Privacy policy.

Privacy Policy

Last updated: 01/12/2025

1. Introduction

I, Sophie Longden Therapy, am committed to protecting your privacy and ensuring that your personal information is handled safely, respectfully, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data I collect through this website, how I use it, how it is stored, and your rights.
By using this website, you agree to the terms of this policy.

2. Data Controller

Data Controller: Sophie Longden Therapy
Email: hello@sophielongdentherapy.co.uk
Phone: 07776 943447
ICO Registration Number: 00011715313

3. The Personal Data I Collect

3.1 Data You Provide Through the Website

You may provide the following information when contacting me, booking an appointment, or signing up for updates:

  • Name

  • Email address

  • Phone number (if provided)

  • Message content via contact forms

  • Booking information through the scheduling platform

  • Email address for newsletter sign-ups

3.2 Data Collected Automatically

This website may collect:

  • IP address

  • Browser type and version

  • Device type

  • Pages visited and time spent

  • Cookie data

  • Analytics data (e.g., Google Analytics)

3.3 Therapy, Clinical and Safeguarding Information (Clients Only)

If you become a therapy client, I may collect additional sensitive and safeguarding-related information, including:

  • Information about your mental health, wellbeing, and presenting issues

  • Background and personal history

  • Session notes and assessments

  • Relevant health information

  • Your GP's name and contact details

  • Next-of-kin or emergency contact details

  • Any safety-related information necessary to fulfil professional safeguarding obligations

This information is collected solely for the purpose of providing safe, ethical, and effective therapy.

4. How I Use Your Personal Data

4.1 Website-Related Purposes

  • Responding to enquiries

  • Managing booking requests

  • Sending newsletters (with your explicit consent)

  • Monitoring website performance and security

  • Analysing website traffic (analytics)

4.2 Therapy and Clinical Purposes

  • Providing psychological therapy sessions

  • Keeping accurate clinical records

  • Managing appointments, communications, and payments

  • Maintaining appropriate safeguarding information (GP and emergency contact)

  • Ensuring your safety and wellbeing

  • Meeting legal, regulatory, and professional obligations

  • Ensuring the quality and continuity of care

I do not use your information for any automated decision-making or profiling, and I do not sell or share personal data for marketing.

5. Lawful Bases for Processing

Under UK GDPR, I rely on the following legal bases:

For general personal data (e.g., contact form, bookings):

  • Contract – to provide or arrange therapy

  • Legitimate interests – to operate my business and website safely and effectively

  • Consent – for newsletters and non-essential cookies

For special category data (health and safeguarding information):

  • Explicit consent – to provide therapy

  • Provision of health care – processing necessary for psychological treatment (Article 9(2)(h))

  • Vital interests – where required to protect your life or another person’s (Article 6(1)(d) & Article 9(2)(c))

For legal obligations:

  • Professional record-keeping

  • Tax and accounting purposes

  • Safeguarding and lawful disclosures

6. How Your Data is Stored and Protected

I store your information securely using:

  • Password-protected and encrypted devices

  • GDPR-compliant clinical record systems

  • Secure email platforms

  • Restricted access (only I can view your clinical notes)

I take reasonable steps to prevent the loss, misuse, or unauthorised access of your personal data.

7. Data Retention

I keep your information only for as long as necessary:

  • Therapy records (including GP and emergency contact information): 7 years after therapy ends

  • General enquiries: 6–12 months

  • Newsletter email addresses: Until you unsubscribe

  • Financial records: 7 years (legal requirement)

  • Analytics data: As set within Google Analytics retention settings

If you request deletion of your data, I will comply where clinically and legally appropriate.

8. Sharing Your Data

I only share your data when absolutely necessary and with strict confidentiality.

8.1 Third-party processors

I may share data with trusted service providers such as:

  • Website hosting provider

  • Email service provider

  • Secure video-therapy platform

  • Booking and practice management system

  • Payment processing services

  • Analytics services (e.g., Google Analytics)

These providers are required to comply with UK GDPR.

8.2 Professional confidentiality & safeguarding

I uphold strict confidentiality as a mental health professional.
However, I may need to share information if:

  • There is a serious concern about your safety or the safety of others

  • You disclose information about certain serious crimes

  • I am required to do so by law (e.g., court order)

  • I need to contact your GP or emergency contact for safeguarding reasons

Where possible, I will always discuss this with you first.

9. International Data Transfers

Some third-party services may transfer data outside the UK (e.g., to the US).
Where this occurs, I ensure:

  • Standard Contractual Clauses (SCCs)

  • UK Addendum safeguards

  • GDPR-compliant data handling

10. Cookies and Analytics

This website may use cookies to:

  • Ensure the site functions properly

  • Improve performance and user experience

  • Analyse website traffic

  • Monitor security and errors

If Google Analytics is used, it may collect:

  • Anonymised IP address

  • Device and browser information

  • Viewing patterns and interactions

You can manage your cookie preferences or disable cookies through your browser settings.

11. Your Rights Under UK GDPR

You have the right to:

  • Be informed about how your data is used

  • Access your personal data

  • Request correction of inaccurate information

  • Request deletion (subject to clinical and legal limits)

  • Restrict processing

  • Object to processing

  • Withdraw consent at any time

  • Request data portability

  • Lodge a complaint with the ICO

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk

12. Children’s Privacy

My services and this website are intended for adults aged 18 and over.
I do not knowingly collect data relating to children.

13. Automated Decision-Making

I do not use automated decision-making or profiling systems.

14. Changes to This Privacy Policy

I may update this policy from time to time.
The updated version will be posted on this page with a revised date.

15. Contact Me

If you have any questions or wish to exercise your data rights, please contact:

Name: Sophie Longden at Sophie Longden Therapy
Email: hello@sophielongdentherapy.co.uk
Phone: 07776 943447