Privacy Policy - Still Mind Therapies

This Privacy Policy explains how I, as the sole practitioner of Still Mind Therapies ("I", "me", "my"), collect, use, and protect your personal information in accordance with UK GDPR and the Data Protection Act 2018.

1. Who I Am

Data Controller: Still Mind Therapies
Contact: Nicola Cranie
Email: Nicola@stillmindtherapies.com
Phone: 07418 613893
Website: www.stillmindtherapies.com

2. What Personal Information I Collect

2.1 Client Information

  • Contact details: Name, address, phone number, email address

  • Health information: Mental health history, current symptoms, medication details

  • Session notes: Therapeutic observations, treatment plans, progress notes

  • Emergency contact: Details of someone to contact in case of emergency

  • Payment information: Bank details for refunds (payment processing handled by third parties)

2.2 Website Information

  • Contact forms: Any information you provide when contacting me

  • Cookies: Basic website functionality and analytics (if applicable)

  • Email communications: Records of our correspondence

3. Why I Collect This Information (Legal Basis)

I process your personal data under the following legal bases:

  • Consent: You have given clear consent for me to process your health data for therapy

  • Legitimate interests: To provide effective therapeutic services and maintain professional records

  • Legal obligation: To comply with professional body requirements and health regulations

  • Vital interests: In emergency situations to protect your health and safety

4. How I Use Your Information

I use your personal information to:

  • Provide therapeutic services and treatment

  • Maintain accurate case notes and treatment records

  • Communicate with you about appointments and therapy

  • Process payments and refunds

  • Comply with professional and legal obligations

  • Seek clinical supervision (with anonymised information)

  • Contact emergency services if there's immediate risk of harm

5. Who I Share Your Information With

I maintain strict confidentiality, but may share your information in limited circumstances:

5.1 With Your Consent

  • Healthcare professionals involved in your care (with written consent)

  • Insurance providers (if you're claiming therapy costs)

5.2 Without Your Consent (Legal Requirements)

  • Clinical supervisor: For professional supervision (anonymised where possible)

  • Emergency services: If there's immediate risk of serious harm

  • Legal authorities: When required by court order or safeguarding obligations

  • Professional bodies: If there's a complaint or professional investigation

5.3 Service Providers

  • Payment processors: For handling online payments (they have their own privacy policies)

  • IT support: Secure cloud storage providers (with appropriate data processing agreements)

6. How I Protect Your Information

6.1 Security Measures

  • Encrypted storage of digital records

  • Secure, password-protected systems

  • Limited access to information (only me as sole practitioner)

  • Regular backup of data with encryption

  • Secure disposal of physical documents

6.2 Data Minimisation

  • I only collect information necessary for therapy

  • Records are kept accurate and up-to-date

  • Irrelevant information is not retained

7. How Long I Keep Your Information

7.1 Active Therapy Records

  • Retained throughout our therapeutic relationship

  • Plus 7 years after therapy ends (professional requirement)

7.2 Specific Timeframes

  • Adult therapy records: 7 years after last contact

  • Child/adolescent records: Until age 25, or 7 years after therapy ends (whichever is longer)

  • Financial records: 6 years for tax purposes

  • Website inquiries: 2 years unless therapy commences

7.3 Secure Disposal

All records are securely destroyed after retention periods expire.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

  • Request copies of your personal information

  • Ask what information I hold about you

8.2 Right to Rectification

  • Request correction of inaccurate information

  • Ask for incomplete records to be completed

8.3 Right to Erasure

  • Request deletion of your data (subject to professional obligations)

  • Limited by legal requirements to retain therapy records

8.4 Right to Restrict Processing

  • Ask me to limit how I use your information

  • Object to processing for specific purposes

8.5 Right to Data Portability

  • Request your data in a portable format

  • Transfer information to another therapist

8.6 Right to Object

  • Object to processing based on legitimate interests

  • Opt out of direct marketing communications

9. Exercising Your Rights

To exercise any of these rights, please contact me using the details above. I will:

  • Respond within one month

  • Verify your identity before providing information

  • Explain any limitations due to professional obligations

  • Provide information free of charge (unless requests are excessive)

10. Cookies and Website Data

10.1 Website Cookies

My website may use cookies for:

  • Basic functionality and navigation

  • Analytics to improve the website (anonymised data)

  • Contact form functionality

10.2 Your Cookie Choices

  • You can disable cookies in your browser settings

  • Some website features may not work without cookies

  • No cookies are used for advertising or tracking

11. Third-Party Services

11.1 Payment Processing

Payment services have their own privacy policies:

  • I don't store your payment card details

  • Payment processors comply with PCI DSS standards

11.2 Email and Communications

  • Professional email services with encryption

  • Video call platforms (if offering online therapy) with end-to-end encryption

12. Children's Data

If providing therapy to under-18s:

  • Parental consent required for under 16s

  • Extended record retention periods apply

  • Additional safeguarding considerations

13. Data Breaches

In the unlikely event of a data breach:

  • I will assess the risk to your privacy

  • Report to the ICO within 72 hours if high risk

  • Notify affected clients if there's likely harm

  • Take immediate steps to secure data

14. International Transfers

Your data is processed and stored within the UK. If international transfer becomes necessary:

  • Only to countries with adequate protection

  • With appropriate safeguards in place

  • You will be informed of any transfers

15. Changes to This Policy

I may update this policy to reflect:

  • Changes in the law

  • Changes to my practice

  • New technologies or services

Updated policies will be posted on my website with the revision date.

16. Complaints

If you're unhappy with how I handle your personal data:

  1. Contact me first to resolve the issue

  2. Professional body: Complain to my professional registration body

  3. ICO: Contact the Information Commissioner's Office

    • Website: ico.org.uk

    • Phone: 0303 123 1113

17. Contact for Data Protection Queries

For any questions about this privacy policy or your personal data:

Email: Nicola@stillmindtherapies.com
Phone: 07418 613893

This privacy policy was last reviewed on 12/08/25. I am committed to protecting your privacy and will update this policy as needed to ensure continued compliance with data protection laws.