Privacy Notice & Professional Terms of Service

1. Introduction & Accountability

I am Eva Lychrou, a psychotherapist accredited by the UKCP (Reg. No 2011161904). I am committed to protecting your privacy and being transparent about how I handle your personal information. I am registered as a Data Controller with the Information Commissioner’s Office (ICO) under registration number 09910303838.

2. Why I Collect Your Data

In accordance with the UK GDPR, I process your data under the following legal bases:

  • Contractual Necessity: To provide the psychological therapy you have requested.

  • Legal Obligation: To comply with UK laws requiring health professionals to maintain appropriate clinical records.

  • Special Category Data (Health): I process your mental health information under Article 9(2)(h) of the GDPR (Health or Social Care).

  • Consent: For specific actions like marketing or recording sessions. You may withdraw consent at any time by emailing info@evalychrou.com.

3. Information Collected

I may collect the following via email, telephone, or in person:

  • Personal Identity: Name, DOB, occupation, and marital status.

  • Contact Details: Address, email, and telephone number.

  • Emergency Contact: Name and details of your Next of Kin/GP.

  • Clinical Information: Medical history, current medications, and brief session notes.

  • Recordings: Video/audio of sessions (only with your explicit, separate written consent).

4. Confidentiality & Disclosure

Your information is confidential and will not be shared without your permission, except in these specific circumstances:

  1. Clinical Supervision: As required by the UKCP, I discuss my work anonymously with a supervisor to ensure quality of care.

  2. Safeguarding & Risk: If I believe you or someone else is at risk of serious harm, I may contact your GP or emergency services. I will aim to discuss this with you first.

  3. Legal Mandate: If required by a court order or laws related to terrorism or money laundering.

  4. Clinical Will: If I am unexpectedly unable to work (e.g., due to illness), a designated Professional Executor will access your contact details to notify you.

5. Security & Storage

I use highly secure electronic systems and managerial procedures to prevent unauthorised access.

  • Digital Data: Stored on encrypted, password-protected devices.

  • Third-Party Platforms: My website is hosted on Squarespace, which is compliant with UK-US data privacy frameworks.

  • Data Retention: I retain clinical records for 7 years (as required by professional indemnity insurance). After 7 years, all digital and physical records are securely destroyed.

6. Your Rights

Under the GDPR, you have the right to:

  • Access: Request a copy of the information I hold about you.

  • Rectification: Request that I correct any inaccurate data.

  • Erasure: Request that your data be deleted (note: this may be limited by my legal requirement to keep clinical records for 7 years).

  • Portability: Request your data be transferred to another professional.

To exercise these rights, please write to: Eva Lychrou, 65 York Street and Wyndham Place, London, W1Η 1PQ.

7. Professional Terms (The "Business" Side)

  • Cancellations: I require 24 hours’ notice for cancellations. Late cancellations or missed sessions will be charged at the full rate.

  • Payment: Fees are payable after the end of the session via credit card and bank transfer.

  • Complaints: If you have concerns about my data practices, contact the ICO (0303 123 1113). For concerns about clinical practice, you may contact the UKCP.