top of page

Privacy Policy

Introduction

 

Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me.

I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This privacy notice explains what I will do with your personal information from the initial point of contact through to after therapy has ended, including:

  • Why I am able to process your information and the purposes for doing so

  • Whether you are required to provide it

  • How long it is stored for

  • Whether it is shared with others

  • Whether it is transferred outside the UK

  • Whether automated decision-making or profiling is used

  • Your data protection rights

I am happy to discuss any questions you may have about this privacy notice. You can contact me via email at heidilarner@soulradiance.co.uk or by phone on 07957 784 940.

I am the data controller for the information I hold about you. I am registered with the Information Commissioner’s Office (ICO), registration number C1094459, reference number ZB29952.

My lawful basis for holding and using your personal information

The UK GDPR requires me to have a lawful basis for processing your personal data. These depend on the stage of our contact:

If you are currently in therapy or contacting me about therapy, I process your personal data as it is necessary for the performance of a contract for services.

Once therapy has ended, I process your personal data based on legitimate interests to respond to queries, manage records appropriately, and defend against potential legal claims.

Special category data (such as health information) is processed for the provision of health or social care treatment. Where necessary, it may also be processed for the establishment, exercise or defence of legal claims. I also handle this information in line with my professional obligations as a therapist.

How I use your information

Initial contact

When you contact me about my services, I collect information to respond to your enquiry. This may include information you provide by email, telephone, or via my website contact form.

In some cases, your GP, another health professional, or a third party may share your details with me if making a referral or enquiry on your behalf.

If you decide not to proceed, I will securely delete your personal data within 3 months of our last contact. If you would like me to delete this information sooner, please let me know.

While you are accessing therapy

Everything you discuss with me is confidential. Confidentiality will only be broken if I believe there is a serious risk of harm to you or to another person, where there are safeguarding concerns involving a child or vulnerable adult, where I am required to do so by law or a court order, or where disclosure is otherwise required or permitted by law.

Where possible, I will discuss any proposed disclosure with you first, unless doing so would increase risk or I am legally prevented from doing so.

I keep basic personal details and session notes to support therapy. These are stored securely on encrypted, password-protected electronic devices.

For security reasons, I do not retain text messages for more than 3 months. If they contain clinically relevant information, I will transfer that information into your confidential client record and then delete the message.

Email correspondence is retained for up to 6 months if relevant. If clinically relevant, key information will be transferred into your client record.

After therapy has ended

Your records will be kept securely for 7 years from the date of our final contact, after which they will be securely destroyed.

If you request deletion of your records before this time, I will consider your request in line with my legal, ethical, and professional obligations.

Third party recipients of personal data

I may use third-party service providers to support my practice, such as secure email services, website hosting, or digital storage providers.

All third parties are carefully selected and bound by contractual obligations to process your data only in accordance with UK data protection law and for specified purposes.

Your rights

You have rights under data protection law, including the right to:

  • Request access to the personal data I hold about you

  • Request correction of inaccurate information

  • Request deletion of your data (in certain circumstances)

  • Restrict or object to processing

  • Receive a copy of your data

You can find more information about your rights on the ICO website: https://ico.org.uk/for-the-public/

If I hold information about you, I will:

  • Tell you what data I hold

  • Explain why I am holding it and for how long

  • Tell you who it may be shared with

  • Provide a copy in an understandable format

To make a request, please email: heidilarner@soulradiance.co.uk

Complaints

If you have concerns about how I handle your data, please contact me first so I can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

Data security

I take the security of your data very seriously. I use encrypted, password-protected devices, including my laptop, to store electronic records. I also use secure, password-protected systems where appropriate.

I take appropriate technical and organisational measures to protect your personal data from loss, misuse, or unauthorised access.

Website visitors

When someone visits my website, I use Wix to collect standard internet log information and details of visitor behaviour patterns. This helps me understand how visitors use the site, such as which pages are viewed and how the site is accessed.

This information does not directly identify individual visitors but may include technical data such as IP address and device information.

My lawful basis for this processing is legitimate interests, to monitor and improve my website and services. My website is hosted and managed by Wix. You can read their privacy policy here: https://www.wix.com/about/privacy.

Like most websites, cookies are used to ensure the website functions correctly and to support basic analytics.

When you submit a contact form, your information is temporarily stored by Wix before being securely transmitted to me so I can respond.

Cookies

My website uses cookies to ensure it functions correctly and to support basic analytics.

Cookies are small text files placed on your device when you visit a website. They help the website operate efficiently and provide information about how the site is used.

The cookies used on my website are either:

  • Strictly necessary for the website to function, or

  • Used in an aggregated, non-identifying way to help me understand how the website is used and improve my services

 

You can control or delete cookies through your browser settings at any time. Please note that disabling some cookies may affect how the website functions.

For more information about how cookies are used on my website, you can contact me using the details provided in this privacy notice.

Online Therapy (Zoom)

When I provide online therapy sessions, I use a secure video conferencing platform provided by Zoom.

Zoom processes certain personal data to provide its service, such as your name, device information, and connection data. During therapy sessions, video, audio, and chat content may also be processed by Zoom to deliver the service.

I take appropriate steps to ensure that online sessions are conducted securely. However, please be aware that no method of internet transmission is completely secure, and there may be some inherent risks in using digital communication.

My lawful basis for using Zoom is the performance of a contract for therapy services. Where special category data is processed during online sessions, this is done for the provision of health-related treatment under UK GDPR.

I recommend that you take steps to ensure your own privacy during online sessions, such as using a private space and a secure internet connection.

Zoom has its own privacy policy, which explains how it processes personal data: https://zoom.us/privacy

 

Risks of Online Therapy

While online therapy can be an effective and convenient way to access support, there are some additional risks compared to in-person sessions. These may include potential disruptions to the session due to internet or technology issues, reduced ability to fully observe non-verbal communication, and the possibility that confidentiality may be affected if you are not in a private or secure environment.

There is also a small risk that digital communications could be accessed by unauthorised third parties, although I take steps to use secure, encrypted systems to reduce this risk. I will always aim to manage any disruption as safely and appropriately as possible, and I encourage you to let me know if you experience any difficulties during online sessions.

bottom of page