Alexandra Stevenson - Clinical Psychologist

privacy policy

1. WHO WE ARE

Alexandra Stevenson is a clinical psychologist registered with the Health and Care Professions Council (HCPC, UK) – Registration No. PYL047237 and the Health Professions Council of South Africa (HPCSA) – Registration No. PS0141500. 

I provide online therapy services to individuals in the United Kingdom and South Africa, as well as in-person therapy in Plettenberg Bay, Western Cape. 

Contact Details: 

  • Address: Plettenberg Bay, Western Cape, South Africa 
 

2. WHAT INFORMATION WE COLLECT

Personal Information 

When you contact me or engage my therapy services, I may collect: 

  • Contact information: Name, email address, phone number, address 
  • Demographic information: Age, gender, occupation (as relevant to therapy) 
  • Clinical information: Session notes, assessments, treatment plans, clinical observations 
  • Payment information: Bank details for invoicing purposes (processed securely) 
  • Communication records: Emails, messages, and phone calls related to your therapy 

Website Information 

When you visit this website, the following may be collected automatically: 

  • Technical data: IP address, browser type, device information 
  • Usage data: Pages visited, time spent on site, navigation patterns 
  • Cookies: Small files stored on your device (see Cookies section below) 

 

3. WHY WE COLLECT YOUR INFORMATION

Legal Basis (GDPR & POPIA Compliance) 

I collect and process your personal information on the following legal grounds: 

  1. Contract Performance: To provide therapy services you have requested
  2. Legal Obligation: To comply with HCPC, HPCSA, and other legal record-keeping requirements
  3. Legitimate Interest: To manage my practice effectively and ensure continuity of care
  4. Consent: For any additional communications (e.g., blog updates, newsletters) 

Purpose of Processing 

Your information is used to: 

  • Provide psychological therapy and clinical services 
  • Maintain confidential clinical records 
  • Communicate with you about appointments and therapy matters 
  • Process payments and maintain financial records 
  • Fulfill legal and ethical obligations as a registered psychologist 
  • Improve my services and website functionality 
  • Send you information you have requested (e.g., blog updates, resources) 
 

4. HOW WE STORE AND PROTECT YOUR INFORMATION

Data Security 

I take data protection seriously and implement appropriate security measures: 

  • Clinical records: Stored securely in password-protected, encrypted systems 
  • Electronic communications: Conducted via secure platforms (Google Meets, encrypted) 
  • Physical records: Kept in locked storage (if applicable) 
  • Payment data: Processed through secure banking systems; I do not store full payment card details 
  • Website data: Hosted on secure servers with SSL encryption (https)
     

5. Data Retention 

Clinical Records: 

  • Retained for a minimum of 7 years after the last contact (HCPC requirement) 
  • Retained for a minimum of 15 years after the last contact for clients under 18 (HCPC requirement) 
  • Or as required by HPCSA and South African law (5 years) 

Financial Records: 

  • Retained for 7 years (UK and SA tax law requirement) 

Website Data: 

  • Retained only as long as necessary for the purpose collected 
  • Analytics data is anonymized and aggregated 

Email Communications: 

  • Retained for the duration of our professional relationship plus 2 years 

After the retention period, all personal data is securely deleted or destroyed. 

 

6. WHO WE SHARE YOUR INFORMATION WITH

Confidentiality 

Confidentiality is fundamental to the therapeutic relationship. I do not share your personal information except in limited circumstances: 

With Your Consent: 

  • When you explicitly authorize me to share information with another professional (e.g., your GP, psychiatrist) 
  • When you request a letter or report for a specific purpose 

Legal or Ethical Obligation: 

  • When required by law (e.g., court order, subpoena) 
  • When there is serious risk of harm to you or others (safeguarding duty) 
  • To comply with HCPC or HPCSA regulatory requirements 

Professional Support: 

  • Anonymized information may be discussed in clinical supervision (no identifying details shared) 
  • Case consultations with professional colleagues (anonymized) 

Service Providers: 

  • Secure IT providers who host my systems (bound by confidentiality agreements) 
  • Accountants for financial record-keeping (minimal data shared) 

No Marketing or Third Parties: 

  • I will never sell, rent, or share your information for marketing purposes 

I will never share your data with third parties for their own use

 

7. INTERNATIONAL DATA TRANSFERS

If you are a UK-based client: 

  • Your data may be stored on servers in South Africa 
  • Appropriate safeguards are in place to ensure equivalent data protection 
  • Your data is protected under both UK GDPR and South African POPIA 

If you are a South Africa-based client: 

  • Your data is stored and processed within South Africa 
  • Protected under POPIA (Protection of Personal Information Act) 
 

8. YOUR RIGHTS

Under UK GDPR and South African POPIA, you have the following rights: 

Right to Access 

You can request a copy of the personal information I hold about you (subject to legal and ethical limitations regarding clinical records). 

Right to Rectification 

You can request that I correct any inaccurate or incomplete personal information. 

Right to Erasure 

You can request deletion of your personal information, except where: 

  • I have a legal obligation to retain records (e.g., HCPC/HPCSA requirements) 
  • Retention is necessary for legal claims 
  • The data is required for safeguarding purposes 

Right to Restrict Processing 

You can request that I limit how I use your information in certain circumstances. 

Right to Data Portability 

You can request your personal information in a structured, commonly used format. 

Right to Object 

You can object to processing based on legitimate interests (e.g., direct marketing). 

Right to Withdraw Consent 

If processing is based on consent, you can withdraw it at any time (this does not affect past lawful processing). 

 

9. HOW TO EXERCISE YOUR RIGHTS

To make a request or raise a concern about how your data is handled: 

Email: therapy@astevenson.co.za 
Phone: 071 689 1134 

I will respond to your request within one month (as required by GDPR). 

For clinical record requests, I will provide a summary or copy within a reasonable timeframe, taking into account therapeutic considerations. 

 

10. COMPLAINTS

If you are unhappy with how your data has been handled, you have the right to complain to: 

UK Clients: 

South African Clients: 

You can also raise concerns with: 

11. COOKIES

What Are Cookies? 

Cookies are small text files stored on your device when you visit a website. They help the website function properly and provide information about how the site is used. 

Cookies We Use 

Essential Cookies: 

  • Required for the website to function (e.g., security, basic functionality) 
  • Cannot be disabled 

Analytics Cookies: 

  • Google Analytics (if enabled) – tracks how visitors use the site 
  • Helps me improve the website experience 
  • Data is anonymized and aggregated 
  • You can opt out using browser settings or Google Analytics opt-out tools 

No Marketing or Tracking Cookies: 

  • I do not use cookies for advertising, social media tracking, or behavioral profiling 

Managing Cookies 

You can control cookies through your browser settings: 

  • Block all cookies 
  • Delete existing cookies 
  • Accept cookies only from specific sites 

Note: Blocking essential cookies may affect website functionality.

 

12. THIRD-PARTY SERVICES

This website may link to external sites (e.g., resources, professional organizations). I am not responsible for the privacy practices of third-party websites. Please review their privacy policies before sharing information. 

External Services Used: 

  • Google Analytics: For website statistics (anonymized data) 
  • Email provider: For secure communication 
  • Video platform (Zoom or equivalent): For online therapy sessions (complies with healthcare data standards) 
 

13. CHILDREN’S PRIVACY

I do not knowingly collect personal information from children under 16 through this website. If therapy services are provided to a minor, appropriate consent from a parent or legal guardian is obtained, and records are managed in accordance with child protection and confidentiality guidelines.

 

14. CHANGES TO THIS PRIVACY POLICY

I may update this Privacy Policy from time to time to reflect changes in: 

  • Legal requirements (GDPR, POPIA) 
  • Professional standards (HCPC, HPCSA) 
  • My services or website functionality 

Any changes will be posted on this page with an updated “Last Updated” date. Significant changes will be communicated to active clients via email. 

 

15. CONTACT & QUESTIONS

If you have any questions about this Privacy Policy or how your information is handled: 

Alexandra Stevenson 
Clinical Psychologist 
Email: therapy@astevenson.co.za 
Phone: 071 689 1134 

Registrations: 

  • HCPC (UK): PYL047237 
  • HPCSA (South Africa): PS0141500 

 

Your privacy and confidentiality are central to the therapeutic work we do together. I am committed to protecting your personal information and handling it with the care and respect it deserves. 

 

SUMMARY FOR CLIENTS 

  • Your therapy is confidential 
  • Your data is stored securely 
  • Records are kept for 7-15 years (legal requirement) 
  • Information is only shared with your consent or when legally required 
  • You have rights to access, correct, or request deletion of your data (within legal limits) 
  • You can complain to the ICO (UK) or Information Regulator (SA) if concerned 

 

This Privacy Policy complies with UK GDPR, South African POPIA, HCPC Standards of Conduct and Ethics, and HPCSA Ethical Guidelines. 

 

Alexandra Stevenson
Send via WhatsApp
Scroll to Top