top of page

Privacy Policy

Introduction

 

Your privacy is very important to us. You can be confident that your personal information will be kept safe and secure, and will only be used for the purpose for which it was provided. We adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

​

This privacy notice explains how we handle your personal information from your initial point of contact through to after your engagement with any of our services has ended, including:

  • Why we are able to process your information and the purposes for which we do so

  • Whether you are required to provide it to us

  • How long we store it

  • Whether we share it with others

  • Whether we transfer it outside the UK

  • Whether we engage in automated decision-making or profiling

  • Your rights under data protection law

 

If you have any questions about this notice or our data protection policy, please contact us at info@alaria.uk.

The term ‘data controller’ refers to the person or organisation that collects, stores, and is responsible for your personal data. In this case, the data controller is Dr Heather Grace Bond, who can be contacted at heather.bond@alaria.uk.

​

Our lawful basis for holding and using your personal information

 

The UK GDPR requires us to have a lawful basis for processing your personal data. These bases vary depending on the stage of your relationship with us:

  • If you are currently accessing any of our services, or are in contact with us to consider doing so, we process your personal data because it is necessary for the performance of a contract.

  • If you have completed your engagement with our services, we rely on legitimate interest as the lawful basis for holding and using your personal information.

  • For special category personal data (such as information about your physical or mental health), the lawful basis is that it is necessary for the provision of health treatment or therapeutic services (including counselling, outdoor therapeutic sessions, animal-assisted therapy, or other interventions) under a contract with a health professional.

​

How we use your information

 
Initial Contact

When you contact Alaria to enquire about our services, we collect information such as your full name, email address, and phone number, along with some general information about the support you are seeking. Alternatively, a GP, health professional, or a parent/carer may provide your details when referring you or making an enquiry on your behalf.

​

If you decide not to proceed with any of our services, we will delete your personal data within six months. If you would like us to delete it sooner, please let us know.

​

While You Are Accessing Our Services

Everything you share with us in the context of our services is treated as confidential. Confidentiality will only be broken under the following circumstances:

​

  • When your practitioner believes there is a serious risk of harm to yourself or others

  • When we cannot contact you but suspect you may be in danger (for example, if you have not been seen for several days and there are concerns for your welfare)

  • When there is a legal obligation to disclose information (e.g., a court order or statutory requirements under legislation such as the Terrorism Act 2000 or the Drug Trafficking Offences Act 1986)

 

Where possible, we will aim to discuss any need to break confidentiality with you beforehand, unless safeguarding concerns prevent this.

​

We keep records of your personal details to ensure the smooth running of all our services. These records are securely stored in our practice management system, Zanda Health, and are never shared with third parties.

​

Session notes are also securely kept within Zanda Health. For security, text messages are not retained for more than three months. If a text contains relevant information, it will be saved as an admin note in your client record before the text is deleted. Similarly, emails are deleted after three months if not important; where important, their contents are saved as an admin note before deletion.

​

After Engagement With Our Services Has Ended

We keep minimal records, including dates, times, and themes of sessions or interventions. These notes are encrypted and securely stored using Zanda Health.

​

In line with the British Association for Counselling and Psychotherapy (BACP) Ethical Framework and that of Play Therapy UK (PTUK), we ensure that all records are adequate, relevant, limited to what is necessary, and compliant with applicable data protection requirements.

  • For clients aged 16 and over, we retain records for seven years, in line with insurance requirements, after which they are securely deleted.

  • For clients under 16 at the time of accessing our services, we retain records indefinitely, as they may be needed in the event of legal proceedings, for which there is no statute of limitations.

​

Your rights

You have the right to:

​

  • Request a copy of the personal information we hold about you

  • Ask us to correct any inaccuracies

  • Request the deletion of your personal data

  • Limit or object to the processing of your data in certain circumstances

 

For more information on your rights, visit the ICO website at ico.org.uk/your-data-matters.

If we hold information about you, we will:

​

  • Provide a description of it and its source

  • Explain why we are holding it, how long we will store it, and how we made these decisions

  • State who it could be disclosed to

  • Provide a copy of the information in an intelligible format

 

To make a request, please email us at info@alaria.uk. We will respond within four weeks.

​

For parents/carers:
If we determine that your child has capacity to consent to accessing our services (usually from high school age onwards), our service contract is with your child, and they alone may access their data. While you may hold financial responsibility, you do not automatically have the right to access your child’s notes. If your child lacks capacity to consent (e.g., in Therapeutic Play), you may request to see their notes, but please note that sharing such information may not always be in your child’s best interests, as it can impact their sense of safety and confidentiality.

​

If you have concerns about how we handle your data, please email us. You may also lodge a formal complaint with the Information Commissioner’s Office (ICO) via ico.org.uk/make-a-complaint.

​

Data security

 

We take data security seriously. All client information is securely stored using Zanda Health, which uses industry-standard encryption protocols and complies fully with UK GDPR requirements.

​

Visitors to the Website

When you visit our website, we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. This helps us understand how visitors use the site so we can improve our services. The information is processed in a way that does not identify anyone. Our lawful basis for this processing is legitimate interest. You can read Google Analytics’ privacy notice here.

​

Our website is hosted by Wix.com, which stores data securely on its servers behind a firewall. Like most websites, Wix uses cookies to help the site function efficiently, including remembering user preferences.

​

If you complete a form on our website, the data will be temporarily stored on Wix’s servers before being sent to us. We delete form data stored on Wix within three months. Your data is never shared with third parties.

bottom of page