GDPR Privacy Policy

Last updated April 2026

I am Amy, Founder of The Reconnected Self. As the person who determines how your data is used, I act as the Data Controller for all personal information I hold about you.

You can contact me at: amy@thereconnectedself.com

I am registered with the Information Commissioner's Office (ICO) as a data controller, as required by law. My ICO registration number is: ICO:00013660920. You can verify this at ico.org.uk.

Because of the services I provide the information I hold about you may relate to your mental health and emotional wellbeing. Under UK GDPR, this is classified as Special Category Data (Article 9), which carries a higher level of legal protection than ordinary personal data.

I process this data under Article 9(2)(h) of the UK GDPR, that is, for the purposes of the provision of health and social care treatment, together with Schedule 1, Part 1 of the Data Protection Act 2018, and subject to my professional duty of confidentiality.

For your contact details (email and phone number), my lawful basis is Article 6(1)(b) processing necessary for the performance of a contract as these are needed to arrange and administer your sessions.


I understand how important your privacy is. I take care to maintain your confidentiality in accordance with current data protection laws (GDPR, 2018).

In order to provide you with the best service possible, I will hold your personal contact details and records of your sessions. Please find below important information about how this information will be held and used.

Your personal information

I will only collect and store your personal data on a password protected laptop. At the point of booking your initial consultation with me, you will be asked for some personal contact information, but I will not ask for your address or date of birth, only your email  and phone number.

This personal contact information will be held for the duration of your sessions after which it will be deleted from the files.

Please note that I will need to keep a record of your name and notes from your sessions for up to 7 years after we have finished the work. After that I will delete your files.

I will never pass on your contact details to any third party organisations for the purposes of sales, marketing or research and will never use your personal data for any purposes other than the administration of the service I am providing to you i.e. to arrange, cancel and rearrange appointments and collect payment for sessions.

Please note that your retention period is not based on consent alone. I retain records for the reasons above even if you withdraw consent, as this is necessary to fulfil my professional and legal obligations.

If you are under 18, records will be retained until you reach the age of 25, or for 7 years from the end of our work together, whichever is longer.

Your sessions

Everything that you discuss with me is confidential. Confidentiality will only be broken if there is concern about your safety or the safety of someone else or if I am instructed to do so by a Court of Law. I will always endeavour to speak to you about this first.

During remote working I will ensure that I am conducting online and telephone sessions in a quiet, private and confidential setting. I have selected a video calling platform that offers end to end encryption to ensure maximum privacy. Please note however that I cannot be held responsible for any breaches that occur due to failures in this technology.

I keep notes of each session. These notes are for my use only and help to keep a track of everything that is being discussed. These notes will be kept securely for up to seven years after your sessions comes to an end. After this time, they will be confidentially destroyed.

If your sessions are paid for or arranged via a third party, (e.g. your employer, a friend, or a family member), other than payment requests, invoices or receipts your counselling information will not be shared. Details about what is discussed in your sessions will remain confidential between us. Any other information can only be shared if you provide your written consent.

For course participants, I use Kajabi to host and deliver course content. Kajabi acts as a data processor on my behalf and may store your data on servers outside the UK. This is covered by appropriate safeguards including Standard Contractual Clauses. You can view Kajabi's privacy policy at kajabi.com.

Your communications with me

My email is provided by Google Workspace, which acts as a data processor on my behalf. Emails are encrypted in transit and at rest in line with Google Workspace's security standards. Only I have access to emails you send me.

All phones, tablets and laptops used to respond to your emails are encrypted, fully protected with anti-virus software and password protected.

Data Usage

I will only use your email address and telephone number to contact you about your appointments. I may also contact you directly via email or WhatsApp in order to share information with you that is pertinent to your therapeutic process.

Your phone number may also be used to issue appointment reminders via text message or WhatsApp.

Your rights

Any personal data retained by me is kept in accordance with the GDPR, 2018.

Under these guidelines you have the following rights

  1. The right to request access to your data

You can request to view the information that I hold about you (contact details, appointment logs etc.) at any time. If during your sessions you would like to see your session notes, please let me know. Should you require a copy of your notes after your sessions have come to an end you can make this request by emailing amy@thereconnectedself.com  I will respond within one calendar month.

1.The right of rectification

At any point during your time using my service or during the seven years thereafter, while I retain your records, you have the right to request amendments to your contact details or session notes. This right can be exercised either by speaking directly to me or by contacting me in writing.

2.The right to be forgotten

You can request that I delete and confidentially destroy the information that I hold about you and your sessions at any time. This request can be made by contacting me at amy@thereconnected.self.com.

Instances where I would not be able to comply with your request are as follows:

  1. a) It is necessary for me to retain these records in order to continue providing an effective service

  2. b)I am compelled to retain these records by a Court of Law

  3. c) I require these records in order to establish, exercise or defend legal claims

3.The right to object

You have the right to object to my processing of your personal data in certain circumstances. Please contact me to discuss this.

4. The right to restrict processing

In certain circumstances, you may ask me to restrict how I use your data while a concern is being resolved.

Consent

When you book your first session with me, you agree to the storage and processing of your personal data for the purposes of providing therapeutic services.

You are entitled to withdraw this consent at any time and can do so by emailing me at amy@thereconnectedself.com

Withdrawing consent does not affect the lawfulness of any processing carried out before your withdrawal, and I may need to retain certain records afterwards for the reasons set out above.

Breaches of data protection

In the event of any breach of my data protection policies, I will notify you within 72 hours and will seek to rectify this immediately.

Raising concerns

Should you have any concerns about my data protection practices, you can raise these directly with your me. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator: ico.org.uk Helpline: 0303 123 1113

This policy is reviewed at least annually, or whenever there are significant changes to my practice or to data protection law. The current version date is shown at the top of this document.