Last updated: July 2026
Ljiljana (Lila) Despotovic is a UKCP-accredited Psychotherapist committed to protecting Clients’ personal data and privacy. In accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Data Use and Access Act 2025/26 (DUAA), this privacy policy outlines how personal information is collected, used, stored, and protected in the course of therapy, and how complaints can be made in case of dissatisfaction with how client’s data are being handled.
1. Who is Responsible for Your Data
The Psychotherapist (Ljiljana Despotovic) is the data controller for the personal data collected and held in the course of providing psychotherapy services. She is registered with the Information Commissioner’s Office (ICO) under registration number ZB671815
Contact details:
Ljiljana Despotovic
Email: lila.innerlifecounselling@gmail.com
2. What Personal Data is Collected
The Psychotherapist may collect and process the following categories of personal data in the course of providing psychotherapy services:
- Basic contact details: Name, phone number, address, email address, GP information
- Administrative information: Appointment dates/times, payment information (no card details are stored)
- Health and personal information: Information shared as part of our therapy sessions (e.g. mental health history, life experiences, notes from sessions)
- Sensitive data (Special Category Data): As defined under Article 9 of the UK GDPR, including information about your mental health, sexual orientation, ethnicity, and other personal matters shared during sessions
- Session notes: Brief anonymised notes of key themes discussed in our sessions. The purpose of recording them is for the therapist’s own recollection and to monitor therapeutic work and also need to be retained for lawful purposes.
3. How Data is Collected
Personal data may be collected by the Psychotherapist in the following ways:
- When an individual makes an enquiry or books a session
- During the initial consultation or in the course of ongoing therapy sessions
- Via secure forms or email correspondence, if applicable
- From third-party referrers, with the individual’s explicit permission
4. Legal Basis for Processing Personal Data
Under the UK General Data Protection Regulation (UK GDPR), the Psychotherapist relies on the following lawful bases for processing personal data:
- Contract/Therapy Agreement: To provide and manage the psychotherapy services requested by the Client
- Consent: For collecting and storing special category (sensitive) personal data; explicit consent is obtained at the outset of therapy
- Legal obligation: To comply with legal, tax, accounting, and regulatory requirements
- Vital interests: In rare situations where disclosure of information is necessary to protect the life of the Client or another individual
- Legitimate interests: To maintain appropriate records for clinical supervision, practice development, or professional insurance purposes
5. How Personal Data is Used
The Therapist uses personal data for the following purposes:
- To communicate with Clients about appointments and therapy-related matters
- To provide, review, and manage the psychotherapy services agreed upon
- To maintain accurate and up-to-date clinical records
- To issue invoices and process payments
- To fulfil professional, ethical, and legal obligations (e.g. supervision, insurance, and record keeping)
Personal data is not used for marketing purposes and will never be shared with third parties without the Client’s explicit consent, unless required by law.
6. How Data is Stored and Protected
All personal data is stored securely in accordance with UK GDPR and the Data Protection Act 2018. The Therapist takes appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal information.
Data may be stored in the following formats:
- Electronic records: Stored on secure, password-protected platforms and devices
- Paper records (if applicable): Stored in a locked and secure location
- Emails and online forms: Secured through professional password- protected email systems.
- Client’s name, contact details, GP’s details, emergency contacts and therapy agreement forms are kept separately from session notes.
Access to all data is restricted to the Therapist. No data is shared with third parties unless required by law or with the individual’s explicit consent.
7. How Personal Data is Retained
The Psychotherapist retains Client records for a period of seven years following the end of the therapeutic relationship, in line with guidance from professional bodies and professional indemnity insurers. After this time, all records are securely destroyed.
If Psychotherapy ends before the first full session (e.g. following an initial consultation only), any notes or personal information are typically deleted within three months, unless required for legal or professional reasons.
8. Sharing Personal Information
The Psychotherapist will not share a Client’s personal information without their explicit consent, except in the following situations:
- Risk of harm: If there is reason to believe the Client, or someone else, is at serious risk of harm
- Legal obligation: If disclosure is required by law or court order (e.g. under legislation relating to safeguarding, terrorism, or criminal activity)
- Professional requirements: If disclosure is required by the Psychotherapist’s insurer or professional accrediting body
- Clinical supervision: To ensure ethical and effective practice, the Psychotherapist discusses clinical work in supervision. Client identities are anonymised wherever possible, and supervisors are bound by professional confidentiality
- Incapacity or death of the Psychotherapist: In this unlikely event, a Clinical Executor may access Client contact details to manage the transition. See Section 12 for more information.This process is governed by strict confidentiality and data protection standards
In all other circumstances, the Therapist will only contact or share information with third parties (e.g. a GP, solicitor, or other healthcare provider) with the Client’s prior written consent.
9. Client Rights Under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR), Clients have the following rights regarding their personal data:
- The right to access the personal data held about them
- The right to rectify inaccurate or incomplete data
- The right to request erasure of data, in certain circumstances
- The right to restrict or object to the processing of data
- The right to data portability, where applicable
- The right to withdraw consent at any time (where processing is based on consent)
- The right to lodge a complaint, initially with the psychotherapist, and afterwards if needed with the Information Commissioner’s Office (ICO) at www.ico.org.uk
Requests to access, amend, or delete personal data should be made in writing. The Psychotherapist will respond within one calendar month, in accordance with GDPR requirements.
This privacy policy applies only to the personal data collected and processed directly by the Psychotherapist in the course of providing psychotherapy services.
If a Client finds or contacts the Psychotherapist through a third-party platform (such as the UKCP, BACP, Psychology Today, Better Help or other directory websites), they are encouraged to consult the privacy policies of those platforms directly. The Psychotherapist is not responsible for how those websites collect, store, or process personal data.
10. Complaints
If a Client has any concerns about how their personal data is handled, they are encouraged to contact the Psychotherapist in the first instance (email lila.innerlifecounseling@gmail) to discuss and resolve the issue. You will then expect to receive the information within 30 days of receipt of the request.
If the concern cannot be resolved, Clients have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection:
www.ico.org.uk
Telephone: 0303 123 1113
11. Changes to This Policy
This privacy policy may be updated periodically to reflect changes in the law, professional guidelines, or the Psychotherapist’s practice. The most current version will always be available on the Psychotherapist’s website or provided upon request.
12. In the Event of Incapacity or Death
In the unlikely event that the Psychotherapist becomes physically incapacitated or dies while a Client is still in therapy, a qualified psychotherapist appointed as the Clinical Executor will access the Client’s contact information to inform them of the situation and offer appropriate support, such as referral options.
Client contact details (Name and email address) are securely stored on a password-protected platform. The Clinical Executor is professionally and ethically bound to maintain strict confidentiality and will only use the Client’s data to manage this transition in accordance with data protection legislation and professional standards.
13. Client Consent
By engaging in therapy, you will be invited to give your informed consent in writing before any personal or sensitive data is collected, stored, or shared. This includes:
- Consent for your personal data to be collected, stored, and processed as outlined in this Privacy Policy
- Consent for data to be shared only in specific circumstances (e.g. risk of harm, legal obligations, supervision, or clinical will execution)
- Optional consent for anonymised material from our work to be used for professional purposes such as supervision, training, or writing
You are free to decline or withdraw your consent at any time. Please note if this is the case the therapeutic work may be terminated as the therapist is required to keep appropriate records in line with my insurance and ethical Bodies as well for legal and safeguarding matters.
A written consent form is provided before therapy begins. You are welcome to ask questions or request changes if needed.
14. Cookies and Tracking
This website does not use cookies, tracking technologies, or analytics tools. No personal data is collected automatically when you visit https://innerlife-counselling.co.uk
Your visit is not monitored, and no consent banner is required because no non-essential cookies are in use.
If this changes in future (for example, if analytics tools are added), this Privacy Policy will be updated and a cookie banner will be introduced in line with UK GDPR requirements.
