Privacy Policy

Last Updated: 22 January, 2025

This privacy policy applies between you, the User of this Website, and Resilient Wellbeing Ltd (trading as Resilient Wellbeing Clinic), the owner and provider of this Website (hereafter referred to as “we,” “us,” “our,” or “the Clinic”). Resilient Wellbeing Clinic takes the privacy of your information very seriously. This privacy policy applies to our use of any and all data collected by us or provided by you—or your child—in relation to the services you (or your child) require from us and in relation to the use of the Website.

1. Definitions and Interpretation

In this privacy policy, the following definitions are used:

• Data: Collectively all information that you submit to Resilient Wellbeing Clinic via the Website or via other channels (e.g., email, phone) for the provision of services. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws.

• Cookies: A small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out below (see Cookies).

• Data Protection Laws: Any applicable law relating to the processing of personal Data, including but not limited to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and any national implementing and supplementary laws, regulations, and secondary legislation.

• GDPR: Refers to the UK General Data Protection Regulation.

• Resilient Wellbeing Ltd trading as Resilient Wellbeing Clinic / we / us: A company incorporated in England and Wales with registered number 12872501 whose registered office is at Unit 2, Bedford Mews, East Finchley, London, N2 9DF.

• UK and EU Cookie Law: The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by subsequent regulations.

• User / you: Any third party that accesses the Website and is not either (i) employed by Resilient Wellbeing Clinic and acting in the course of their employment or (ii) engaged as a self-employed consultant or otherwise providing services to Resilient Wellbeing Clinic and accessing the Website in connection with the provision of such services.

• Therapist: Refers to the self-employed or employed psychologists/psychotherapists/counsellors who provide therapeutic services to you or your child under or in connection with the Clinic.

• Website: The website that you are currently using, https://resilientwellbeingclinic.com, and any sub-domains of this site unless expressly excluded by their own terms and conditions.

• Third Parties: Other psychological or medical practitioners (for the purposes of potential consultations and psychological therapy services), professional advisers (e.g., lawyers, accountants, bankers, auditors, insurers), IT/administration/practice management software providers, HM Revenue & Customs, regulators, and other authorities acting as processors or joint controllers.

Unless the context requires a different interpretation:

1. The singular includes the plural and vice versa.

2. A reference to a person includes firms, companies, government entities, trusts, and partnerships.

3. “Including” is understood to mean “including without limitation.”

4. Reference to any statutory provision includes any modification or amendment of it.

2. Scope of This Privacy Policy

This privacy policy applies only to the actions of Resilient Wellbeing Clinic and Users with respect to this Website and the services we offer. It does not extend to any websites that can be accessed from this Website, including but not limited to any links we may provide to social media websites.

For purposes of the applicable Data Protection Laws, Resilient Wellbeing Clinic is the “data controller.” This means that we determine the purposes for which, and the manner in which, your (or your child’s) Data is processed when you engage with our Clinic’s services or this Website. For more details on our data controller status (including the role of employed vs. self-employed therapists), please refer to Section 6 below.

3. What Information Do We Collect?

We may collect the following Data (which includes personal data) from you or your child:

• Personal identity data such as name and date of birth;

• Gender;

• Job title;

• Profession;

• Contact information such as address, email addresses, and telephone numbers;

• Demographic information such as postcode, preferences, and interests;

• Financial information such as credit/debit card numbers;

• Healthcare providers supporting you (e.g., GP/GP surgery details);

• Health insurance details (if referred by a health insurance company): referral information, authorisation for psychological services, number of sessions authorised, policy number, etc.;

• IP address (automatically collected);

• Web browser type and version (automatically collected);

• Operating system (automatically collected);

• A list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected).

We may also collect, store, and use the following “special categories” of information about you or your child:

• Health information (including any medical condition or disability) necessary for understanding if you/your child require additional support;

• Therapy records (e.g., letters, outcome measures and/or reports, summary of therapy session content).

How We Collect Data

1. Data given to us by you or your child:

o When you contact us through the Website, by telephone, post, email, or any other means;

o When you register with us and set up an account to receive our services;

o When you complete surveys that we use for research purposes (though you are not obliged to respond);

o When you make payments to us, via the Website or otherwise;

o When you select to receive marketing communications from us;

o When you use our services.

2. Data received from third parties:

o Analytics providers (e.g., Google) who may provide technical data about your usage of the site.

3. Data collected automatically:

o Some information about your visit to the Website (IP address, date, times, frequency, how you interact with content).

o Data collected via cookies, in line with your browser’s cookie settings. See Cookies.

4. How We Use Data

We may process any or all of the above Data to provide you (or your child) with the best possible service and experience when using our Website and engaging with our services. Specifically, Data may be used for:

• Internal record keeping;

• Improving our products/services;

• Booking appointments and allocating you to the most suitable practitioner;

• Notifying you of changes to appointments or our services;

• Seeking feedback on your therapy experience;

• Sending marketing materials by email (if you have not opted out or if we rely on a relevant lawful basis, see below);

• Where needed to perform or prepare to perform a contract with you or to provide the services you have requested;

• Where it is necessary for our legitimate interests (and these are not overridden by your rights and interests);

• Where we need to comply with a regulatory or legal obligation;

• For special category data (e.g., information about mental health or therapy records), we rely on Article 9(2)(h) UK GDPR (the provision of health or social care or treatment) and the relevant provisions of Schedule 1 of the Data Protection Act 2018. Explicit consent may be sought in limited circumstances (e.g., if we wish to share specific data beyond typical healthcare needs).

Our Lawful Basis for Processing

• Ordinary Personal Data: Typically processed under Article 6(1)(b) (necessary for the performance of a contract for services) or Article 6(1)(f) (our legitimate interests in running the business, scheduling appointments, etc.), ensuring such interests do not override your fundamental rights and freedoms.

• Special Category (Health) Data: Processed under Article 9(2)(h) (necessary for the provision of health care or treatment), in conjunction with Schedule 1, Part 1 of the Data Protection Act 2018.

Marketing and Newsletters

We may use your name and contact details to send you information about services or products that may be of interest, under either of these bases:

• Legitimate interests (soft opt-in): If you are an existing client or have previously enquired about our services. We will always give you the option to opt out at any time.

• Consent (opt-in): For electronic marketing in other circumstances, you must explicitly opt-in (e.g., by ticking a box). If you choose not to give or later withdraw your consent, you can still continue using our services.

You can withdraw your consent or opt out of marketing at any time by clicking “unsubscribe” in our emails or contacting us via the details in the Contact Us section.

Children’s Data

While this Website is not specifically targeted toward children, we do provide therapy services to minors. We process children’s personal data under the same lawful bases—Article 6(1)(b) or (f) and Article 9(2)(h)—but we also ensure that a parent or legal guardian consents to or authorizes therapy where required by professional and legal standards.

No Automated Decision-Making

We do not carry out automated decision-making or profiling using your (or your child’s) Data.

5. Who We Share Data With

We may share your (or your child’s) Data with:

1. Our employees, self-employed associates, agents, and/or professional advisors:

o To seek professional advice (legal, financial, etc.),

o To provide the service you requested (e.g., therapy with one of our employed or self-employed clinicians).

2. Third-party service providers (IT, practice management, payment processing) who help us run the Clinic or the Website:

o They will only process your data on our behalf for specified purposes and subject to contractual obligations that protect your data.

3. Third-party payment providers who process payments:

o To facilitate payment/refunds via the Website.

4. Relevant authorities:

o Where we have a legal, regulatory, or professional obligation to disclose (e.g., HMRC for tax purposes, ICO, courts, police in cases of risk or harm, etc.).

5. Your healthcare provider (e.g., your GP) if deemed necessary for your (or your child’s) best interest and/or you have requested this.

We may disclose your (or your child’s) personal information without your prior knowledge or consent if required by law or if there is reason to believe it will help protect you or someone else from harm (for example, safeguarding concerns).

If your referral comes via a health insurance company, we may share appointment details for billing purposes, and (if required) provide treatment update reports or progress information. Any reports that are sent electronically are sent as password-protected attachments.

6. Who Provides the Services (Employed vs. Self-Employed Therapists)

Our psychologists/psychotherapists/counsellors may be employed or self-employed. All are required to follow the regulations and ethical codes of their professional bodies (e.g., HCPC, BACP).

If your assigned therapist is employed by Resilient Wellbeing Clinic, they act under the Clinic’s data protection policies, and the Clinic (Resilient Wellbeing Ltd) remains the data controller for your therapy information. If your assigned therapist is self-employed, they are an independent data controller responsible for their own privacy policy and terms.

• Self-Employed Therapists:

When you work with a self-employed Therapist, the service is being provided by that therapist as an independent data controller. Resilient Wellbeing Clinic provides the therapy rooms, administrative support, and appointment scheduling platform but is not the direct provider of the therapeutic service.

o Any therapeutic contract is strictly between you (or your child) and the self-employed therapist.

o The self-employed therapist will have their own privacy policy and terms and conditions.

o Resilient Wellbeing Clinic does not accept liability for any loss or damage resulting from contact or therapeutic work with a self-employed therapist.

o Any complaint against a self-employed therapist should be raised directly with them or their professional regulatory body.

7. Keeping Data Secure

We use appropriate technical and organisational measures to safeguard your (or your child’s) Data, including:

• Password protection for user accounts and access to therapy notes;

• Secure servers;

• SSL encryption (typically indicated by a lock icon in the browser) for payment transactions;

• Antivirus and malware protection on devices used to store data;

• Password-protected attachments for sensitive communications, where appropriate.

If you suspect any misuse, loss, or unauthorized access of your Data, please contact us immediately at info@resilientwellbeingclinic.com.

For tips on how to protect your own data and devices, you may wish to visit https://www.getsafeonline.org/.

8. Data Retention

We will keep your (or your child’s) Data only for as long as is necessary to fulfill the purposes set out in this policy, unless a longer retention period is required or permitted by law. Typically:

• Clinical/Therapy Records: Held for 7 years after therapy ends (for adults).

• Children: Data is retained 7 years after they turn 18 (i.e., until age 25), in line with standard professional guidelines.

• Invoices and Accounting Records: Retained for 7 years to comply with HMRC requirements.

After the applicable retention period, data may be securely deleted or anonymized. Please note that data may persist in backups or archives for legal, tax, or regulatory purposes.

9. Your Rights

Under the UK GDPR, you have the following rights in relation to your (or your child’s) personal Data:

1. Right to Access: You may request copies of the personal information we hold about you. We will typically not charge a fee unless your request is “manifestly unfounded or excessive.”

2. Right to Rectification: You may request that we correct or update any inaccurate or incomplete personal information.

3. Right to Erasure (“to be forgotten”): You may request deletion of your personal information in certain circumstances. We may not always be able to comply if we have a legal obligation or a legitimate reason to retain it, but we will inform you if that is the case.

4. Right to Restrict Processing: You may request that we limit how we use your Data, in certain circumstances.

5. Right to Data Portability: You may request the transfer of your Data to another provider.

6. Right to Object: You may object to processing of your Data in certain situations (e.g., direct marketing).

7. Right to Withdraw Consent: Where we rely on consent as a lawful basis (e.g., for direct marketing), you can withdraw consent at any time without affecting the lawfulness of processing carried out before you withdrew your consent.

If you wish to exercise any of these rights, please contact us at info@resilientwellbeingclinic.com.

If you are unsatisfied with how we handle a complaint about your Data, you may contact the Information Commissioner’s Office (ICO) (the UK supervisory authority for data protection). For details, please visit https://ico.org.uk/.

It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes.

10. Transfers Outside the UK and/or European Economic Area

We may store or process some of your Data outside of the UK and/or EEA—for example, if our service provider’s servers are located elsewhere. Where such transfers occur, we ensure they are lawful (e.g., using the Standard Contractual Clauses or other legally approved mechanisms) and that your Data is protected to a standard essentially equivalent to UK/EEA data protection requirements.

11. Links to Other Websites

Our Website may, from time to time, provide links to other websites. We have no control over such external sites and are not responsible for their content. This privacy policy does not extend to your use of such sites; you are advised to review their own privacy policies.

11.1 Unauthorised Use of Business Information

All content, details, and information related to our business, including but not limited to our name, logo, products, services, images, and text, are proprietary to us. Unauthorized copying, reproduction, republishing, uploading, posting, transmitting, or duplicating of any of the material is prohibited without express written permission.

Any unauthorized listing, use, or distribution of our business information on third-party platforms or directories without our explicit consent is strictly prohibited. Offenders may be subject to legal action. We reserve the right to protect our intellectual property, reputation, and brand identity.

12. Changes of Business Ownership and Control

Resilient Wellbeing Clinic may expand or reduce our business. This may involve the sale and/or transfer of control of all or part of the Clinic. Where relevant, Data provided by Users will be transferred along with that part of the business so that the new owner or controlling party can continue to use the Data for the purposes for which it was originally supplied. We will always take steps to ensure your privacy rights continue to be protected.

13. Cookies

This Website may place and access certain Cookies on your computer. We use Cookies to improve your experience of the Website and our services. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.

We may also allow external third-party organisations to place Cookies on the Website for functionality, analytics, or other purposes. More details are set out in our Cookie Policy.

14. General

You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy, provided we reasonably believe your rights are not affected.

If any court or competent authority finds any provision of this privacy policy invalid, illegal, or unenforceable, that provision or part-provision will be deemed to be deleted, and the remainder of this privacy policy will remain in full force and effect.

No delay, act, or omission by us in exercising any right or remedy will be deemed a waiver of that right or remedy.

This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under this Agreement are subject to the exclusive jurisdiction of the English and Welsh courts.

15. Changes to This Privacy Policy

Resilient Wellbeing Clinic reserves the right to change this privacy policy from time to time, as may be required by law or our internal processes. Any changes will be posted on the Website, and you will be deemed to have accepted the revised terms upon your first use of the Website following the alterations.

Contact Us

If you have any questions or concerns about this policy or wish to exercise any of your rights, please contact us by email at:

info@resilientwellbeingclinic.com