Privacy Policy

Life Insight Therapy – Amanda Hart

Last updated: June 2026

 1. Introduction

This Privacy Policy explains how I, Amanda Hart, trading as Life Insight Therapy, collect, use, store and protect your personal information. I am committed to safeguarding your privacy and handling your data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR)

I am registered with the Information Commissioner’s Office (ICO) as a Data Controller.
ICO Registration Number: ZA257341
Business Address: Fennels Lodge, St Peter’s Close, High Wycombe, HP11 1JT
Email: hello@lifeinsight.co.uk
Telephone: 01494 578686

 2. About My Practice

I provide:

  • Individual, couple and group therapy
  • Clinical supervision
  • Training and consultancy services

To deliver these services safely and professionally, I need to collect and process certain personal and sensitive information about you.

I am a sole trader. No one else has access to your data unless required by law or in exceptional safeguarding circumstances.

 3. What Information I Collect

I collect information that enables me to provide therapy or supervision safely and effectively. This may include:

Basic personal information

  • Name
  • Contact details (address, phone number, email)
  • Date of birth or age

Background information relevant to therapy

  • Marital status and living arrangements
  • Information about partners, family or children
  • Occupation, education or training
  • Religious or cultural background (if relevant to therapy)
  • Lifestyle information (sleep, diet, exercise, alcohol/drug use)
  • Social and recreational activities

Health and wellbeing information (special category data)

  • Current or past physical or mental health conditions
  • Medications
  • GP details
  • Height/weight (if clinically relevant)
  • Your reasons for seeking therapy and how your difficulties affect you

You may decline to provide non-essential information if you prefer.

Supervision clients

For supervision, I may process information about your work and client cases, but not identifiable client details.

Notes

I keep brief clinical notes for my own professional use. These are not shared with anyone unless required by law.

4. Lawful Bases for Processing Your Data

UK GDPR requires me to explain the lawful bases that allow me to process your information.

  1. Contract

To provide therapy or supervision, I need to process your personal information. This includes your contact details, appointment history and relevant background information.

  1. Legitimate Interests

I keep brief clinical records because it is necessary for safe, effective practice, continuity of care, and to respond appropriately to future enquiries or complaints. I always balance these interests against your rights and privacy.

  1. Legal Obligation

I may be required to share information if ordered by a court or required by law. I will always disclose the minimum necessary information and seek guidance from my professional insurer.

  1. Vital Interests

If I believe you or someone else is at risk of serious harm, I may need to share relevant information to protect life or safety.

  1. Special Category Data (health information)

Therapy involves processing sensitive information about your health and wellbeing. The lawful bases for this are:

  • UK GDPR Article 9(2)(h) – necessary for the provision of health or social care
  • UK GDPR Article 9(2)(g) – necessary for safeguarding or preventing serious harm
  1. Consent (only for optional activities)

I use consent only for things that are genuinely optional, such as receiving appointment reminders, online booking access, or updates about my services. You can withdraw consent at any time.

5. How I Store and Protect Your Data

I take data security seriously and use the following measures:

Paper records

  • Intake notes stored in a locked filing cabinet
  • Identifiers stored separately from clinical notes
  • Access restricted to me only

Digital records

  • Contact details, brief session notes and appointment information stored securely in Cliniko, an encrypted practice management system
  • Emails stored on a secure server and deleted after 12 months unless clinically relevant (in which case the information contained within an email becomes part of the therapy record)
  • Mobile devices protected by passcodes and remote‑wipe capability
  • Anonymised attendance and payment statistics stored on a secure cloud server
  • Payment details are processed securely through my business bank (for bank transfers) or Stripe (for card payments), in line with industry standards. I do not store your card number, PIN, or full bank details.

 Retention periods

  • Therapy records: 7 years after our work together ends
  • Records for clients under 18: 7 years after their 18th birthday
  • Financial records: 6 years (HMRC requirement)
  • Enquiries from non‑clients: deleted after 6 months
  • Supervision records: retained for 7 years

After these periods, records are securely deleted or destroyed.

6. Sharing Your Data

I will never sell your data or share it with third parties for marketing.

I may share your data only in the following circumstances:

  1. Safeguarding or risk of serious harm

If I believe you or someone else is at risk, I may share relevant information with your identified emergency contact, your GP, emergency services or safeguarding authorities. I will disclose the minimum necessary information.

  1. Legal requirements

If required by a court order or police request, I may need to disclose information. I will always seek legal guidance first.

  1. Business continuity

If I become unexpectedly unable to work, a trusted professional may contact you on my behalf. They will not access your clinical notes.

  1. Third‑party service providers

I use secure third‑party services to operate my practice, including:

  • Cliniko (practice management)
  • Google (email)
  • Telecoms providers
  • Website hosting
  • Online directories (BACP, NCPS, Counselling Directory, NCFED)
  • Payment processors (Stripe, PayPal, HSBC business banking)

These providers may process limited personal data on my behalf.
Where data is transferred outside the UK, appropriate safeguards (such as Standard Contractual Clauses) are in place.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right to be informed – this policy fulfils that
  • Right of access – you can request a copy of your data
  • Right to rectification – you can ask for inaccuracies to be corrected
  • Right to erasure – you can request deletion (subject to legal/clinical obligations)
  • Right to restrict processing
  • Right to data portability (for digital records)
  • Right to object
  • Right not to be subject to automated decision‑making (I do not use this)

To exercise any of these rights, contact me using the details at the end of this policy.

8. Website and Cookies (PECR Compliance)

My website uses cookies to function properly and to analyse anonymised traffic patterns.

Under PECR, non‑essential cookies (such as analytics cookies) require your consent. You can manage or delete cookies through your browser settings.

I use Google Analytics, which does not identify you personally.
You can opt out of Google Analytics tracking here:
http://tools.google.com/dlpage/gaoptout

9. Changes to This Policy

I may update this Privacy Policy from time to time. Significant changes will be communicated on my website or directly to current clients.

10. Contact and Complaints

If you have questions or concerns about how your data is used, please contact:

Amanda Hart
Life Insight Therapy
Email: hello@lifeinsight.co.uk
Telephone: 01494 578686
Address: Fennels Lodge, St Peter’s Close, High Wycombe, HP11 1JT

If you are not satisfied with my response, you may contact the Information Commissioner’s Office (ICO):
Telephone: 0303 123 1113
Website: www.ico.org.uk