This Privacy Policy is subject to regular review in order to ensure we remain compliant with data protection guidance and applicable legislation. We also have a practice Confidentiality Policy which is available on our website, upon request and which will also be verbally summarised at your first Integrative Health Online session.

  1. POLICY ACCEPTANCE This Privacy Policy applies to the website https://www.integrativehealthonline.uk (“website”) and shall include all personal data processed by us through direct mail, email, telephone or social media channels. Any reference to “you” or “your” means you, the user. Your acceptance of this Privacy Policy is deemed to occur upon your first use of the website. You are required to read and accept this Privacy Policy when you engage with us.

  2. POLICY STATEMENT Integrative Health Online recognises the trust you place in us when you share personal data with us. We are committed to being open and transparent and to protecting your privacy and personal information. This Privacy and Cookie Policy (Privacy Policy) details the steps we take to protect your personal information when you visit integrativehealthonline.uk It describes the personal information that we collect, the purposes for which we use such information, and your choices regarding our use of it. Our legal status under UK data protection law is that of a data controller and in this capacity, we will securely store and process your personal information which you have provided to us. Data controller is a legal term used in the Data Protection Act 1998 (the Act) to signify the person who controls what to do with any given personal information. As data controller we have registered with the Information Commissioner’s Office and our registration number is ZB 041719.

The steps we take to protect your personal information and how you can review and correct your personal information are also covered here. By accessing our site, you are consenting to the information collection and use practices described in this Privacy Policy.

  1. WHAT PERSONAL DATA DO WE COLLECT? Personal data is any information relating to an identified or identifiable individual. It does not include data where the identity has been removed (i.e. anonymous data). We may collect, use, store and transfer different kinds of personal data about you when we engage with you. This may include: Identity Data - title, first name, last name, date of birth or similar identifiers. If you interact with us through social media, this may include your social media username; Contact Data - billing address, email address and telephone numbers; Financial Data – bank account and payment card details; Transaction Data - details about services we have provided to you; Technical Data - includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website; Profile Data – your username and password, your preferences, feedback and survey responses; Geographical Data - information setting out your primary address to control the use of location services in most mobile devices and desktop settings; Usage Data - information about how you use our website and services; Marketing and Communications Data - includes your preferences in receiving marketing from us and our third parties and your communication preferences.

  2. HOW DO WE COLLECT PERSONAL DATA? We use different methods to collect data from and about you, through: Using ‘Contact Us’ on the website and booking via our scheduling provider We collect details of a user’s name, email and phone number as well as subject and content of any message when using our online contact form to get in touch. This information enables us to communicate with our clients, suppliers and third parties and facilitates our service provision. We may process personal data on the basis of being legitimate to our business or in order to fulfil a contractual obligation in relation to our services.

Registration Personal details provided during registration on our website and booking app are processed so that we can register you and respond to your communications and send details of appointments . Data is held in preparation for entering into an agreement with you and with your consent.

Bookings Personal details provided during the booking process, either directly or by email may be processed by us on the basis of being legitimate to our business or in order to fulfil a contractual obligation in relation to our services.

Emails We retain copies of emails sent to us and any personal data will be held in accordance with this Privacy Policy on the basis of being legitimate to our business interests.

You may give us your data by filling in forms or by corresponding with us face-to-face, by post, when attending any events, training, talks or workshops we hold, or through our social media channels. This includes personal data you provide when you: register to receive our services, sign up to our mailing list, make enquiries or request information, use our services, engage with us on social media, contact us directly, or leave comments or reviews on our services.

Visits to our website When you visit our website, we do not attempt to identify you as an individual user, and we will not collect personal data about you unless you specifically provide this to us. As you interact with our website, technical data may be automatically processed through the use of Cookies, details of which are explained in our Cookie Policy below. Special categories of data We collect some special category data that is relevant to the issues you present in the course of our therapeutic services. Examples of some of the sensitive information we may gather :

We will ask you some personal details about yourself, details of your GP or next of kin, whether you have a medical diagnosis, if you are currently on medication, whether you are receiving clinical mental health treatment and whether you have had any suicidal ideation in the last 6 months. These notes enable us to provide a safe space for you with the therapist that you choose. Such information is only provided on a need to know basis.

  1. INFORMATION WE GET FROM OTHER SOURCES From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law. We may receive personal data relating to your identity and contact data from data partners and data from any third parties who are permitted by law or have your permission to share your personal data with us, such as via social media.

  2. HOW WE USE YOUR DATA UK data protection law requires us to have a “legal basis” for processing personal data. The legal bases we rely on are: Performance of a contract we are about to enter into or have entered into with you; Compliance with a legal or regulatory obligation; Carrying out activities that are legitimate to our business interests; However, generally, we shall not rely on consent as a legal basis for processing your personal data other than where the law requires it. Where our legal basis is consent, you have the right to withdraw consent any time.

At first contact

We will collect the following information in order to establish if we can provide you with therapy:

Your name Date of birth Contact information including your email address Geographic information from your postcode Other information relevant to you engaging in therapy with us, e.g. the name of your medical practice Information about any disability or communication difficulty you may have At first contact you may also choose whether or not to share with us a brief description of what is bringing you to therapy now.

What we do with the information we gather

We collect this information to understand your clinical and other needs and to provide you with a better service, and in particular for the following reasons:

Internal record keeping

To assist with clinical assessment, allocation to an appropriate therapist and for professional supervision of our work processes.

The lawful basis and purpose of holding this data is to ensure we can meet the terms for providing a contract for counselling and therapy with you.

We will also use your personal data to meet any legal obligations placed upon us – for instance when you exercise your rights to see what data we hold under data protection law or in order to meet any legal compliance placed on us; or occasions where we may be obliged to disclose information related to safeguarding children, young people and adults at risk.

Users contacting this website and/or its owners do so at their own discretion and provide any such personal data requested at their own risk. Your personal data is kept private and stored securely until a time it is no longer required or has no use.

Our legitimate interests When we use our legitimate interests as the legal basis for processing your personal data, we will consider and balance any potential impact on you and your rights before we process your personal data. We will only then proceed where we believe our interests are not overridden by the impact on you. Our legitimate interests include the management of our business operations.

  1. SHARING INFORMATION Disclosure We don’t share, sell, or distribute your data to third parties, except as contractually agreed with you or as explained in this Privacy Policy. We may disclose your personal data if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted. We may need to use your information and personal data to contact your GP or emergency contact. This will be in exceptional circumstances such as when having a duty of care or being required by law, to provide information about you. If you are a staff member of a Company purchasing our services we will not share your data or any other information with that Company. We may disclose personal data to a third party to whom we may choose to sell, transfer, or merge parts of our business or our assets.

  2. Clinical  Notes and use of online service providers e.g Zoom, Skype Therapists may keep brief handwritten notes of the sessions for their own records and must ensure that measures are taken to protect the confidentiality of clients at all times. Notes should not identify any individual client. Records must comply with the Regulations and Codes of Practice determined by a therapist’s accreditation body.

Supervision Integrative Health Online Therapists are required to have regular supervision with another professional therapist as part of their professional accreditation. Therapists do not disclose any personally identifying information about clients within supervision.

Data Processors We use Data Processors who act on our instruction in relation to the management of your personal data and where this applies, all data processors are required to confirm that they adhere to data protection law and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under the GDPR. Data Processors who provide services to Integrative Health Online include those providing therapy sessions, or other services such as workshops, groups or training events. Personal data is only collected and/or provided on a need to know basis. You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us, or as a Joint Data Controller.

Marketing We may carry out direct marketing by email, phone, text or post. We will ask for your consent to receiving marketing communications (including newsletters) when you register on the website and you have the option not to give consent and to withdraw consent given at any time. You may withdraw your consent for us to contact you by email to admin@Integrativehealthonline.uk

External links Users of the website are advised to adopt a policy of caution before clicking on any external web links. Clicking an external link will take the user away from our website. Once you leave our website or are redirected to a third-party website, plug-in or application, you are no longer governed by this Privacy Policy or our website’s terms and conditions. We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Integrative Health Online cannot be held liable for any damages, or the consequences of visiting any external links.

Reviews/Evaluation of our service We may ask for a review of our services and these may be published on our website or social media, if you give your consent for us to do so. You may withdraw your consent at any time.

  1. DATA RETENTION We keep your personal data in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required.

  2. DATA SECURITY We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. We take appropriate steps to ensure a safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any such transmission is at the sender’s own risk.

  3. DATA STORAGE AND TRANSFERS Any information including personal data that you supply to us may be stored and processed by Acuity Scheduling, Your data may be transferred in accordance with their policies and under relevant data protection law. We may transfer some or all of your data to countries outside of the EEA where such countries provide adequate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission (EC). Where data is to be transferred to a country outside of the EEA which does not offer the same level of protection as the GDPR with respect to the processing of personal data, we will ensure that the company agrees to similar levels of protection. Where we transfer data to any organisation based in the US, we may transfer data to them where they provide similar protection to personal data shared between the Europe and the US.

  4. RIGHTS OF DATA SUBJECTS Integrative Health Online recognises a data subjects rights and will uphold these in accordance with data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request. You should note that the following rights may not be absolute and may not be upheld where there is valid justification not to do so.

Subject access requests You have the right to ask for a copy of the information that we hold about you by email to admin@integrativehealthonline.uk  We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information. A fee may apply.

Right to rectification Data subjects have the right to request that personal data is amended or changed if it is inaccurate or incorrect. We act on any such request without delay.

Right to erasure Data subjects have the right to ask us to delete personal data from our systems without giving any reason and at any time. We act on any such request without delay.

Right to restrict processing

Data subjects have the right to rectification or erasure of personal data in the following circumstances:

Personal data is not accurate;

The processing of data is unlawful;

Data is required to exercise legal rights or defend legal claims;

Data is unlawful, although there may be lawful grounds for processing, which override this right.

Right to data portability

Data subjects have the right to obtain and request the transfer of their data to a different service provider.

Right to object

Data subjects have the right to object to the processing of personal data at any time based on their circumstances. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process personal data upon a legal basis.

Right not to be subject to decisions based on automated processing

Using your rights If you wish to invoke any of your rights as a data subject, you should contact us by email admin@iIntegrativehealthonline.uk. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

  1. DATA BREACHES We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that data within our control including the control of our data processors, has been compromised, or potentially compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report relevant breaches as required to the ICO, see below.

  2. CHANGES TO OUR PRIVACY POLICY We reserve the right to change this Privacy Policy at any time and users are recommended to review it frequently. Changes will take effect immediately upon their posting on the website. You will be deemed to have accepted any changes to the terms of the privacy policy when you visit the website.

  3. REPORTING COMPLAINTS If you wish to raise a concern about the use of your personal data, you can contact us by email admin@integrativehealthonline.uk 

Alternatively, you can formally raise a concern or complaint to the Information Commissioner’s Office (ICO), the UK regulatory authority for data protection: Address: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 Website:https://ico.org.uk/concerns