy, where the client will find it useful to repeat and reinforce the process. Such recordings are kept for approximately one month and then deleted.

Clients are welcome to record their own sessions but these do not fall under the purview of this document.

Client Notes

Client Notes are not computerised. They are hand written and are kept securely under lock and key. They are routinely kept for a period of seven years and then shredded. Should you require their early deletion before this period has elapsed, please email me at “” requesting this with “Client Notes Deletion Request” in the subject line of the message. 

It is suggested this step not be taken lightly, as, should you need to return to therapy later, or you wish to work with another therapist and it might be expedient for me to liaise with your new therapist, I will not be able to opine.

Client notes are strictly for my single use to aid continuity or therapy.

Third Party Enquiries

All client-therapist communication is totally confidential. No communications between therapist (me) and third parties is permissible without the explicit written and signed consent of the client, specifically naming the recipient party.

General Questions

Do we sell or rent your Personal Data?


Does the website use cookies?


How do third-party apps and plugins work?

Some third-party applications and services that work with us may ask for permission to access your Information. Those applications will provide you with notice and request your consent in order to obtain such access or information. Please consider your selection of such applications and services, and your permissions, carefully.

Some third parties’ embedded content or plugins on my Site, such as Facebook “Like” buttons, may allow their operators to learn that you have visited the Site, and they may combine this knowledge with other data they have collected about your visits to other websites or online services that can identify you.

Data collected by third parties through these apps and plugins is subject to each parties’ own policies. We encourage you to read those policies and understand how other companies use your data.

Will you be sent emails?

The only time you will be sent emails is if there has been an issue with an appointment booking and you were unreachable by text.

Should a reply to your enquiry  be necessary, the reply will be encrypted.

Do we ever make any of your Personal Data or User Content public?

No, we do not share Personal Data.

Data storage, transfer, retention, and deletion

Where is my Information stored?

Your personal information, which is kept in the form of hand-written notes, is kept secure to a high standard. It is available to view only to the practice owner.

How can I delete my Personal Data?

You may request the deletion of hand-written notes at any time, although this is not advised until you are sure you will not need to reconsult with the therapist. The procedure for this is given earlier in this document.

How long is Personal Data retained?

Client notes are kept for up to seven years.

Will this Privacy Policy ever change?

The GDPR are new although they have been tabled for some time. However, as with all new legislation, the way the new procedures and regulations are applied in practice may alter and aspects of it may become more pertinent to this practice.

We may need to update this Policy to keep pace with changes in our Site, Software, and Services, our business, and laws applicable to us and you. We will, however, always maintain our commitment to respect your privacy. 

Any alterations to this policy will be available on the website at “”; you will not receive emails to this effect as they are not stored by the practice.