Privacy Policy

Your privacy and data protection are our top priorities

Last updated: January 1, 2026

Introduction

TherapyConnect ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws.

As a healthcare service provider, we also adhere to NHS data protection standards and the UK Caldicott Principles to ensure the highest level of confidentiality for your medical information.

Data Controller

TherapyConnect is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us at:

Email: privacy@therapyconnect.com

Address: 123 Health Street, London, UK, SW1A 1AA

Phone: +44 (0) 20 1234 5678

1. Information We Collect

1.1 Personal Information

We collect the following types of personal data:

  • Contact information (name, email address, phone number, postal address)
  • Account credentials (username, encrypted password)
  • Demographic information (date of birth, gender)
  • Payment information (processed securely through third-party payment providers)

1.2 Medical Information

With your explicit consent, we collect health-related information necessary for providing our services:

  • Medical history and current health conditions
  • Medication information
  • Allergies and sensitivities
  • Treatment notes and progress records
  • Emergency contact information

1.3 Technical Information

We automatically collect certain technical data when you use our platform:

  • IP address and device information
  • Browser type and version
  • Usage data and analytics
  • Cookies and similar technologies (see our Cookie Policy)

2. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: You have given explicit consent for us to process your personal and medical data for specific purposes.
  • Contract Performance: Processing is necessary to fulfill our service agreement with you (booking appointments, providing therapy services).
  • Legal Obligation: We must process certain data to comply with legal requirements (e.g., safeguarding, professional standards).
  • Legitimate Interests: Processing is necessary for our legitimate business interests (fraud prevention, service improvement) while respecting your rights.

3. How We Use Your Information

We use your personal data for:

  • Providing and managing therapy services and appointments
  • Communicating with you about your bookings and treatments
  • Processing payments and maintaining financial records
  • Ensuring the safety and effectiveness of our services
  • Complying with professional and legal obligations
  • Improving our services and platform functionality
  • Sending service updates and important notifications
  • Conducting research and analytics (anonymized data only)

4. Data Sharing and Disclosure

We respect your privacy and only share your data in limited circumstances:

  • Healthcare Professionals: With your assigned therapists who need access to provide your care.
  • Service Providers: Trusted third parties who assist with payment processing, IT services, and platform hosting (all under strict data protection agreements).
  • Legal Requirements: When required by law, court order, or to protect vital interests.
  • Emergency Situations: To emergency services if there's an immediate risk to health or safety.

We never sell your personal data to third parties for marketing purposes.

5. Data Security

We implement robust security measures to protect your data:

  • End-to-end encryption for data transmission (SSL/TLS)
  • Encrypted storage of sensitive medical information
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Staff training on data protection and confidentiality
  • Secure backup and disaster recovery procedures
  • Compliance with NHS Digital security standards

While we take every precaution to protect your data, no internet transmission is completely secure. We encourage you to use strong passwords and keep your login credentials confidential.

6. Data Retention

We retain your personal data only for as long as necessary:

  • Active Accounts: Data is retained while your account is active and for the provision of services.
  • Medical Records: Retained for 8 years after the last treatment, in accordance with NHS and professional body guidelines.
  • Financial Records: Retained for 7 years to comply with tax and accounting regulations.
  • Marketing Data: Retained until you withdraw consent or unsubscribe.

After the retention period, data is securely deleted or anonymized.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (subject to legal obligations).
  • Right to Restriction: Request limitation of how we process your data.
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.
  • Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, please contact us at privacy@therapyconnect.com. We will respond within 30 days.

8. International Data Transfers

Your data is primarily stored and processed within the UK and European Economic Area (EEA). If we transfer data outside these regions, we ensure adequate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Additional security measures for medical data transfers

9. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

  • Essential Cookies: Required for platform functionality and security.
  • Performance Cookies: Help us understand how you use our platform.
  • Functional Cookies: Remember your preferences and settings.

You can manage cookie preferences through your browser settings.

10. Children's Privacy

We provide services to children under 16, but their accounts must be managed by a parent or legal guardian. Parental consent is required for processing children's personal and medical data. We take extra precautions to protect children's information.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions, concerns, or wish to exercise your data protection rights, please contact:

Data Protection Officer

Email: privacy@therapyconnect.com

Address: TherapyConnect, 123 Health Street, London, UK, SW1A 1AA

Phone: +44 (0) 20 1234 5678

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: www.ico.org.uk

Helpline: 0303 123 1113

13. Regulatory Compliance

TherapyConnect is committed to compliance with:

  • General Data Protection Regulation (GDPR)
  • UK Data Protection Act 2018
  • NHS Data Security and Protection Toolkit
  • UK Caldicott Principles
  • Professional body data protection standards