Dr Jen Nguyen
Clinical Psychologist in North London, UK
Privacy Notice
Dr Jen Nguyen – Clinical Psychology Practice
Last updated: July 2026
​
Introduction
Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure and will only be used for the purposes for which it was given to me. I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
​
This privacy notice explains what I do with your personal information from our initial point of contact, throughout our work together, and after your therapy has ended. It covers:
​
-
why I am able to process your information and what purpose I am processing it for;
-
whether you have to provide your information to me;
-
how long I keep it for;
-
whether there are other recipients of your personal information;
-
whether I intend to transfer it to another country;
-
whether I carry out automated decision-making or profiling; and
-
your data protection rights.
I am happy to talk through any questions you may have about how I handle your information. You can contact me by email at contact@drjennguyen.com.
‘Data controller’ is the term used to describe the person or organisation that collects, stores, and is responsible for people’s personal data. In this instance, the data controller is me, Dr Jen Nguyen, a Clinical Psychologist operating as a sole trader.
I am registered with the Information Commissioner’s Office (ICO) as a data controller. I am also registered with the Health and Care Professions Council (HCPC), the statutory regulator for practitioner psychologists in the United Kingdom.
My business correspondence address is: Dr Jen Nguyen, 27 Old Gloucester Street, London WC1N 3AX, United Kingdom.
My email address is: contact@drjennguyen.com. Please note that, as an online practice, email is my primary means of contact.
​
My lawful basis for holding and using your personal information
Data protection law requires me to have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data:
​
Considering or receiving therapy: If you are in contact with me to consider therapy, or if you are currently having therapy, I process your personal data where it is necessary for the performance of our contract.
​
After therapy has ended: Once our work together has ended, I rely on legitimate interests as my lawful basis for retaining your personal information for the period described in this notice – for example, to maintain an accurate clinical record and to meet my professional and legal obligations.
​
Special category (health) data: The information you share with me in therapy includes sensitive personal information about your health. This is known as ‘special category personal data’. My lawful basis for processing this information is that it is necessary for the provision of health treatment (in this case, psychological therapy) and is carried out by, or under the responsibility of, a health professional bound by a duty of confidentiality (Article 9(2)(h) of the UK GDPR).
​
How I use your information
Initial contact
When you contact me with an enquiry about my services, I will collect the information needed to respond to you and to assess whether I can help. This typically includes your name, contact details, and a brief description of what you are seeking support with.
​
If, following an initial enquiry or consultation, you decide not to proceed, I will securely delete your personal data within 6 months. If you would like me to delete this information sooner, please just let me know.
​
While you are accessing therapy
Everything you discuss with me is confidential. That confidentiality will only be broken where there is a risk of serious harm to you or to others, where there are safeguarding concerns – including concerns about the welfare or safety of a child or a vulnerable adult – or where I am required to disclose information by a court order or other legal obligation. Wherever possible, I will discuss this with you first, unless doing so would increase a risk of harm.
​
I keep a record of your personal details to help my service run smoothly. These records are stored securely within WriteUpp, my practice management system (see ‘Data security’ below), and are not shared with any third party except as described in this notice.
​
I keep written clinical notes of each session. These are stored securely within WriteUpp.
​
Our sessions take place online via Microsoft Teams. Where a client prefers not to use Teams, I can offer sessions via Zoom or the video platform built into WriteUpp. I do not record sessions.
​
For security reasons, I do not retain text messages for longer than is necessary. If a text message contains information relevant to your care, I will record it within your secure clinical notes in WriteUpp and delete the original message. Likewise, email correspondence that is not clinically relevant will be deleted once it is no longer needed; where an email contains relevant information, it will be saved to your secure record.
​
After therapy has ended
Once our work together has ended, your clinical records will be kept for 7 years from the date of our last contact, after which they will be securely deleted. This retention period reflects professional guidance for the keeping of psychological records for adults. If you would like me to delete your information sooner, please tell me, and I will discuss with you what I am able to do while meeting my professional and legal obligations.
​
Third-party recipients of your personal data
I sometimes share personal data with carefully selected third parties who process data on my behalf, and only where necessary to provide my service to you. In each case, I ensure there is a contract in place that sets out what they may do with the data, and that they use your information only for the task for which they have been engaged. These include:
​
-
WriteUpp – my practice management system, used to store your records, clinical notes, and booking information, and (where used) to host video sessions. WriteUpp is ISO 27001 certified and UK GDPR compliant.
-
Microsoft (Microsoft Teams) – used to deliver online sessions. Where you prefer an alternative, Zoom may be used instead.
-
Wix – the platform that hosts my website (see ‘Visitors to my website’ below).
-
Stripe – the payment provider I use to process card payments securely. When you pay by card, your payment details are handled directly by Stripe under their own privacy terms; I do not store your full card details myself.
-
My professional advisers and regulators – for example, my accountant, HM Revenue & Customs (HMRC), the ICO, or the HCPC, where I am required to share information to meet my legal, tax, or professional obligations.
I may also share information with other healthcare professionals (for example, your GP) where this is necessary to keep you safe, but wherever possible I will discuss this with you first.
​
Transfers outside the UK
Some of my service providers may store or process data on servers located outside the United Kingdom. Where this happens, I take care to use providers that offer appropriate safeguards for your data as required by UK data protection law (for example, adequacy regulations or standard contractual clauses). I do not otherwise transfer your personal information to another country.
​
Automated decision-making and profiling
I do not carry out any automated decision-making or profiling using your personal information.
​
Your rights
I try to be as open as I can about the personal information I hold. You have the right to:
​
-
ask for a copy of the information I hold about you;
-
ask me to correct any information that is inaccurate;
-
ask me to delete your personal information;
-
ask me to restrict or limit how I use your information;
-
object to my use of your personal data in certain circumstances; and
-
ask for information about where your data came from and who it may be shared with.​
Some of these rights are qualified where I have a legal or professional obligation to retain your information. To make a request about any personal information I may hold, please put your request in writing to contact@drjennguyen.com.
​
If you have any concerns about how I handle your personal data, please do not hesitate to contact me – I would welcome any suggestions for improving my data protection practices. If you wish to make a formal complaint, you have the right to contact the ICO, the statutory body that oversees data protection law in the UK. More information is available at ico.org.uk/make-a-complaint.
​
Data security
I take the security of your data very seriously and make every effort to keep it secure. My clinical records and booking information are stored within WriteUpp, an ISO 27001 certified, UK GDPR compliant practice management system, accessed using strong, unique credentials. I access my systems using password-protected and encrypted devices, and I do not keep paper records of your personal information. Online sessions are delivered over secure, encrypted video connections.
​
Visitors to my website
My website is hosted on Wix. When you visit my website, Wix’s built-in analytics tools collect standard internet log information and details of visitor behaviour patterns – for example, the number of visitors to different parts of the site. This information is processed in a way that does not identify individual visitors, and I do not attempt to identify people who visit my website. I rely on legitimate interests as my lawful basis for this limited processing, in order to understand and improve my website.
​
Like most websites, my site uses cookies to help it work efficiently. Non-essential cookies are only used with your consent, which you can manage through the cookie settings on my website. You can read more about how Wix processes data in its own privacy notice at wix.com.
If you complete a contact or booking form on my website, that information will be handled as described in this notice.
​
Changes to this privacy notice
I may update this privacy notice from time to time. Any changes will be posted on my website, and the ‘last updated’ date above will be revised accordingly.