1. Introduction
This Privacy Policy explains how The Grounded Path (“we”, “us”, or “our”) collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are committed to safeguarding your privacy, especially given the sensitive nature of therapeutic services.
2. Data Controller
The Grounded Path [Business Address]
3. Personal Data We Collect
We may collect and process the following categories of personal data:
a) Identity Data
- Full name
- Date of birth
b) Contact Data
- Email address
- Phone number
- Postal address
c) Special Category Data (Health Data)
- Medical history
- Mental health information
- Session notes
- Treatment plans
d) Technical Data
- IP address
- Browser type
- Website usage data (if applicable)
4. Lawful Basis for Processing
We process your personal data under the following lawful bases:
- Consent – for collecting and processing sensitive health data
- Contract – to provide therapeutic services
- Legal obligation – to comply with applicable laws
- Legitimate interests – for administrative purposes
5. How We Use Your Data
We use your personal data to:
- Provide therapy services
- Maintain client records
- Communicate with you
- Manage appointments and billing
- Ensure continuity of care
- Comply with legal and professional obligations
6. Confidentiality
All information shared during therapy sessions is treated as confidential, except where disclosure is required by law or where there is a risk of serious harm to you or others.
7. Data Sharing
We may share your data with:
- Supervisors (for professional supervision, anonymised where possible)
- Healthcare professionals (with your consent)
- Legal or regulatory authorities (where required)
We do not sell your personal data.
8. Data Retention
We retain your data in line with professional guidelines:
- Adult records: typically 7 years after last contact
- Children’s records: until age 25 or 7 years after last contact (whichever is longer)
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Secure storage systems
- Encryption where appropriate
- Restricted access to records
10. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
To exercise your rights, please contact us using the details above.
11. Complaints
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Website: https://www.ico.org.uk
12. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available upon request or on our website.
13. Contact Us
If you have any questions about this Privacy Policy or how your data is handled, please contact:
[Your Name / Practice] [Email Address] [Phone Number]