top of page

Privacy Policy

1. Introduction

Steph Willows Therapy is committed to protecting the privacy and security of your personal information. This policy describes how I collect and use personal data about you during and after our therapeutic relationship, in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller

Steph Willows is the "Data Controller" for your personal information. I am registered with the Information Commissioner’s Office (ICO).

3. The Type of Data I Collect

I may collect, store, and use the following categories of personal information:

  • Personal Contact Details: Name, address, telephone numbers, and email address.

  • Emergency Contact: Name and number of a person you trust.

  • Special Category Data: Notes from our sessions, which may include information about your health, neurodivergence, disability, and sexual orientation.

  • GP Details: Name and address of your registered GP surgery.

4. How Your Data is Collected

I collect personal information directly from you via my website contact form, during our initial consultation, and through ongoing clinical notes during our sessions.

5. How I Use Your Data

I will only use your personal information when the law allows me to. Most commonly, I use it to:

  • Provide therapeutic services to you.

  • Comply with professional and legal obligations (e.g., safeguarding).

  • Manage our appointments and billing.

6. Data Security and Storage

Your data is stored securely to prevent unauthorized access:

  • Digital Records: I use encrypted, password-protected platforms (such as Zoho Mail and secure cloud storage) for communication and digital records.

  • Paper Records: Any handwritten clinical notes are anonymized (using a code rather than your name) and kept in a locked filing cabinet.

7. Data Retention

I will only retain your personal information for as long as necessary to fulfill the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In accordance with professional insurance guidelines, clinical records are typically kept for 7 years after the end of therapy.

8. Your Rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (a "Data Subject Access Request").

  • Request correction of the personal information that I hold about you.

  • Request erasure of your personal information (subject to legal/insurance limitations).

9. Contact

If you have any questions about this privacy notice or how I handle your personal information, please contact me at hello@stephwillowstherapy.co.uk.

bottom of page