Privacy Policy for The Career Psychologist Services

This Privacy Policy explains how Sinead Brady trading as The Career Psychologist (“I,” “me,” or “my”) collects, uses, stores, and protects your personal data when you engage with my career psychology services (“Services”). 

I am deeply committed to protecting your privacy and handling your data according to the General Data Protection Regulation (GDPR) and the ethical guidelines of the Association for Business Psychologists (ABP), the British Psychological Society (BPS), and the Career Development Institute (CDI).

 

1.Your Data Controller

I am the data controller responsible for your personal data:

Sinead Brady, The Career Psychologist

Moodogue, Ballyjamesduff, County Cavan

[email protected]

 

2. What Personal Data Do I Collect?

To provide my services effectively, I collect and process the following types of personal data:

  1. Contact Data: Your email address, postal address, and telephone numbers.
  2. Career History Data: Your employment history, educational background, skills, qualifications, achievements, career aspirations, and job search activities. This information is not stored or recorded separately by The Career Psychologist, except where it forms part of anonymised session notes. These notes are securely stored, password-protected, and kept separate from identifying contact information.
  3. Correspondence Data: Records of our communications (e.g., emails, session notes).

Please note: I do not collect or process sensitive personal data such as gender, date of birth, health information, racial or ethnic origin, sexual orientation, religious, or philosophical beliefs. My focus is purely on your career development journey and leadership identity.

 

3. How Do I Collect Your Personal Data?

I collect your data primarily through:

  1.  Direct Interactions: When you engage my services, complete intake forms, participate in sessions, or communicate with me via email or phone.
  2.  Third Parties: I do not actively seek, receive information from, or share information with third parties regarding your personal data.

 

4. My Lawful Basis for Processing Your Data

I’ll only process your personal data when I have a lawful reason to do so, as defined by GDPR:

  1.  Contractual Necessity: Processing is necessary for me to fulfil our agreement and provide you with the services.
  2.  Legitimate Interests: Processing is necessary for my legitimate interests (e.g., for administrative purposes, to improve my services, to manage my business), provided your fundamental rights and freedoms are not impacted or overridden.
  3.  Legal Obligation: Processing is necessary to comply with a legal or regulatory obligation.

 

 5. How I Use Your Personal Data

I use your personal data for the following purposes: 

  1. To provide you with career psychology services, including coaching, guidance, and development support.
  2. To manage our relationship, including scheduling appointments, invoicing, and communicating with you.
  3. To keep records of our sessions and your progress.
  4. To comply with legal and ethical obligations (e.g., safeguarding concerns, professional supervision requirements).
  5. To improve my services and for internal business analysis (in an anonymised or aggregated form where possible).
  6.  For Quality and Training: Sessions, particularly virtual ones, may be recorded only with your explicit consent. This is for quality assurance and my ongoing professional training. These recordings are handled with the utmost confidentiality, stored securely, and not shared beyond anonymised/pseudonymised supervision unless legally required.

 

 7. Confidentiality

All information shared during career psychology sessions is treated with the utmost confidentiality. This commitment holds true regardless of whether you are personally funding the services or your organisation is providing sponsorship. Your privacy is paramount, and your individual information is always protected.

However, there are specific circumstances where confidentiality may be broken, in line with ethical guidelines (ABP, BPS, CDI) and legal requirements:

  1.  Risk of Harm: If there’s a serious risk of harm to yourself, to someone else, or if you are at risk of being harmed by others.
  2.  Legal Obligation: If I’m compelled by a court order or other legal requirement to disclose information.
  3.  Professional Supervision: For the purpose of professional supervision, where cases are discussed in an anonymised or pseudonymised manner to ensure ethical practice and professional development. My supervisor is also bound by strict confidentiality.
  4.  Safeguarding: If I have concerns about the welfare of a child or vulnerable adult.

My primary duty is to your well-being and progress. Therefore, in situations where your safety or capacity to engage effectively might be impacted, I may sometimes suggest that we pause our work together. This would only be done to ensure you can get the specific professional support or rest you need to be in the best possible position to benefit from our career development journey. We would always discuss this openly and collaboratively.

I’ll always try to discuss any potential breach of confidentiality with you beforehand, unless doing so would increase the risk of harm or is legally prohibited.

 

8. Data Sharing and Disclosure

I do not share your personal data with any third parties, except as specifically outlined below:

  1. It is required for professional supervision (as outlined above, in an anonymised or pseudonymised format).
  2. I am legally required to do so (e.g., a court order).
  3. It is necessary to protect your vital interests or the vital interests of another person (e.g., in an emergency).
  4. I use a small number of trusted third-party service providers to support delivery of services, communication, scheduling, storage, and business operations. These providers are contractually bound to process your data securely and only according to my instructions, and they must comply with relevant data protection laws.

These currently include:

  • Kajabi – learning platform (course delivery)
  • Stripe – payment processing
  • Google Workspace – email and file storage
  • Blacknight – secure web and email hosting (based in Ireland)
  • Slack – closed group messaging and communication (only accessible by current clients)
  • OpenAI (ChatGPT) – used for editing or drafting internal content; no personal data is shared, and any reference to client work is strictly anonymised.

 

 9. International Data Transfers

I do not transfer your personal data outside of the European Economic Area (EEA).

 

10. Data Security

I have put in place appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

  1. Encrypted communications (e.g., secure email, video conferencing)
  2. Password-protected systems and devices
  3. Secure cloud storage for electronic records
  4. Physical security for any paper records
  5. Regular review of my security practices

 

11. Data Retention

I’ll keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

In line with BPS guidelines, client records are typically retained for a period of 7 years after our last contact, unless otherwise specified or legally required.

 

12. Your Rights

Under GDPR, you have important rights regarding your personal data: 

  1. Right to be Informed
  2. Right of Access
  3. Right to Rectification
  4. Right to Erasure (“Right to be Forgotten”)
  5. Right to Restrict Processing
  6. Right to Data Portability
  7. Right to Object
  8. Rights in Relation to Automated Decision-Making and Profiling

To exercise any of these rights, please contact me using the details in Section 1. I may request verification of your identity before proceeding. I will respond to your request within one month.

 

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights or freedoms, I will notify you and the relevant supervisory authority in line with GDPR obligations.

 

14. Complaints

If you have concerns about how I’m handling your personal data, please contact me first. I’ll do my best to resolve your concerns.

If you remain dissatisfied, you have the right to lodge a complaint with the relevant supervisory authority.

For Ireland:

Data Protection Commission

www.dataprotection.ie 

 

15. Changes to This Privacy Policy

I may update this Privacy Policy from time to time. The latest version will always be available upon request. I’ll notify you of any significant changes.

 

16. Contact Me

If you have any questions about this Privacy Policy or my data protection practices, please contact me:

Sinead Brady

[email protected]

Moodogue, Ballyjamesduff, County Cavan. 

Last updated: June 2025