Client Privacy Notice

The Online Therapy Clinic UK LTD

Last Updated: June 2026

This Privacy Notice explains how we process your personal data when you engage in therapy with us. It is separate from our website Privacy Policy and is required under UK GDPR and EU GDPR.

 

1. Who We Are

The Online Therapy Clinic UK LTD is the Data Controller for all clinical information created or received during therapy.

Contact: [email protected]

We are registered with the ICO as required under UK law.

 

2. What Information We Collect

We collect and process:

  • Name, contact details, date of birth

  • GP details (if provided)

  • Emergency contact information

  • Clinical assessments

  • Therapy notes

  • Treatment plans

  • Communications with your therapist

  • Payment and invoicing information

We do not record therapy sessions unless explicitly agreed in writing.

 

3. Lawful Basis for Processing

3.1 Article 6 GDPR

  • Contract: To provide therapy services

  • Legal Obligation: Safeguarding, regulatory compliance, accounting

  • Legitimate Interests: Service improvement, security

3.2 Article 9 GDPR (Special Category Data)

We process health information under:

Article 9(2)(h): Provision of health or social care or treatment.

 

4. How Your Information Is Used

  • To provide therapy

  • To maintain accurate clinical records

  • To communicate with you

  • To ensure safety and safeguarding

  • To comply with professional and legal obligations

  • To coordinate care with your GP or other professionals (only with consent unless required for safety)

 

5. Sharing Your Information

We may share your information with:

  • Your allocated therapist

  • Emergency services (if there is a risk of harm)

  • Your GP or other professionals (with consent unless required for safety)

  • Regulators or authorities where legally required

  • Our secure third‑party processors (e.g., booking system, email provider)

We do not sell your data.

 

6. Data Retention

  • Adults: Clinical records retained for 7 years after the end of treatment

  • Children: Retained until age 25

  • Financial records: 6 years

  • Emails: Retained according to clinical relevance

 

7. Your Rights

You have the right to:

  • Access your data

  • Request corrections

  • Request erasure (where applicable)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent

  • Complain to the ICO

 

8. Security

We use secure systems, encryption, access controls, and confidentiality agreements to protect your information.

 

9. Contact

For questions or data requests: [email protected]