GDPR Privacy Policy

Introduction

At The Art Therapist, we are committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard your personal data in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is The Art Therapist, located at [Your Address]. You can contact us at Sharon@thearttherapist.co.uk for any questions regarding this policy.

2. Personal Data We Collect

We collect and process the following types of personal data:

  • Basic Identifiers: Name, address, email address, phone number.

  • Health Information: Personal and family history, medical history, psychiatric history, and treatment details.

  • Technical Data: We do not capture or store IP addresses, browser type, and usage data.

3. Purpose of Data Processing

We process your personal data for the following purposes:

  • To provide art therapy services, trainings, and workshops.

  • To manage appointments and communications.

  • To comply with legal and professional obligations.

4. Legal Basis for Processing

Our processing of your personal data is based on:

  • Consent: You have given clear consent for us to process your personal data for specific purposes.

  • Contract: The processing is necessary for the performance of a contract with you.

  • Legal Obligation: The processing is necessary to comply with legal obligations.

  • Legitimate Interests: The processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests.

5. Data Sharing

We will not share information about you with third parties without your consent unless the law allows this. This may include sharing data with:

  • Legal authorities in response to court orders.

  • Professional bodies for regulatory purposes.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Typically, we keep:

  • Basic identifiers for the duration of your therapy and for a period of 3 years] after.

  • Health information for the duration of your therapy and for a period of 3 years after.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Password-protected systems.

  • Secure storage solutions.

  • Regular security audits.

8. Your Rights

Under GDPR, you have the following rights:

  • Access: You can request access to your personal data.

  • Rectification: You can request correction of inaccurate or incomplete data.

  • Erasure: You can request deletion of your personal data.

  • Restriction: You can request restriction of processing under certain conditions.

  • Data Portability: You can request transfer of your data to another service provider.

  • Objection: You can object to the processing of your personal data.

If you want to use your rights, for example, by requesting a copy of the information we hold about you, please contact us at the above postal addresses or by email at sharon@thearttherapist.co.uk.

If you are not happy with the outcome, you may raise a complaint with the Information Commissioner’s Office, whose details are as follows:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

9. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on our website, and where appropriate, notified to you by email.

10. Contact Us

If you have any questions or concerns about this policy or our data practices, please contact us at at sharon@thearttherapist.co.uk.

The Art Therapist © 2025. All rights reserved

Contact Us

| Privacy | GDPR | Terms & Conditions |