PRIVACY POLICY

Privacy policy for Fellside Therapy
Last updated: December 2025

Who I am
Fellside Therapy is the private practice of Ella Smith (NCPS registered). For the purposes of data protection law, I am the “data controller” for the personal information you share with me.

Contact details
Email: ella@fellsidetherapy.co.uk

What information I collect
If you contact me via my website form, email, phone, or in writing, I may collect:

  • Your name

  • Your email address and phone number

  • The content of your message

  • Basic scheduling information (appointment times, availability)

  • Any information you choose to share about what you are looking for

If we work together, I may also collect:

  • Administrative records (appointments, invoices, payments)

  • Session notes (brief notes for my own professional use)

  • Any relevant information you choose to share in sessions

Important note
Please avoid including highly sensitive personal information in the website contact form. There will be time to discuss anything important properly and confidentially once we have agreed to work together.

How I use your information
I use your information to:

  • Respond to enquiries and arrange appointments

  • Provide counselling and psychotherapy sessions

  • Maintain appropriate professional records

  • Manage fees, invoices and payments

  • Meet professional, ethical, and insurance requirements

  • Respond to complaints or concerns if needed

My lawful basis for processing
Under UK GDPR, I process personal data on the following lawful bases:

  • Legitimate interests: to respond to enquiries and manage my practice

  • Contract: to provide therapy services once agreed

  • Legal obligation: where I must keep records for legal, tax, or insurance reasons

  • Special category data: therapy-related information is usually “special category” personal data; where this applies, I process it because it is necessary for the provision of health or social care (or related support) and is handled with appropriate safeguards, and because you have provided it in the context of therapy

How your information is stored
Website contact form
My website is hosted by Squarespace. When you submit a contact form, the information is sent to me (typically via email) and may also be stored within my Squarespace account depending on my settings.

Email and documents
I receive messages via Gmail. I store necessary practice documents in a secure manner and limit access to them.

Online sessions
Online sessions are delivered via Zoom. I do not record sessions. If you use Zoom, your device and Zoom may process certain technical data to deliver the service. Please see Zoom’s own privacy information for further details.

Payments
Payments are handled via Stripe. I do not store full card details.

How long I keep your information
I keep personal information only for as long as necessary for the purpose it was collected. Typical retention periods:

  • Enquiries that do not become clients: 12 months, then deleted

  • Client administrative records (appointments, invoices): 6 years for tax and accounting purposes

  • Clinical notes: retained for a period consistent with professional standards and insurance guidance; 6 years after therapy ends.

You can ask for more detail about retention when you contact me.

Who I share your information with

I may share information only when necessary and appropriate, for example:

  • With my clinical supervisor, in anonymised or carefully limited form, as part of safe professional practice

  • With my insurer or professional adviser if required

  • If required by law, or where there is a serious risk of harm and disclosure is necessary to protect you or someone else

Confidentiality and its limits
Therapy is confidential, but confidentiality is not absolute. I may need to share information without your consent if:

  • There is a serious risk of harm to you or someone else

  • A child or vulnerable adult is at risk of serious harm

  • I am required to disclose information by law or court order

If possible, I will aim to discuss this with you first.

Your rights
You have rights under UK GDPR, including the right to:

  • Access your personal data

  • Request correction of inaccurate information

  • Request deletion in some circumstances

  • Object to certain processing

  • Request restriction of processing in some circumstances

  • Data portability in some circumstances

To exercise your rights, contact me using the details above.

How to complain about data protection
If you have concerns about how your personal data is handled, please contact me first so I can try to resolve it. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection.

Changes to this policy
I may update this privacy policy from time to time. The latest version will be published on my website