Privacy Policy

The Online Therapy Clinic UK LTD

Last Updated: June 2026

 

1. Introduction

This website is provided by The Online Therapy Clinic UK LTD (“we”, “our”, “us”). The security of your personal information is important to us. This Privacy Policy is designed to help you feel more confident about the privacy and security of your information when using our website or accessing any of our services now or in the future (including mobile applications) (“Service”).

By using our Service, you agree to the collection and use of your personal information by us and the therapists we work with in accordance with this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not provide us with any information and do not use the Service.

This Privacy Policy sets out the basis on which we process any personal information we collect from you, or that you provide to us through the Service.

If you have any questions or suggestions regarding our Privacy Policy, please contact us at: [email protected]

 

2. Who We Are (Data Controller Information)

The Online Therapy Clinic UK LTD is the Data Controller for all personal data processed through this website and for all clinical information created or received during therapy.

  • ICO Registration: Required under UK law (Tier 1)

  • Data Protection Lead: [email protected]

  • DPO Status: We are not legally required to appoint a Data Protection Officer under UK GDPR or EU GDPR. Instead, we have designated a Data Protection Lead to oversee compliance.

We work with therapists who act as independent professionals. For clinical information they generate, they may also act as joint or independent controllers.

 

3. Age Requirements

We do not knowingly collect personal information from individuals under 18 years of age without parental permission.

By using the Service, you represent that you are over 18 years of age. If you are under 18 years old, please do not use the Service or provide any personal information to us.

If you are acting on behalf of someone who is under 18 years of age, you agree to gain their express permission to do so and will abide by the terms and conditions on their behalf.

 

4. Information We May Collect From You

4.1 Information you provide

We may collect and process the following information about you:

  • name

  • address

  • e-mail address

  • telephone number

  • credit card or other payment information

  • age

  • gender

  • sensitive information such as information relating to your health

  • publicly available information concerning your profession, expertise and/or business services

  • any other personal information you provide us with directly

4.2 Additional data we collect

  • correspondence, or a record of it, if you contact us or other users (including therapists) through the Service

  • quizzes or surveys that you complete

  • statistical data about your browsing actions and patterns, including IP address, device identifiers, browser information, operating system, timestamps, pages visited, traffic data, location data, weblogs, and other communication data

 

5. Lawful Basis for Processing

We process your personal data under the following lawful bases:

5.1 Article 6 GDPR (General Data)

  • Contractual Necessity: To deliver therapy services and manage your bookings.

  • Legal Obligation: Compliance with clinical, regulatory, safeguarding, and accounting requirements.

  • Legitimate Interests:

    • UK users: recognised legitimate interests for security, fraud prevention, and service improvement.

    • EU users: legitimate interests only where a Legitimate Interests Assessment (LIA) has been completed.

  • Consent: For marketing communications and non‑essential cookies.

5.2 Article 9 GDPR (Special Category Health Data)

We process health information under:

Article 9(2)(h): “Provision of health or social care or treatment.”

This is the correct legal condition for therapy services.

 

6. How We Use Your Information

We use information held about you in the following ways:

  • to deliver the Service

  • to ensure that the Service is presented in the most effective manner for you and for your computer

  • to identify you when you use the Service

  • to answer your questions and improve the Service

  • to notify you about changes to our Service

  • for product and service development purposes

  • to provide you with updates and other information about special offers and new features of our Service

  • to manage any communications you have with any other users via the Service

  • for marketing purposes including in collaboration with third parties where you consent to this

  • for statistical purposes and analysis for management purposes in order to administer the Service or improve our products and services

Additional GDPR‑required uses

  • to maintain clinical records in accordance with professional standards

  • to conduct Data Protection Impact Assessments (DPIAs) for high‑risk processing

  • to meet safeguarding and duty‑of‑care obligations

 

7. How We Share Your Information

We may share your personal information with third parties in the following circumstances:

  • with the therapist you have been allocated sessions with

  • with third‑party processors who support our operations (see list below)

  • where we are obliged or permitted to do so by applicable law, regulation, or legal process

  • if we (or substantially all of our assets) are acquired by a third party, in which case personal information held by us will be transferred

We may pass aggregated information to third parties about how our users use our Service, but this will not include information which could be used to identify you.

7.1 Our Data Processors

We use trusted third‑party processors, including:

  • SimplyBook.me – appointment scheduling (acting as a Data Processor under our Data Processing Agreement)

  • Email hosting provider

  • Website hosting provider

  • Secure video platform (if applicable)

  • Analytics provider (only with consent for EU users)

All processors are bound by GDPR‑compliant Data Processing Agreements.

 

8. Where We Store Your Information

We take appropriate organisational and technical measures to protect your personal information. We limit access to those who reasonably need to come into contact with it.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by persons operating outside the EEA who work for us, one of our associated companies, or a third party engaged by us.

Where data is transferred internationally, we use:

  • UK Addendum to EU Standard Contractual Clauses

  • Adequacy decisions

  • Processor‑level security certifications

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Service and any transmission is at your own risk.

 

9. Data Retention

We retain your data only for as long as necessary:

  • Clinical records: 7 years after the end of treatment (or until age 25 for children)

  • Booking and administrative data: 6 years for accounting and audit purposes

  • Marketing data: until you withdraw consent

  • Website analytics: according to cookie settings

 

10. Cookies

We use cookies and similar technologies such as local storage within our apps to provide and optimise our Service.

10.1 UK Visitors

  • Necessary cookies active by default

  • Non‑essential cookies only with consent

10.2 EU/EEA Visitors

  • Strict prior consent model

  • No analytics or marketing cookies load until you click “Accept”

You can control cookies through your browser settings. If you do not accept cookies, some features of the Service may not function properly.

 

11. Keeping Your Account Secure

(Relevant to any courses or user accounts we may provide.)

Your original wording is preserved:

  • You are responsible for keeping your password confidential

  • You must change your password regularly

  • You are responsible for all orders or actions taken using your login

  • We are not liable for losses resulting from misuse of your login credentials

 

12. Marketing Communications

With your permission, we may send you information about other products and services that may be of interest to you. You may opt out at any time by contacting us at [email protected].

 

13. Access to Information (Subject Access Requests)

You have the right to access information held about you. Contact us at [email protected] to request a copy of your data. We may request proof of identity to protect your information.

Under GDPR, SARs are free of charge unless requests are excessive or repetitive.

 

14. Your Rights

You have the following rights under data protection laws:

  • the right to be informed

  • the right to have inaccurate data corrected

  • the right to object to processing

  • the right to restrict processing

  • the right to have your data erased (“right to be forgotten”)

  • the right to access your data

  • the right to data portability

  • rights in relation to automated decision‑making

You have the right to complain to the Information Commissioner’s Office (ICO) or your local EU Data Protection Authority.

 

15. Changes to Our Privacy Policy

We occasionally modify our Privacy Policy. Any changes will be posted on this page and, where appropriate, notified to you by email or other message.

 

16. Contact

The Online Therapy Clinic UK LTD Data Protection Lead: [email protected]

SimplyBook.me is acting as The Online Therapy Clinic UK LTD’s supplier, processing personal data in line with their Privacy Policy and our Data Processing Agreement: https://simplybook.me/en/terms-and-conditions#tab-for-clients