Privacy Policy & GDPR Compliance

Data Controller: Mya Rose Campbell, ICO Registration Number: ZC123835, Contact Email: Contact@Myarosetherapy.com

This privacy policy explains how Mya Rose Therapy collects, uses, stores, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Information I Collect

To provide safe, effective, and professional therapeutic services, I collect and process the following data:

  • Personal Identifiers: Your name, date of birth, phone number, and email address.

  • Emergency Contact Details: The name and phone number of a trusted contact person or your GP.

  • Sensitive Special Category Data: Brief clinical session notes, relevant medical history, and information regarding your mental and physical health.

  • Website Data: If you use the contact form on this website, I collect the information you choose to share in those text fields.

How Your Data is Collected and Used

Your data is collected directly from you via my website contact form, during our initial consultation, and throughout our ongoing therapy sessions. I use this information strictly to:

  • Deliver professional counselling, psychotherapy, and hypnotherapy services.

  • Manage booking appointments, invoicing, and administrative communications.

  • Maintain professional records in compliance with my ethical and legal obligations.

Data Storage and Security

I take your privacy incredibly seriously and use high-level, industry-standard security measures to protect your data:

  • Digital Records: All digital client information, contact details, and session notes are stored on password-protected devices and within encrypted cloud storage.

  • Email Communication: All email correspondence is conducted via Proton Mail, ensuring end-to-end encryption for your messages.

  • Physical Records: Any physical or paper-based notes are held securely in a locked filing cabinet.

Data Retention

In line with standard psychological insurance and safeguarding frameworks, client records and clinical notes are securely retained for a minimum of eight years after our final therapy session. Once this period has elapsed, all electronic and physical records are permanently and securely destroyed.

Confidentiality and Sharing Your Data

Your information is kept strictly confidential. It will never be sold, shared for marketing purposes, or passed to third parties without your explicit consent, except under the following rare legal or safety conditions:

  • Risk of Harm: If I believe there is a serious, imminent risk of harm to yourself or others.

  • Legal Obligation: If I am legally compelled to disclose information by a court of law or specific statutory requirements.

  • Clinical Supervision: In accordance with the British Association for Counselling and Psychotherapy (BACP) ethical framework, I regularly discuss my clinical caseload with a qualified supervisor. Your identity is completely anonymised during these professional consultations.

Your Legal Rights Under GDPR

Under the UK GDPR, you hold specific rights regarding how your personal data is handled. You have the right to:

  • Request access to the personal data I hold about you (Subject Access Request). I will provide this information within 30 days of receiving a written request.

  • Request the correction of any inaccurate or incomplete personal data.

  • Lodge a formal complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.