Privacy Policy
Privacy Policy
Last updated: May 22, 2025
This policy explains how I collect, use, and protect your personal data when you use my services. I’m committed to transparency, confidentiality, and protecting your privacy under the UK GDPR and the Data Protection Act 2018 .
⸻
1. Who I Am
Data Controller:
I am Louise Banham, Clinical Psychologist, based in Surrey.
You can contact me with any privacy questions via email at louisebanham@sky.com or via my website.
⸻
2. Information I Collect
Personal Data:
• Name, email address, phone number, postal address
• Referral details (e.g., from GP or insurer)
• Billing and payment information
Sensitive Data (Special Category):
• Psychological and medical history
• Session notes, assessments, and mental health information
• Areas of focus in therapy (e.g., anxiety, trauma)
Usage Data:
• Website analytics (IP address, browser type, pages visited)
• Cookie preferences
⸻
3. How I Use Your Data
I use your data to:
• Provide and maintain psychological services
• Manage appointments, records, and billing
• Communicate securely with you
• Produce reports for insurers or referrers (only with your consent)
• Improve my services through anonymised trends
Lawful Basis:
• Contract – to deliver therapy and consultations
• Legitimate Interest – to manage business operations (e.g. administration, improving services)
• Consent – for marketing or optional reporting, where applicable
⸻
4. Cookies & Tracking Technologies
I use cookies to:
• Enable essential site functionality (e.g. form submission)
• Remember if you’ve accepted cookies and your preferences (e.g. language)
You can control cookie settings in your browser. Note that disabling cookies may limit site functionality .
⸻
5. Who I Share Your Data With
I only share data when necessary and always with confidentiality:
• Third-party providers: Secure platforms for appointments, billing, or analytics
• Insurers/referrers: With your consent (e.g. Bupa, AXA, Aviva, Vitality)
• Legal or healthcare responsibilities: Where required by law (e.g. safeguarding concerns)
• Business transactions: If I merge or transfer my practice—it will always include privacy safeguards
⸻
6. Data Retention
I keep your personal and clinical data only as long as needed for therapy and legal compliance. Usage data and site analytics are kept briefly (unless needed longer for security or analytics reasons) .
⸻
7. International Transfers
Your data is processed and stored in the UK. If it is ever transferred outside of the UK, appropriate safeguards are in place to ensure GDPR-level protection .
⸻
8. Your Rights
Under the UK GDPR, you have the right to:
• Access your personal data
• Correct or update it
• Request deletion (when no longer required)
• Restrict or object to processing
• Request data portability
• Withdraw consent (e.g. for marketing or reporting)
To exercise any rights, just contact me. I aim to respond within one month, as required by law .
⸻
9. Security & Breach Notification
I take reasonable technical and organisational steps to keep your data secure. In the unlikely event of a data breach posing risk to your rights, I will notify the ICO within 72 hours and inform affected individuals promptly .
⸻
10. Children’s Data
My services are intended for individuals aged 13 and over. I do not knowingly collect data from children under 13. If I become aware of such data, it will be deleted immediately .
⸻
11. Links to Other Websites
My website may include links to external sites. I’m not responsible for their privacy practices. Please review their privacy policies separately.
⸻
12. Updates to This Policy
I may update this policy as laws and practice evolve (e.g., upcoming Data (Use and Access) legislation). Any material changes will be posted here with an updated date (and emailed if significant) .
Please review this policy periodically. Continued use of services implies acceptance of any updates.
⸻
If you have questions or want to exercise your rights under data protection law, please email me at louisebanham@sky.com.