Privacy Policy

Privacy Policy

I (Sophie Ollin trading as "SO Therapy") am committed to protecting the privacy and security of your personal information.

Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we use your personal data we are regulated under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal data for the purposes of data protection legislation.

This privacy notice applies to any individual whose data we process, including (but not limited to) visitors to our website and Clients (please see definitions below).

We may change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective as of March 2024.

Key terms

We, us, our, Therapy Provider: Sophie Ollin (trading as “SO Therapy”)

Personal data/information: Any information relating to an identified or identifiable individual

Sensitive personal data/information: Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sex life or sexual orientation, or details of criminal offences

Client: A recipient of therapy services provided by the Therapy Provider

Kiku: The provider of the therapy practice management software which we use to store and process Client information, appointments, and payments.

We may collect/store the following personal information about you:

  • “Identity Data” – includes name, username or similar identifier, marital status, title, date of birth and gender.
  • “Contact Data” – includes address, email address and telephone numbers. Where you are a Client, this includes your emergency contact details and your GP’s details.
  • “Financial Data” – includes bank account and payment card details (to allow our appointed third party payment processing provider to process payments – please see below).
  • “Transaction Data” – includes details about payments from you and other details of services and sessions you have purchased.
  • “Technical Data” – includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • “Profile Data” includes your username and password, purchases made by you, preferences, feedback and survey responses.
  • “Usage Data” – includes information about how you use our website and services.
  • “Marketing and Communications Data” – includes your preferences in receiving marketing from us and our third parties and your communication preferences.

The personal information we collect about you will depend on our relationship with you, e.g. whether you are a Client, a prospective Client, a visitor to our website etc. We only collect personal information about you where it is both lawful and necessary.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

We may collect/store the following sensitive personal information about you:

  • Information contained in the notes taken by your Therapy Provider during your sessions. Such notes may also contain the sensitive personal information of individuals you discuss during a session with your Therapy Provider. These notes are anonymised and password protected. This may include any related documents (including correspondence with medical professionals etc.).

This sensitive personal information is stored and processed for the reasons, and in the manner, explained below. We only collect and store such sensitive personal information where it is necessary and lawful to do so. We are committed to protecting and preserving the confidentiality of this information.

How your personal information is collected

We collect most of this personal information directly from you or your organisation – in person, by telephone, text or email and/or via our website. However, we may also collect information:

  • from publicly accessible sources;
  • from a third party, e.g. your bank or building society, other entities or individuals providing services to you, and our professional contacts;
  • via third parties including doctors, medical and occupational health professionals;
  • from cookies on our website, when you complete online forms and in the form of “traffic data” (for more information on our use of cookies and how we collect information via our website, please see our Cookie Policy below);
  • and via our IT systems, e.g. automated monitoring of our technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.

How and why we use your personal information

We may collect your personal data for the following purposes:

  • to provide services to you and fulfil our contract with you;
  • to administer our relationship with you, including accounting and taking other steps linked to the performance of our relationship;
  • compliance with our legal and regulatory obligations, including maintaining records, compliance checks etc.;
  • to analyse and improve our services and communications and to ensure business policies are adhered to e.g. policies covering security, data protection, use of our website etc.;
  • to protect the security of our website, communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious
    activities;
  • for insurance purposes;
  • to exercise or defend our legal rights, or to comply with court orders;
  • for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us;
  • for statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures;
  • to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our, events and initiatives;
  • to send you feedback surveys and marketing campaigns; and
  • to collect information about your marketing preferences to personalise and improve the quality of our communications with you.

Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:

  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • to comply with our legal and regulatory obligations;
  • because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
  • where you have given consent; or
  • in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.

Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

How and why we collect/store your sensitive personal information

We collect/store your sensitive personal data for the following purposes:

  • to securely store notes taken by your Therapy Provider during your sessions and related documentation, to allow the Therapy Provider to effectively exercise his/her duty of care and assist him/her in keeping track of all matters being discussed with you during such sessions.

We can only collect/store your sensitive personal data if we have lawful grounds for doing so. We securely store your session notes on the basis of the below legal grounds:

  • to comply with our legal and regulatory obligations;
  • because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms; or in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
    AND
  • you have given your explicit consent. Before booking a session, you will be asked to actively consent to the processing of your sensitive personal data in line with this privacy notice.

Promotional communications

We may use your personal data to send you updates (by email, telephone or post) about our services that might be of interest to you.

You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences by:

  • contacting us by e-mailing the address on the Contact page; or
  • using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Information about your device and how you use our site

We may collect information about the devices you use, such as your mobile or browser and information about how you use our website. This helps us to improve our website for you and allows us to give you a better experience. This data is anonymised and will not include any of your personal information.

This information may also be used in fraud prevention allowing us to earmark suspicious/criminal activity.

Please refer to our “Cookie Policy” below for more information.

How long we keep your data for

We will keep your personal data for no longer than is necessary for the purpose(s) it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

We keep your data for the minimum period we consider necessary to resolve any queries and to ensure legal and regulatory compliance and in line with industry practice. We currently consider this period to be 7 years, unless the law prescribes a longer period.

Further details of the periods for which we retain data are available on request.

Who we share your personal and/or sensitive personal information with

We may share your personal information with third parties, but only where this is necessary and lawful.

Professional advisers
We may share your personal data with our professional advisers, including our lawyers, accountants and insurers.

Third party providers
We may be required to share basic user information with our third-party service providers, such as our website developer and IT support.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Where your personal information is held

Information may be held on our secure online server, and with third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).

Your rights

You have the following rights, which you can ordinarily exercise free of charge:

Access: The right to be provided with a copy of your personal data

Rectification: The right to require us to correct any mistakes in your personal data

To be forgotten: The right to require us to delete your personal data – in certain situations

Restriction of processing: The right to require us to restrict processing of your personal data in certain circumstances e.g. if you contest the accuracy of the data

Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party

To object: The right to object:

  • at any time to your personal data being processed for direct marketing; and
  • in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests.

If you would like to exercise any of those rights, please:

  • email, call or write to us – see below: ‘How to contact us’; and
  • let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates

Maintenance and security of your personal information

We are committed to ensuring that your information is secure. We endeavour to ensure that your data is stored securely and to prevent unauthorised access. We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online, which we monitor regularly.

We limit access to your personal information to those individuals who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Right to withdraw consent

If you have provided your consent to the processing of your personal and/or sensitive personal data, you have the right to withdraw your consent. If you wish to do so, please contact us.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.

Updating your personal information

We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch. We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.

Cookies on this site

Cookies are small text files that are stored on your browser or the hard drive of your computer or other devices when you visit our website. We use cookies on our website. For more information on cookies, please see our “Cookie Policy” below.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot therefore be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notices applicable to the website in question.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information.

Data protection legislation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or by telephone on 0303 123 1113.

How to contact us

Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you. Our contact details may be found on the Contact Me page.

Cookie Policy

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Logo

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.

Privacy Settings

Website Translator

Google Maps

Privacy Settings

This tool helps you to select and deactivate various tags / trackers / analytic tools used on this website.

Select all services
Website Translator
More
Google Maps
More
Save Settings