MAKE AN APPOINTMENT

Privacy Policy

HomePrivacy Policy

Last updated: 1 April 2026

1. Introduction

Paula Williams ("I", "me", "my") is committed to protecting and respecting your privacy. This Privacy Policy explains how I collect, use, store, and protect your personal data when you visit this website or engage with my therapy services.

I am registered with the Information Commissioner's Office (ICO) [Registration Number: ZAXXXXXX]. As a psychotherapist, I am bound by professional ethical frameworks (BACP/UKCP) and legal obligations regarding confidentiality and data protection.

This policy applies to all personal data collected through:

  • Website contact forms and enquiries
  • Email communications
  • Therapy sessions (initial consultations and ongoing treatment)
  • Clinical supervision records (anonymised)
  • Marketing communications (with explicit consent)

2. Data I Collect

I may collect and process the following categories of personal data:

2.1 Identity and Contact Data
Name, email address, telephone number, postal address, and emergency contact details.

2.2 Special Category Data (Health Data)
Medical history, mental health information, therapy notes, assessment records, and any other sensitive information you disclose during therapy sessions. This is classified as "special category data" under UK GDPR Article 9.

2.3 Technical Data
IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website (collected via cookies - see our Cookie Policy).

2.4 Usage Data
Information about how you use my website and services.

2.5 Marketing and Communications Data
Your preferences in receiving marketing from me and your communication preferences.

3. How I Collect Your Data

  • Direct interactions: You may provide data by filling in forms, corresponding with me by post, phone, email, or otherwise.
  • Automated technologies: As you interact with my website, I may automatically collect Technical Data about your equipment, browsing actions, and patterns through cookies and similar technologies.
  • Third parties: I may receive personal data from third parties such as your GP or other healthcare providers, but only with your explicit consent.

4. Lawful Basis for Processing

Under UK GDPR, I process your personal data under the following lawful bases:

4.1 Contractual Necessity
Processing necessary to provide therapy services you have requested or to take steps at your request prior to entering into a therapy contract.

4.2 Legal Obligation
Processing necessary to comply with my legal obligations as a registered therapist and business owner.

4.3 Vital Interests
Processing necessary to protect your vital interests or those of another person (e.g., in cases of serious risk of harm).

4.4 Consent
Processing based on your explicit consent, particularly for:

  • Marketing communications
  • Special category health data (therapy records)
  • Sharing information with third parties (e.g., GP, other healthcare professionals)

4.5 Legitimate Interests
Processing necessary for my legitimate interests (e.g., maintaining clinical supervision, defending legal claims), provided your interests and fundamental rights do not override those interests.

5. How I Use Your Data

I use your personal data to:

  • Provide therapy services and maintain therapeutic records
  • Communicate with you regarding appointments, cancellations, and clinical matters
  • Comply with clinical supervision requirements (all case material anonymised)
  • Maintain professional indemnity insurance and regulatory compliance
  • Respond to your enquiries submitted through the website
  • Send you relevant information about my services (with your consent)
  • Improve my website and services

6. Data Retention

I retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Therapy records: Retained for 7 years after the end of therapy (or until your 25th birthday if you were under 18 when therapy ended), in accordance with BACP/UKCP ethical guidelines and insurance requirements.
  • Financial records: Retained for 6 years in accordance with HMRC requirements.
  • Website enquiry data: Retained for 12 months unless a therapeutic relationship is established.
  • Marketing data: Retained until you withdraw consent or opt out.

7. Data Sharing and Third Parties

I respect the confidential nature of therapy. Your personal data will not be sold or shared with third parties except:

7.1 Clinical Supervision
I discuss my work with a qualified clinical supervisor to ensure ethical and professional standards. All identifying information is anonymised or disguised.

7.2 Legal and Ethical Exceptions
I may breach confidentiality if:

  • There is risk of serious harm to you or others
  • There is a legal requirement (court order, terrorism, money laundering)
  • There is safeguarding concern regarding a child or vulnerable adult
  • Required by my professional body for complaint investigation

7.3 Service Providers
I may use third-party service providers for:

  • Website hosting and maintenance
  • Email services
  • Payment processing
  • Electronic health record systems (encrypted and GDPR-compliant)
All third parties are required to respect the security of your data and treat it in accordance with the law.

8. International Transfers

Your personal data is stored and processed within the UK and European Economic Area (EEA). If any processing occurs outside these areas, I ensure appropriate safeguards are in place (e.g., adequacy decisions or standard contractual clauses).

9. Data Security

I have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These include:

  • Encryption of electronic therapy notes
  • Password-protected devices and files
  • Secure storage of physical records
  • Confidentiality agreements with all third parties
  • Regular security updates and backups

10. Your Legal Rights

Under UK data protection laws, you have rights regarding your personal data:

  • Right to Access: Request copies of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data where there is no good reason for continued processing.
  • Right to Restrict Processing: Request restriction of processing in certain circumstances.
  • Right to Data Portability: Request transfer of your data to you or another party.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Rights regarding automated decision-making: I do not use automated decision-making.

To exercise these rights, please contact me using the details below. I will respond within one month.

11. Your Right to Complain

If you have concerns about how I handle your data, please contact me first. You also have the right to complain to the Information Commissioner's Office (ICO):

ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

12. Changes to This Policy

I may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

13. Contact Details

Data Controller: Paula Williams
Email: contact@paulapsychotherapist.com
Address: Hubspace, Devonshire Business Centre, Letchworth, Herts SG6 1GJ