Kingfisher Clinical Psychology – Website Privacy Policy

Thank you for checking out our privacy policy.

At Kingfisher Clinical Psychology, we take our clients’ privacy seriously. We are committed to protecting your personal data and handling it in a responsible and transparent way when you use our website and our services. We want you to understand that this is a safe place to seek support, and that we operate in a highly confidential and professionally regulated environment.

This privacy policy explains how personal data is collected and processed through the use of our website and when you use our services. It should be read alongside any other privacy notices we may provide, so that you are fully informed about how and why we use your information.

Who is responsible for your data?

The data controller is Kingfisher Clinical Psychology Limited.

If you have any questions about this policy or how your data is used, you can contact us at:

Email: russell@kingfisherclinicalpsychology.co.uk

Raising a concern or making a complaint

We are committed to treating your personal data with respect, transparency and care. If you have any questions or concerns about how your data is used, we encourage you to contact us in the first instance so that we can try to resolve matters promptly and fairly.

Under the Data (Use and Access) Act 2025, you have the right to raise a complaint about how your personal data is handled.

Step 1: Email us at russell@kingfisherclinicalpsychology.co.uk with a brief description of your concern. You do not need to use legal language.

Step 2: We will acknowledge your message and respond without undue delay, usually within 10 working days.

Step 3: If you are not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

What personal data do we collect?

Personal data means any information that identifies you as an individual. Where data has been anonymised so that you can no longer be identified, it is no longer considered personal data.

We may collect, use, store and share the following categories of personal data:

  • Identity data: such as your first and last name, title, date of birth and gender.

  • Contact data: such as your address, email address and telephone number.

  • Technical data: such as your IP address, browser type and version, time zone setting, operating system and platform, and other technology on the devices you use to access our website.

  • Transaction data: such as details of payments to and from you and services purchased.

  • Usage data: information about how you use our website and services.

  • Marketing and communication data: your preferences regarding communications from us.

Special Category Data

This includes information about your health, such as medical history, medication details, psychiatric history and other relevant health information required for us to provide psychological services.

We require your explicit consent to process Special Category Data. When you submit such information, you will be asked to confirm your consent.

How do we collect your personal data?

We collect personal data in a number of ways, primarily directly from you, including when:

  • You enquire about or apply for our services

  • You complete client onboarding or assessment forms

  • You complete forms before or during appointments

  • Information is shared verbally during sessions

  • You communicate with us by email, phone, post or other means

  • You provide feedback or contact us for any reason

We also collect limited information automatically through the use of cookies and similar technologies when you visit our website. This includes technical and usage information that helps us understand how our website is used and how it can be improved. Further details are provided in our Cookie Policy.

What happens if you do not provide required data?

Where we need to collect personal data by law or under the terms of a contract with you, and you fail to provide that data when requested, we may not be able to provide our services. In such circumstances, we will inform you at the time.

How do we use your personal data?

We use your personal data for the following purposes:

  • To register you as a client

  • To provide psychological services and manage appointments

  • To process payments and issue invoices

  • To manage our relationship with you, including communicating changes to our policies

  • To administer and protect our practice and website (including troubleshooting, security, and system maintenance)

  • To use website analytics to improve our website and user experience

Lawful bases for processing

We process personal data on the following lawful bases:

  • Performance of a contract with you

  • Compliance with legal obligations

  • Legitimate interests

  • Consent (particularly for Special Category Data and for analytics cookies)

Recognised Legitimate Interests

In some circumstances, we rely on recognised legitimate interests as introduced by the Data (Use and Access) Act 2025. These include:

  • Safeguarding and professional standards

  • Preventing misuse or fraud

  • Responding to emergencies or protecting wellbeing

  • Improving accessibility and inclusion

We always carry out a balancing assessment to ensure that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests at any time.

Cookies

Our website uses cookies to help it function effectively, remember your preferences, and improve your experience.

Where analytics cookies are used, they are only placed with your consent, which you can manage through our cookie banner. Further information is provided in our Cookie Policy.

Third-party links

Our website may include links to third-party websites, tools or applications. Clicking on those links may allow third parties to collect or share data about you. We do not control those third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of any websites you visit.

Sharing your personal data

We only share your personal data where necessary and proportionate. This may include sharing data with:

  • Service providers acting as data processors who provide IT, website hosting, and system administration services

  • Professional advisers such as healthcare professionals, lawyers, accountants and insurers

  • Health insurance providers where you are referred through them, for billing and treatment administration purposes

  • Supervisors for clinical supervision, with identifying information minimised

  • GPs, social workers or other professionals, with your consent or where required for safeguarding or risk management

  • Regulators, HM Revenue & Customs, courts and other authorities where legally required

  • Debt recovery services where payment for services has not been received

All third parties are required to respect the security and confidentiality of your personal data and may only process it in accordance with our instructions.

International data transfers

We may transfer personal data outside the United Kingdom and the European Economic Area (EEA) in limited circumstances, and only where appropriate safeguards are in place.

Some service providers supporting our website and digital infrastructure operate internationally, which may involve transfers outside the UK. Whenever this occurs, we ensure that appropriate safeguards are applied, including:

  • Transfers to countries recognised by the UK as providing an adequate level of protection

  • Approved contractual protections such as Standard Contractual Clauses

  • Participation in recognised international data protection frameworks

Clinical records and practice management data are hosted on systems that store data within the European Union. Where any access or processing occurs outside the UK/EEA, this is subject to appropriate contractual and security safeguards.

Data security

We have appropriate technical and organisational measures in place to protect your personal data. Access is limited to authorised individuals who have a legitimate need to know.

In the unlikely event of a personal data breach, we have procedures in place and will notify affected individuals and regulators where legally required.

Children and young people

We are committed to protecting the privacy of children and young people. Where our services or content are used by individuals under 18, we follow the Age-Appropriate Design Code and the requirements of the Data (Use and Access) Act 2025.

This includes designing services with safety in mind, avoiding unnecessary tracking, using clear language, and obtaining parental or guardian consent where required.

Data retention

We retain personal data only for as long as necessary.

Clinical records are retained for seven years after treatment ends, or until a child client reaches the age of 25, in line with legal and professional requirements.

Basic client records are retained for six years after the end of the client relationship for tax and accounting purposes.

Initial enquiry information is deleted after four weeks if no client relationship is established.

Your legal rights

You have rights in relation to your personal data, including:

  • The right to access your data

  • The right to correction

  • The right to erasure, subject to legal limitations

  • The right to object to processing

  • The right to restrict processing

  • The right to data portability

  • The right to withdraw consent at any time

Requests can be made by emailing russell@kingfisherclinicalpsychology.co.uk. We will respond within one month, subject to verification of identity and applicable legal provisions.

Changes and contact

We regularly review this privacy policy and may update it from time to time. Any changes will be published on this page.

If you have any questions about this policy or wish to exercise your rights, please contact us using the details above.