michael@keelantherapy.ie
+353 83 113 1949

Privacy Policy

Effective Date: June 17, 2025

This Privacy Policy explains how Michael Keelan (trading as Keelan Therapy), an IACP accredited psychotherapist (IACP Member No: M15560), collects, uses, stores, and protects your data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Act 2018 (Ireland).

Our Commitment to Your Privacy

Your privacy is of paramount importance to us. We are committed to protecting your data and handling it responsibly and transparently.

1. Who We Are (Data Controller)

Michael Keelan

Keelan Therapy

Brookville Park,

Drogheda Email:

michael@keelantherapy.ie

Mobile: 083 113 1949

As the Data Controller, Michael Keelan is responsible for deciding how your data is processed and for ensuring that your rights are respected.

2. What Personal Data We Collect

We collect various types of personal data to provide you with psychotherapy services. This includes:

  • Identity Data: Full name, date of birth, address.
  • Contact Data: Phone number, email address, preferred contact method.
  • Emergency Contact Data: Name, relationship, and phone number of your emergency contact/next of kin.
  • Medical & Health Data (Special Category Data): GP name, contact number, and address; details of any medications you are taking; diagnosed mental health conditions; relevant physical health conditions.
  • Therapy-Related Data (Special Category Data): Information about your presenting issues, when they began, past experiences with these issues, and your hopes for therapy. Details of past therapy or counselling attended.
  • Life Circumstance Data: Information about significant life events or changes (e.g., loss, relationship changes, work stress) and details of your support network.
  • Lifestyle Data: Information regarding alcohol, drug, or other substance use; sleep patterns; and engagement in well-being activities (e.g., exercise, hobbies).
  • Additional Information: Any other information you choose to provide that you feel is important for us to know.
  • Session Notes: Brief, factual notes taken during or after therapy sessions, which may include sensitive personal data related to your mental and emotional state.
  • Payment Data: If applicable, records of payments made (but not typically full bank details).

3. How We Collect Your Data

We collect data primarily through:

  • Client Intake Assessment Form: Directly from you when you complete our intake form.
  • Direct Interactions: Through our therapy sessions, phone calls, emails, and other communications.
  • Referrals: If another healthcare professional refers you, they may provide some initial information with your consent.

4. Lawful Basis for Processing Your Data

Under the GDPR, we are required to have a lawful basis to process your data. To provide psychotherapy services, our lawful bases are:

  • Contractual Necessity: Processing is necessary for the performance of the therapeutic contract between us (e.g., scheduling appointments, delivering therapy).
  • Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., maintaining records for continuity of care, professional supervision, clinical governance) and these interests do not override your fundamental rights and freedoms.
  • Consent: For specific purposes, such as contacting your emergency contact or GP (outside of a crisis where a duty of care applies), we will obtain your explicit consent. You have the right to withdraw this consent at any time.
  • Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation (e.g., child protection concerns, court orders).
  • Vital Interests: In rare, life-threatening circumstances, where processing is necessary to protect your vital interests or those of another person (e.g., serious risk of harm).

For Special Category Data (health information), we process this data under:

  • Provision of Health Care: Processing is necessary for preventive or occupational medicine, assessing the working capacity of employees, medical diagnosis, providing health or social care, treatment, or managing health or social care systems and services.
  • Explicit Consent: For specific disclosures outside of direct therapeutic care, we obtain your explicit consent.
  • Protection of Vital Interests: Where it is necessary to protect your vital interests or those of another person, and you are physically or legally incapable of giving consent.

5. How We Use Your Data

We use your data for the following purposes:

  • To provide psychotherapy services to you, including assessment, diagnosis, treatment planning, and delivering therapy sessions.
  • To manage your appointments and schedule.
  • To maintain accurate and comprehensive client records for clinical and professional purposes.
  • To communicate with you regarding your therapy, appointments, or any urgent matters.
  • To facilitate emergency contact if necessary, and with your consent or in a vital interest situation.
  • To facilitate contact with your GP or other healthcare professionals with your consent for integrated care.
  • For clinical supervision, which is a professional requirement for psychotherapists. Your identity will be anonymised or pseudonymised during supervision to protect your confidentiality.
  • To comply with legal obligations (e.g., reporting child protection concerns, responding to court orders).
  • For professional indemnity insurance purposes.
  • For service improvement and research (all data will be anonymised).

6. Data Sharing and Disclosure

Your data is treated with the utmost confidentiality. We will not share your data with third parties without your explicit consent, except in the following limited circumstances:

  • Emergency Contact: If you have given consent, or in a vital emergency where there is a serious risk of harm to yourself or others.
  • GP/Medical Professionals: If you have given consent, or in a vital emergency where there is a serious risk of harm to yourself or others, or for continuity of care.
  • Clinical Supervision: As part of our professional practice, we engage in regular clinical supervision. Your case will be discussed in an anonymised or pseudonymised format to protect your identity. The supervisor is also bound by strict confidentiality and GDPR.
  • Legal Obligation: If required by law (e.g., a court order, child protection concerns under Children First legislation).
  • Professional Indemnity Insurance: In the event of a claim, we may need to share relevant information with our insurance provider, who is also bound by confidentiality.
  • IT Service Providers: We may utilise secure IT systems for record-keeping, email, and communication purposes. These providers are carefully selected for their data security measures and are GDPR compliant.

We do not sell or rent your data to any third parties.

6.1 Use of Practice Management Software (WriteUpp)

We use WriteUpp (https://www.writeupp.com/), a cloud-based practice management software, to securely manage client records, appointments, and therapy notes. WriteUpp is a highly secure platform designed specifically for healthcare professionals and is committed to GDPR compliance.

When you engage with our service, some of your data, including identity information, contact details, and therapy-related data (such as session notes), will be stored on the WriteUpp platform.

  • WriteUpp's Role: WriteUpp acts as a 'Data Processor' on our behalf. This means they process your data strictly in accordance with our instructions and under robust data processing agreements.
  • Data Location: WriteUpp's servers are located within the European Economic Area (EEA), ensuring your data remains within a GDPR-compliant jurisdiction.
  • Security Measures: WriteUpp employs industry-standard security measures, including data encryption, secure data centres, regular security audits, and strict access controls, to protect your information.
  • WriteUpp's Privacy Policy: You can review WriteUpp's privacy policy for further details on their data processing and security practices available at: [https://www.writeupp.com/privacy].

7. Data Security

We implement robust technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Secure Storage: Client notes and personal data are stored securely, either digitally with encryption and password protection (via WriteUpp) or physically in locked cabinets in a secure location.
  • Access Control: Access to your data is strictly limited to Michael Keelan.
  • Confidentiality Agreements: All third-party service providers (e.g., IT support) are bound by strict confidentiality and data processing agreements.
  • Anonymisation/Pseudonymisation: Where possible, especially for supervision or research, data is anonymised or pseudonymised.
  • Secure Communication: We use secure methods for electronic communication where possible.

8. Data Retention

We retain your data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Client records are retained for 10 years after the completion of therapy or the last contact, as specified by our professional indemnity insurance provider. For clients who are minors at the time of therapy, records are typically retained until the client is 25 (or 26 if they are 17 when therapy sessions end) or 8 years after their death, if sooner.

After this period, your data will be securely deleted or destroyed.

9. Your Data Protection Rights

Under GDPR, you have the following rights regarding your data:

  • The Right to Be Informed: To be informed about how your data is collected and used (this Privacy Policy).
  • The Right of Access: To request a copy of the personal data we hold about you.
  • The Right to Rectification: To request that inaccurate or incomplete data about you be corrected.
  • The Right to Erasure (The Right to Be Forgotten): To request the deletion of your data in certain circumstances.
  • The Right to Restrict Processing: To request that we limit the way we use your data in certain circumstances.
  • The Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • The Right to Object: To object to the processing of your data in certain circumstances (e.g., for direct marketing).
  • Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. (Note: We do not engage in automated decision-making or profiling.)

To exercise any of these rights, please contact Michael Keelan at michael@keelantherapy.ie. We will respond to your request within one month, in accordance with GDPR requirements.

10. How to Make a Complaint

If you have any concerns about how your data is handled, please contact Michael Keelan directly in the first instance. We will do our best to resolve any issues that may arise.

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC), the supervisory authority for data protection in Ireland.

Data Protection Commission (DPC) Website: www.dataprotection.ie Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28 Email: info@dataprotection.ie Phone: +353 1 765 0100 or 1800 437 737

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website (if applicable) and/or provided directly to clients. We encourage you to review this policy periodically.

Book A Session