Privacy Policy

Privacy & Cookies Policy

The PTSD Therapist
 Therapist & Data Controller: Claire Bree, Accredited Cognitive Behavioural Therapist (BABCP)
📧 claire@theptsdtherapist.co.uk 🌐 www.theptsdtherapist.co.uk
 Effective from December 2025

1. Introduction

Your privacy is important to me.
This policy explains how I collect, use, store, and protect your personal data in line with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

It applies to information collected through this website, email contact, therapy bookings, mailing list subscriptions, and online course purchases.

2. Who Controls Your Data

  • Data Controller: Claire Bree, trading as The PTSD Therapist

  • Email: claire@theptsdtherapist.co.uk

  • ICO Registration: [insert number once confirmed]
    I am responsible for ensuring that your personal data is processed securely and lawfully.

3. Information I Collect

I may collect the following data depending on your interaction with my services:

Purpose

Data Collected

Lawful Basis (UK GDPR)

Therapy bookings via Zanda

Name, email, phone, referral info

Contract / legitimate interest

Mailing list (MailerLite)

Name, email address

Consent

Course purchases (ThriveCart)

Name, email, billing info, payment details

Contract

Website enquiries

Name, email, message

Legitimate interest

Analytics / cookies

IP address, browser info, device data

Consent / legitimate interest

I do not collect special category data through my website or mailing list.
Clinical records are handled separately within Zanda, which is fully GDPR-compliant.

4. How Your Data Is Used

Your data is used to:

  • Manage therapy bookings and sessions

  • Send newsletters or resources (if you opt in)

  • Process course purchases and payments

  • Improve website performance and functionality

  • Fulfil legal and professional obligations (e.g., record keeping, accounting)

I never sell or rent personal data to third parties.

5. Third-Party Processors

I use trusted, GDPR-compliant third parties for essential services:

Processor

Purpose

Compliance

Zanda

Therapy bookings, clinical records, video sessions

UK GDPR & ISO27001 compliant

MailerLite

Email marketing & newsletter management

GDPR compliant, EU-based servers

ThriveCart

Course checkout, payment, and access

PCI-DSS compliant, GDPR aligned

Google Analytics

Anonymous website analytics

Data anonymised / consent-based

Each service has its own privacy policy available on their website.

6. Data Retention

Data is kept only as long as necessary (see Retention & Disposal Policy).
Typical retention periods include:

  • Therapy records: 7 years after final session

  • Mailing list: until unsubscribed or inactive for 24 months

  • Financial / course data: 7 years (accounting law)

  • Enquiry data: up to 12 months
    After these periods, data is securely deleted.

7. Data Security

  • Clinical notes are stored in Zanda (encrypted and password-protected).

  • All devices are encrypted and use two-factor authentication.

  • Emails and documents are transmitted via secure channels.

  • No identifiable data is stored on personal devices or USB drives.

8. Cookies

Cookies are small text files stored on your device when visiting this website.
They help improve functionality and user experience.

Types of Cookies

  • Essential cookies: Required for core site functions (e.g., security, navigation).

  • Analytical cookies: Used to understand site usage; only set with consent.

  • Marketing cookies: Occasionally used by MailerLite or ThriveCart; require consent.

Cookie Control

On your first visit, you will see a cookie banner allowing you to accept or reject non-essential cookies.
You can also manage cookies through your browser settings at any time.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your data (see Subject Access Request Policy)

  • Rectify inaccurate data

  • Request deletion (“right to be forgotten”)

  • Restrict or object to processing

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk
    Requests can be made by emailing claire@theptsdtherapist.co.uk.
    Responses are normally provided within one month.

10. Marketing & Communication

If you subscribe to my mailing list, I will send occasional newsletters or updates.
You can unsubscribe at any time using the link in each email or by contacting me directly.
Your consent preferences are stored securely by MailerLite.

11. Data Transfers

All data is stored within the UK or EU.
If any processor transfers data outside the UK/EU, appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

12. Policy Updates

This policy will be reviewed annually or when new data protection guidance is released.
The latest version will always be available on my website.

Date Reviewed: December 2025  Next Review Due: December 2026