privacy

Privacy Policy

Introduction

Your privacy is very important to me. You can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.  

This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:  

  • Why I’m able to process your information and what purpose I’m processing it for  
  • Whether you have to provide it to me  
  • How long I’ll store it for  
  • Whether there are other recipients of your personal information  
  • Whether I intend to transfer it to another country 
  • Whether I do automated decision-making or profiling 
  • Your data protection rights 

I am happy to chat through any questions you might have about my data protection policy, and you can contact me via kirsty@journeyofyou.uk.  

‘Data controller’ is the term used to describe the person that collects, stores, and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office ZB499303. 

Name: Kirsty Woodhead  
Phone number is: 07476906257 
Email address is: kirsty@journeyofyou.uk

My lawful basis for holding and using your personal information 

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:  

If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.  

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case therapy) and necessary for a contract with a health professional (in this case, a contract between me and you). 

Initial contact  

When you contact me with an enquiry about my therapy services, I will collect information to help me satisfy your enquiry. This will include name, telephone number, address, email address, availability and the issues or difficulty that you would like to address. Alternatively, your GP or other health professional may send me your details when making a referral.  

If you decide not to proceed, I will ensure all your personal data is deleted within 6 months. If you would like me to delete this information sooner, just let me know.

    While you are accessing therapy

    Rest assured that the vast majority of what you discuss with me is confidential. The expectations to confidentiality where I may need to speak to someone else are: 

    • If I felt, there was a serious risk of harm to yourself or others. 
    • If I felt a child or vulnerable adult was at risk of harm. 
    • Where there is a legal requirement to disclose information. This could be because it has been ordered by court, or because the law requires, for example under the Terrorism Act 2000 or the Drug Trafficking Offences Act 1986, for information to be passed on without consent. 
    • If I become incapacitated or unable to continue work and inform you of this, then my present therapy supervisor will assist you to find additional therapy support if this is necessary. In these circumstances, my supervisor would to gain access to your contact details. 
     I will always try to speak to you about this first, unless there are safeguarding issues that prevent this. 

    I will keep a record of your personal details to help the therapy services run smoothly. These details are kept securely on my password protected laptop and biometric password protected work phone. I will keep written notes of each session. I use electronically software called Cliniko to store your personal data, session notes and carry out online sessions. Cliniko’s serves are located in Australia, however they have the right documentation in place to meet GDPR standards. To read more on Cliniko’s privacy policy please click here. For any paper written notes I will don’t include client names or details, it is the session themes, questions I want to ask clients and actions for me to take after the session, and shred them at the end of each day once.  

    For security reasons I do not retain text messages or emails for more than 2 weeks. I keep a record of all text messages and emails within clients’ folders, under “communications”. 

      After therapy has ended 

      Once therapy has ended your records will be kept and archived for 5 years from the end of our last contact with each other and are then securely destroyed. If you want me to delete your information sooner than this, please tell me. Please note that details of your request, correspondence and a copy of any information disclosed will be held by and this information will be used as evidence we have met our legal obligations. I’m also unable to delete session notes for 5 years from our last session due my insurance policy. 

      Your rights

      I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights on the ICO website.  

      If I do hold information about you I will:  

      • give you a description of it and where it came from 
      • tell you why I am holding its, tell you how long I will store your data and how I made this decision 
      • tell you who it could be disclosed to 
      • let you have a copy of the information in an intelligible form  
       You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.  

      To make a request for any personal information I may hold about you, please put the request in writing addressing it to kirsty@journeyofyou.uk.  

      If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me by emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures.  

      If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ICO website

      Data security

      I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. All information you provide is stored as securely as possible. All electronic records are stored securely on a cloud server using the latest firewalls and data security protocols, and all access is by password-protected authentication. I store your phone number and client reference in my work phone which is password protected with biometrics. 

      Unfortunately, the transmission of information via the internet is never completely secure. Although I will do my best to protect your information using industry-standard protocols and encryption, I cannot guarantee the security of your data transmitted to me via email, including forms completed on my website which are transmitted by email; any transmission is at your own risk. Once I have received your information, I will use strict procedures and security features to try to prevent unauthorised access. 

      Visitors to my website 

      I use Cookiebot as the content management system for my website, find out about Cookiebot privacy policy on their website.

      Like most websites I use cookies to help the site work more efficiently, to find out about my use of cookies read below.  

      No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me. 

      Cookies

      I and our trusted partners use cookies and other technologies in our related services, including when you visit my Site or access my services. 

      A "cookie" is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and my Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

      The Site uses the following types of cookies:

      a. 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 

      b. 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 

      c. 'third party cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyse our web access.

      Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by me, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited. 

      Third party collection of information

      Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to. 

      This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties which we may disclose information as set forth in this Privacy Policy. 

      Transfer of data outside of the EEA

      Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.

      Marketing

      I do not use your Personal Information, such as your name, email address, telephone number, etc. or provide it to third party subcontractors for the purpose of providing you with promotional materials..  

      Please note that even though I do not send promotional materials or offers I will send you other types of important e-mail communications without offering you the opportunity to opt out of receiving them. These may include appointment confirmations, invoices or administrative notices. 

      Minors

      I understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall I allow use of my services by minors. I do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that their child has provided me with Personal Information without their consent, they should contact me at kirsty@journeyofyou.uk.

      Changes to this Privacy Policy

      I may edit this policy from time to time. If I make any substantial changes, I will notify you by posting a prominent announcement on my website and informing you at your next session. 

      How to contact us

      If you have any general questions about the Site or the information we collect about you and how we use it, you can contact us at kirsty@journeyofyou.uk.

      Last Modified 06.02.25
      Share by: