Privacy Policy

Last updated: 16th October 2025

1. Introduction

I respect your privacy and am committed to protecting your personal data. This Privacy Policy explains how I, as a sole trader therapist, collect, use, and protect your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I am the Data Controller of the personal information you provide to me.

2. Information I Collect

I may collect and process the following types of personal data:

  • Identity and contact details: Name, address, phone number, email.

  • Special category data (health information): Mental health and medical history, therapy notes, assessments, and treatment plans.

  • Financial information: Payment records and invoices.

  • Technical data: IP address, browser type, and other online identifiers when using online services.

3. How I Collect Data

Your data may be collected:

  • Directly from you via forms, email, phone, video calls, or in person.

  • Through Carepatron, a secure practice management platform I use for record-keeping, scheduling, and billing.

  • Through AI Heidi, an AI-based tool I may use in limited, controlled ways to support my practice. Personal data shared with AI Heidi will be minimised, anonymised, or pseudonymised wherever possible.

4. Lawful Basis for Processing

Under UK GDPR, I rely on:

  • Contract: To deliver therapy services you have requested.

  • Legal obligation: To comply with tax, professional, and record-keeping requirements.

  • Consent: Where explicit consent is required (e.g., use of anonymised data with AI tools, communication preferences).

  • Legitimate interests: To run and improve my business in a way that does not override your rights.

  • Provision of healthcare: For processing special category data (Article 9(2)(h) UK GDPR).

5. How I Use Your Data

Your data is used to:

  • Provide safe and effective therapy services.

  • Maintain accurate clinical records.

  • Manage appointments, payments, and communications.

  • Fulfil legal and professional obligations.

  • Improve my services, including responsible use of AI support tools.

6. Sharing Your Data

Your information will only be shared when necessary and lawful:

  • Service providers:

    • Carepatron: May use subprocessors (e.g., cloud hosts, payment processors) based in the UK, EEA, or other countries (e.g., US, Singapore). Carepatron ensures GDPR-compliant safeguards, including Standard Contractual Clauses.

    • AI Heidi: Used in a restricted, anonymised way to support, not replace, therapeutic decision-making. Personal identifiers are minimised and never shared for AI model training.

  • Legal or safeguarding reasons: If there is a risk of harm to yourself or others, or as required by law.

  • Other professionals: With your explicit consent (e.g., GP, psychiatrist, or other healthcare provider).

I do not sell or share your personal data for marketing purposes.

7. International Transfers

Some data processed via Carepatron may be transferred outside the UK or EEA. Safeguards include:

  • Standard Contractual Clauses.

  • Contractual obligations for subprocessors.

  • Technical and organisational security measures.

Data continues to be protected to UK GDPR standards.

8. Data Storage and Security

  • Carepatron securely stores client notes, scheduling, and billing information.

  • Any physical records are locked and accessible only to me.

  • AI Heidi is used responsibly, minimising personal identifiers, and data is never used to train AI models.

  • I use encryption, secure passwords, and industry-standard safeguards to protect your information.

9. Data Retention

Records are retained for 7 years after our work together ends (or until a child turns 25, whichever is longer) in line with professional guidelines. Records are then securely destroyed.

10. Your Rights

Under UK GDPR, you have the right to:

  • Access – request a copy of the personal data I hold about you.

  • Rectification – request correction of inaccurate or incomplete data.

  • Erasure – request deletion of your data (subject to legal requirements).

  • Restriction – request limitation of how your data is processed.

  • Portability – request your data in a commonly used electronic format.

  • Objection – object to processing based on legitimate interests.

  • Withdraw consent – where consent is the lawful basis.

To exercise your rights, please contact me (see section 13).

11. Online Services and AI Use

  • Online therapy sessions are delivered using secure, encrypted video platforms.

  • AI Heidi is used as a support tool only and does not replace professional judgment.

  • Data processed by AI Heidi is minimised, anonymised, or pseudonymised wherever possible.

  • Third-party providers comply with UK GDPR standards.

12. Cookies

1. What are cookies?
Cookies are small files stored on your device that help the website function, remember preferences, and understand usage.

2. Cookies used:

  • Necessary cookies: Required for website functionality.

  • Analytical cookies: Track usage and improve services; optional.

  • Third-party cookies: From external providers (e.g., Google Analytics); optional.

3. Managing cookies:
You can control cookies via your browser or the cookie banner. Non-essential cookies can be accepted or rejected.

4. Consent:
By using the website, you consent to necessary cookies. Non-essential cookies can be managed via the banner.

Squarespace hosts this website:

  • Squarespace, Inc. (US residents)

  • Squarespace Ireland Limited (outside the US)

Changes in your residence determine the Squarespace entity controlling your data.

Complaints:

  • EU: Irish Data Protection Commissioner – info@dataprotection.ie, +353 1 7650100

  • UK: Information Commissioner’s Office – +44 303 123 1113, ICO Website

14. Complaints

If you are unhappy with how your data is handled, please contact me first. You may also lodge a complaint with the UK ICO.

15. Contact Details

Claire Manchester,
Worthing Natural Balance and Wellbeing, 70 Salvington Road, Worthing, BN13 2HN
psychotherapywithclaire@gmail.com