​

Effective Date: [Insert Date]

This privacy policy explains how we collect, use, store, and protect your personal information when you use our website or therapy services. We are committed to safeguarding your data and ensuring your rights under the UK General Data Protection Regulation (UK GDPR).

​

1. Who We Are

This website is operated by [Your Name or Business Name], a provider of Cognitive Behavioural Therapy (CBT) and Eye Movement Desensitisation and Reprocessing (EMDR) services for women.

If you have any questions, you can contact us at:

Email: [Insert email address]
Phone: [Insert phone number]
Address: [Insert business address]

​

2. What Personal Data We Collect

We collect the following types of personal information through our website and in therapy sessions:

• Name

• Email address

• Phone number

• Information you provide about your mood and reasons for seeking therapy

• Notes, worksheets, and other materials completed during therapy sessions

We do not collect any unnecessary personal data from you and only process your information as necessary for providing our services.

​

3. How We Use Your Information

Your information is used solely for:

• Booking and managing therapy appointments

• Delivering therapy sessions via Microsoft Teams

• Maintaining session notes and supporting materials for therapeutic use

• Complying with legal obligations (e.g., record keeping)

We do not share your information with any third parties unless required by law (e.g., safeguarding concerns or court orders).

​

4. Lawful Basis for Processing

Under the UK GDPR, the lawful bases we rely on for processing your data are:

• Consent – You have given clear consent for us to process your information (e.g., by submitting the online form).

• Contract – Processing is necessary to deliver a therapy service you have requested.

• Legal obligation – We may be required to keep records for regulatory or legal purposes.

• Vital interests – In rare cases, your data may be processed to protect your life or that of another person (e.g., safeguarding).
   

5. How We Store Your Data

All data is securely stored digitally within a private Microsoft Teams channel that is accessible only to your therapist. Microsoft Teams is fully GDPR-compliant and uses encrypted storage.

We keep therapy records for [insert number of years – e.g. 7 years] after your final session, in line with professional guidance and legal obligations. After this period, your data will be securely deleted.
 

6. Your Data Protection Rights

Under data protection law, you have rights including:

• Right to access – You can request copies of your personal data.

• Right to rectification – You can ask us to correct inaccurate or incomplete information.

• Right to erasure – You can request deletion of your data in certain circumstances.

• Right to restrict processing – You can ask us to limit the processing of your data.

• Right to object to processing – You can object to how we use your data in some cases.

• Right to data portability – You can request your data be transferred to another provider.

To exercise these rights, please contact us at [Insert email].
 

7. Cookies and Website Analytics

Our website [does/does not] use cookies or website analytics. If we add this in the future, this policy will be updated accordingly.
 

8. Data Security

We take appropriate technical and organisational measures to ensure your data is safe and secure. This includes encrypted communication, password-protected files, and secure cloud storage.
 

9. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of these sites.
 

10. Complaints

If you have concerns about our use of your personal data, we encourage you to contact us first. You also have the right to complain to the Information Commissioner's Office (ICO):

Website: https://ico.org.uk
Helpline: 0303 123 1113