Privacy Policy

Our commitment to protecting your privacy and maintaining confidentiality

Our Commitment to Your Privacy

Last Updated: August 22, 2025

Growth Mindset CBT is committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with UK GDPR, Data Protection Act 2018, and professional therapy ethics.

Your privacy is fundamental to the therapeutic relationship, and we take our responsibility to protect your personal information very seriously.

Information We Collect

Personal Information

When you contact us or use our services, we may collect:

  • Contact Information: Name, email address, phone number, address, preferred contact method
  • Appointment Information: Appointment dates and times, session notes (clinical records), treatment goals and progress, payment information, cancellation/rescheduling requests
  • Health Information: Mental health symptoms and concerns, medical history relevant to therapy, current medications, previous therapy/treatment history, progress assessments

Website Information

When you visit our website, we may collect:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Referring website
  • Device information

Primary Purposes

How We Use Your Information

 

Provide Therapy Services: Conduct assessments, develop treatment plans, monitor progress, maintain clinical records, provide continuity of care

Communication: Respond to enquiries, schedule appointments, send reminders, provide therapy-related information

Primary Purposes

How We Use Your Information

 

Provide Therapy Services: Conduct assessments, develop treatment plans, monitor progress, maintain clinical records, provide continuity of care

Communication: Respond to enquiries, schedule appointments, send reminders, provide therapy-related information

Legal Basis

Legal Basis for Processing

 

Consent: You have given clear consent for processing your personal data for specific purposes

Contractual Necessity: Processing is necessary for the performance of our therapy services contract

Legal Obligation: Processing is necessary to comply with professional and legal obligations

Legal Basis

Legal Basis for Processing

 

Consent: You have given clear consent for processing your personal data for specific purposes

Contractual Necessity: Processing is necessary for the performance of our therapy services contract

Legal Obligation: Processing is necessary to comply with professional and legal obligations

Information Sharing & Confidentiality

Confidentiality Commitment

Your therapy sessions and personal information are strictly confidential. We do not share your information except in the following limited circumstances:

With Your Consent: Referrals to other healthcare professionals, sharing with family members (with explicit permission), insurance providers (when authorized)

Legal Requirements

Information may be disclosed without consent only when:

  • Required by court order or legal process
  • Risk of serious harm to yourself or others
  • Child protection concerns
  • Prevention of serious crime
  • Professional registration body investigations

Professional Consultation

Anonymous case discussions may occur during:

  • Clinical supervision (no identifying information shared)
  • Professional peer consultation
  • Training and education purposes

No identifying information is ever shared in professional consultations.

Data Storage & Security

Physical Records

  • Stored in locked filing cabinets
  • Located in secure, access-controlled premises
  • Available only to authorised personnel

Digital Records

  • Encrypted storage systems
  • Password-protected access
  • Regular security updates
  • Secure backup procedures

Communication Security

  • Encrypted email systems
  • Secure video platforms for online sessions
  • Protected contact forms
  • SSL certificate protection

Data Retention

Clinical Records

  • Retained for 7 years after last contact (adult clients)
  • Retained for 25 years after 18th birthday (clients under 18)
  • Longer if required by insurance or legal proceedings

Appointment Records

  • Retained for 2 years after last appointment
  • Includes scheduling and payment information

Website Data

  • Analytics data retained for 2 years
  • Contact form submissions retained for 1 year
  • Cookies expire according to settings

Secure Disposal

  • Paper records securely shredded
  • Digital files permanently deleted
  • No data retained beyond necessary periods

Your Rights Under GDPR

Right to Information & Access

  • Know what personal data we hold about you
  • Understand how your data is processed
  • Request copies of your personal data
  • Receive information in a commonly used format
  • Access data free of charge (in most cases)

Right to Rectification & Erasure

  • Correct inaccurate personal data
  • Complete incomplete personal data
  • Update outdated information
  • Request deletion of your personal data
  • Subject to legal and professional obligations

Right to Restrict & Object

  • Limit how your personal data is used
  • Temporary restriction while investigating disputes
  • Object to processing for direct marketing
  • Object to processing for legitimate interests
  • Subject to overriding legitimate grounds

Professional Standards Compliance

BABCP Requirements

  • Compliance with BABCP ethical guidelines
  • Professional supervision arrangements
  • Ongoing professional development
  • Quality assurance processes

NMC Requirements

  • Nursing and Midwifery Council standards
  • Professional accountability measures
  • Fitness to practice compliance
  • Continuing professional development

Data Breach Procedures

Prevention Measures: Regular security assessments, staff training on data protection, secure systems and procedures, incident prevention protocols

Breach Response: Immediate containment of any breach, assessment of risks to individuals, notification to authorities within 72 hours, communication to affected individuals, investigation and prevention measures

Contact & Complaints

Data Protection Enquiries

 

For any questions about this Privacy Policy or your personal data:

Email: julia@growthmindsetcbt.im
Phone: +44 (0) 7624 258304
Post: Growth Mindset CBT, G6 Stable Block, The Nunnery, Old Castletown Road, Douglas, IM2 1QB

Complaints: Contact the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113

Contact & Complaints

Data Protection Enquiries

 

For any questions about this Privacy Policy or your personal data:

Email: julia@growthmindsetcbt.im
Phone: +44 (0) 7624 258304
Post: Growth Mindset CBT, G6 Stable Block, The Nunnery, Old Castletown Road, Douglas, IM2 1QB

Complaints: Contact the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113

Ready to Work Together?