Privacy policy.

Effective Date: [Insert Date]

At [Your Full Name or Trading Name] ("we", "us", or "our"), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, and protect any personal information that you provide when using our website [Insert Website URL], or when engaging with our online therapy services.

This policy is in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and is designed to give you clear information about your rights and how we use your personal data.

1. Who We Are

[Insert Your Full Name or Trading Name] is a sole trader offering confidential online therapy services. Our business is based in [Insert City, e.g., London, United Kingdom]. As the data controller, we are responsible for the handling of your personal data.

Contact Information:

  • Name: [Insert Name]

  • Email: [Insert Email Address]

  • Phone: [Insert Phone Number]

  • Postal Address: [Insert Business Address]

2. What Personal Information We Collect

We may collect and process the following categories of personal data:

a. Information You Provide Voluntarily

This includes information you provide when you:

  • Complete the contact form on our website

  • Send us an email or message

  • Book or inquire about a therapy session

  • Engage with us in therapy sessions (subject to client-therapist confidentiality)

The personal data may include:

  • Full name

  • Email address

  • Phone number

  • Basic background details (only if voluntarily provided)

  • Any other information you choose to submit

b. Information Collected Automatically (if applicable)

If our website uses cookies or analytics tools, we may collect:

  • IP address

  • Browser type and version

  • Device type and operating system

  • Pages visited and time spent on the site

  • Referral source

(If not using cookies/analytics: “We do not use cookies or tracking tools on our website.”)

3. How We Use Your Information

We use your personal data for the following purposes:

  • To respond to your inquiries and messages

  • To schedule, provide, and manage online therapy sessions

  • To maintain necessary records in accordance with professional and legal obligations

  • To improve our services and communication

  • For internal administrative and compliance purposes

We do not use your personal data for marketing purposes and we do not share it with third parties for promotional use.

4. Lawful Basis for Processing

Under the UK GDPR, we rely on the following legal grounds to process your data:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.

  • Contract: Processing is necessary to deliver the services you request.

  • Legal obligation: We may be required to retain certain data for legal or regulatory reasons.

  • Legitimate interests: For limited administrative purposes that do not override your rights and freedoms.

5. Data Retention

We retain personal data only as long as necessary to:

  • Deliver our services

  • Comply with professional, legal, and ethical obligations

  • Resolve disputes or enforce agreements

For therapy-related records, retention periods will follow guidance from relevant professional bodies (e.g., [Insert Professional Body, if applicable]) and may typically range from 5 to 7 years after the end of therapy.

6. Data Storage and Security

We are committed to ensuring your personal data is secure. We implement appropriate technical and organisational measures to protect against unauthorised access, alteration, disclosure, or destruction.

All data is stored securely on encrypted systems. Email correspondence is also protected through secure platforms, and video therapy sessions are conducted through reputable, GDPR-compliant providers.

7. Your Data Protection Rights

You have the following rights under the UK GDPR:

  • Right to access – Request access to the personal data we hold about you

  • Right to rectification – Request correction of inaccurate or incomplete data

  • Right to erasure – Ask for your data to be deleted (where legally permissible)

  • Right to restrict processing – Request limits on how we use your data

  • Right to data portability – Request to receive your data in a commonly used format

  • Right to object – Object to the processing of your data in certain circumstances

  • Right to withdraw consent – You may withdraw your consent at any time where we rely on consent to process your data

To exercise any of these rights, please contact us using the details provided in section 1.

8. Confidentiality in Therapy

As a therapist, confidentiality is a fundamental aspect of the service provided. Any information you share during therapy sessions is treated with strict confidentiality, except where there is a legal or ethical duty to disclose (e.g., risk of serious harm to self or others, safeguarding concerns, or a legal requirement).

9. Sharing of Information

We do not share your personal data with third parties unless:

  • We are legally required to do so

  • There is a risk of serious harm and disclosure is necessary

  • You provide explicit consent to share information (e.g., with a GP or another professional)

  • Our IT or administrative service providers require limited access (only under strict confidentiality agreements)

10. Website Links

Our website may contain links to external websites or resources. Please note we are not responsible for the privacy practices or content of those third-party websites. We encourage you to read their privacy policies if you follow any external links.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and where appropriate, you will be notified by email or website notice.

12. Contact Us

If you have any questions or concerns about how your data is handled, or if you wish to exercise your rights, please get in touch:

[Your Full Name or Trading Name]
Email: [Insert Email Address]
Phone: [Insert Phone Number]
Postal Address: [Insert Address]

If you are not satisfied with our response, you have the right to lodge a complaint with the UK’s data protection authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113

Let me know if you’d like this in a downloadable format (PDF or Word) or styled for your website!