Privacy Notice
Connection Psychotherapy Ltd.

Last updated: September 2025

1. Who We Are
Connection Psychotherapy Ltd provides trauma-focused CBT and psychotherapy services.
Data Controller: Connection Psychotherapy Ltd
Data Protection Officer: Gem Thomson
Email: gemmealeyuk@yahoo.co.uk
Phone: 07503 781029

2. Information We Collect
We may collect and store the following information:
- Contact details (name, address, phone number, email).
- Date of birth and family details.
- Health information, including physical and mental health, medications, lifestyle and social
circumstances, and therapy notes.

- Limited details of other people (e.g. children, partners) where necessary for safeguarding
or therapy context.

3. Why We Collect Your Data
We use this information to:
- Provide psychological assessment, treatment, and therapy.
- Arrange and manage appointments.
- Ensure safety and safeguarding where needed.
- Maintain records required by professional and legal obligations.

4. Lawful Bases for Processing
We rely on the following lawful bases under UK GDPR:
- Contract: To provide assessment, therapy, and manage your appointments.
- Legal obligation: To meet safeguarding, tax, and professional record-keeping
requirements.
- Legitimate interests: To run and manage the business effectively in ways that do not
override your rights.
- Vital interests: In rare cases where we need to act to protect life or prevent serious harm.

5. Sharing Your Data
We will not share your information with others unless:
- You have given consent;
- It is necessary for your treatment;
- We are legally required (e.g. safeguarding concerns, court order); or
- It is required to protect your vital interests.

We use trusted data processors who store information securely on our behalf, including:
- WriteUpp (practice management system).
- Email and cloud providers (e.g. Gmail, iCloud).
These processors act under our instruction and comply with data protection law.

6. Data Retention
- Records are kept for six years after treatment ends, or three years after a client turns 18
(whichever is longer).
- After this time, records are securely deleted.

7. Security
We use appropriate technical and organisational measures to keep your data safe, including
encrypted storage through WriteUpp (ISO27001 certified).

8. Your Rights
Under data protection law, you have the right to:
- Be informed about how your data is used.
- Request a copy of the data we hold (access).
- Ask us to correct inaccurate data (rectification).
- Request deletion of your data (erasure).
- Restrict or object to certain processing.
- Request transfer of your data (portability).
To exercise these rights, contact the Data Protection Officer (see above).

9. Data Breaches
If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and
the Information Commissioner’s Office (ICO) promptly.

10. Remote Sessions
If you attend therapy by phone, Zoom, Skype, or another platform, you accept the privacy
policy of the provider you choose.

11. Contact Us
If you have questions or concerns about how your information is handled, please contact:
Data Protection Officer: Gem Thomson
Email: gemmealeyuk@yahoo.co.uk
Phone: 07503 781029

You also have the right to raise concerns with the UK Information Commissioner’s Office
(ICO) at www.ico.org.uk.

​

​