Privacy policy

I, Dr Magdalena Marczak, am committed to protecting your personal data. This policy explains how I handle information collected via Anchor Point Psychotherapy in accordance with UK data protection laws (UK GDPR). I am registered with the UK’s Information Commissioner’s Officer, registration number ZC073565.

1. What data do I collect about you, for what purposes and on what grounds do I process it (for all clients accessing my services)?

I collect information that you provide via the contact form, email, or telephone. Personal data means any information capable of identifying an individual. It does not include anonymised data. I may process the following categories of personal data about you:

  • Communication data includes any communication that you send to me, whether that be through the contact form on my website, through email, text, social media messaging, social media posting, or any other communication that you send me. I process this data for the purposes of communicating with you, for record keeping, and for the establishment, pursuance, or defence of legal claims. My lawful ground for this processing is the performance of a contract between you and me and/or taking steps at your request to enter into such a contract.
  • Customer data includes data relating to any purchases of goods and/or services, such as your name, title, billing address, email address, phone number, and contact details. I process this data to supply the goods and/or services you have purchased and to keep records of such transactions. My lawful ground for this processing is the performance of a contract between you and me and/or taking steps at your request to enter into such a contract.
  • User data includes data about how you use my website. I process this data to operate my website and ensure relevant content is provided to you, to ensure the security of my website, to maintain backups of my website and/or databases, and to enable publication and administration of my website, other online services, and business. My lawful ground for this processing is my legitimate interests, which in this case are to enable me to properly administer my website and my business.

2. How do I measure website traffic?

To improve the user experience and ensure the security of this website, I use Cloudflare Web Analytics and Cloudflare Pages Analytics. These services provide me with aggregated information about how many people visit the site, which pages are most popular, and which countries visitors are coming from.

  • Privacy-first: Unlike traditional tracking (such as Google Analytics), the analytics used on this site do not use cookies to track your behaviour across other websites or create a persistent profile of you. They do not store any files on your device for tracking purposes.
  • De-identified & aggregated data: While Cloudflare processes connection data (such as IP addresses) to defend against bots and determine general location, this data is de-identified. I only have access to aggregated statistics and cannot identify individual visitors from this information.
  • Security & functionality (strictly necessary cookies): Cloudflare may place technical cookies on your device to protect the website from malicious “bot” attacks and to manage traffic during high-load periods. These ensure that the site remains secure and stable for legitimate users. Because these are essential for the security and basic operation of the site, they are exempt from consent requirements under UK privacy laws.

Lawful ground for processing: My lawful ground for this processing is Legitimate Interests, which is to monitor the performance of my website, protect it from security threats, and ensure I am providing relevant information to prospective clients.

3. How do I collect and manage sensitive data (for clients accessing my services)?

In order to deliver my services to you, I need to collect special categories of personal data which is classified as sensitive data:

  • Special personal data such as sensitive personal information about your difficulties, relationships, medical history, life events, and criminal/forensic history if appropriate.
  • Health data such as GP details, medical health insurance provider and other relevant health and social care support agencies, and therapy notes from my sessions.

My lawful ground for processing this type of sensitive data is explicit consent and the performance of a contract between you and me and/or taking steps at your request to enter into such a contract. This is so I can:

  • Respond to your enquiries and consult with you on whether my services are most appropriate for your difficulties.
  • Provide psychotherapy services (online or in person).
  • Maintain professional records required by UK law and the BABCP.
  • Invoice for the services rendered.
  • Communicate (when necessary and agreed with you) with relevant third parties to support your treatment and manage risks. I agree not to disclose confidential information about you to a third party without your consent unless I am required by law.

4. How do I store and secure data?

  • Clinical records: Stored securely using encrypted systems.
  • Retention: In accordance with UK clinical guidelines and insurance requirements, records are typically kept for seven years before secure destruction.
  • Payments: Handled via direct bank transfer; I do not store your bank details on this website.

5. What are your rights?

Under the UK GDPR, you have the right to access, update, or request the deletion of your data. For any concerns regarding how your information is handled, please contact me directly. I am registered with the Information Commissioner’s Office (ICO).

6. How can you contact me?

If you have any questions about this privacy policy, please get in touch with me through my contact form.