This Privacy Notice explains what personal information we collect, why we collect it, how we use it, how long we keep it, who we share it with, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

If anything here isn’t clear, contact us at admin@traumaclinic.uk.

---

1) Who we are and how to contact us

• Data Controller: Trauma Clinic Group Ltd.
• Contact for data matters: admin@traumaclinic.uk, at the registered office above.

---

2) What information we collect

We collect and process information so we can provide psychotherapy and counselling safely and effectively.

a) When you first contact us

• Your name and contact details.
• A brief summary of what you’re seeking support with and your availability.
• If referred by someone else (for example a GP or other professional), we may receive your details from them.

If you decide not to proceed, enquiry information is deleted within 60 days (or sooner if you ask).

b) While you are in therapy with us

• Administrative details: contact information, appointment history, invoices and receipts.
• Clinical information: brief session notes, relevant background, risk and safety information, goals and progress.
• Emergency details: GP contact and an emergency contact, used only where necessary to protect life.

We keep what is necessary for clinical care and service administration. Everything shared in therapy is confidential except in the specific circumstances set out under Confidentiality and safeguarding.

c) Website visitors

Our website is a simple information site and we do not use cookies, analytics or tracking tools. The service that runs our website may keep basic technical logs to keep it secure and working; we do not use these to identify you.

d) Job applicants and suppliers

If you apply to work with us or supply services, we process the information you provide for recruitment or contract management and keep it only as long as needed. Unsuccessful applicant data is kept for 6 months.

---

3) Our lawful bases for using your information

• Contract (Article 6(1)(b)) – to take steps at your request before entering into a therapeutic agreement and to deliver therapy once agreed.
• Legitimate Interests (Article 6(1)(f)) – to run and protect our service in a proportionate way that respects your rights (for example appointment management and clinical governance).
• Legal Obligation (Article 6(1)(c)) – to comply with the law (for example tax and accounting).
• Consent (Article 6(1)(a)) – only for optional communications, which you can withdraw at any time.

Because therapy involves special category data (health information), we also rely on Article 9(2)(h) (provision of health/therapeutic care) and Article 9(2)(f) where needed for the establishment, exercise or defence of legal claims.

---

4) How we use your information

• To respond to enquiries and arrange appointments.
• To provide safe, effective psychotherapy and counselling.
• To manage bookings, invoicing and payments.
• To maintain clinical records and ensure quality and continuity of care.
• To meet legal and regulatory requirements.

Providing information is voluntary, but without essential information we may be unable to offer our service safely or at all. We do not use automated decision-making or profiling in relation to clients.

---

5) Confidentiality and safeguarding

Everything you share is confidential. We would only share information without your consent if necessary to prevent serious harm or where the law requires it—for example risks to life, risks involving children or vulnerable people, terrorism, money laundering, human or drug trafficking, or a court order.

If possible, we will discuss this with you first.

---

6) Third-party recipients (processors and partners)

We use carefully selected service providers to help run our clinic. They act under contract and only process your data for the specified purpose. These categories include:

• Email and office tools
• Video platform for online sessions
• Secure cloud storage and backup
• Accounting and invoicing
• Website hosting and technical support

We don’t publish a full list of suppliers on our website, but a current list is available on request.

International transfers: We keep client records in the UK/EEA. Some technical processing by service providers (such as email routing or website hosting) can involve processing outside the UK/EEA. Where this happens, we use approved safeguards to protect your information.

We may also share limited information with: professional advisers and insurers; other health professionals with your consent or where vital interests require it; and regulators or public authorities when the law requires.

---

7) How we store information and for how long

Security

We apply appropriate technical and organisational measures, including encrypted devices, multi-factor authentication on accounts, role-based access, secure encrypted cloud storage, locked storage for any paper records, device auto-lock, and regular encrypted backups.

Retention

• Adult client records: kept for 7 years after the end of our work, then securely destroyed unless we need to keep them longer to defend legal claims.
• Under-18 client records: kept until the young person turns 25.
• Emails and messages not needed for the clinical record: deleted within 180 days. Where clinically relevant, key information is copied into the clinical record and the original message is then deleted.
• Enquiry records where therapy does not proceed: deleted within 60 days.
• Financial records (invoices and receipts): kept for 6 years plus the current tax year to meet legal requirements.

We securely delete or shred data when it is no longer needed.

---

8) Your rights

You have the rights to access, rectify, erase, restrict or object to certain processing, the right to data portability (where applicable), and the right to withdraw consent where processing is based on consent.

To exercise any of these rights, contact admin@traumaclinic.uk. Further information is available from the Information Commissioner’s Office (ICO).

---

9) Cookies

We do not use cookies or similar tracking technologies on our website.

---

10) Children and young people

Where a client is under 18, we will normally seek the involvement and consent of a parent or legal guardian in line with the young person’s capacity and best interests. We handle young people’s information with extra care and explain confidentiality in an age-appropriate way.

---

11) Session recordings

We do not record therapy sessions. If recording were ever proposed for a specific purpose, it would only occur with your explicit written consent.

---

12) How we communicate

We may communicate with you by email, phone, SMS or WhatsApp for scheduling and practical matters. Where a message contains clinically relevant information, key details are added to the clinical record and the original message is deleted in line with the retention period above.

---

13) Complaints

Please raise any concerns directly with us at admin@traumaclinic.uk—we’ll do our best to resolve them. You can also complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection (see “Make a complaint” on the ICO website).

---

14) Changes to this notice

We may update this notice from time to time to reflect changes in law or our practice. The latest version will always be on our website.

Last updated: 22 August 2025