Privacy policy

This privacy policy explains how Anchor Point Psychotherapy Ltd (“the Company”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. Anchor Point Psychotherapy Ltd is committed to protecting your privacy and handling your personal information lawfully, fairly, and transparently.

Anchor Point Psychotherapy Ltd is the data controller responsible for your personal data. The Company is operated solely by its director, Dr Magdalena Marczak, who is currently the Company’s only employee and is responsible for all personal data processing activities carried out on behalf of the Company. The Company is registered with the UK Information Commissioner’s Office (ICO) under registration number ZC073565.

1. Personal Data Collected

Personal data means any information capable of identifying an individual. It does not include anonymised data.

Communication Data

This includes any communication you send through the website contact form, email, telephone, or other direct communication methods. When you submit an enquiry through the website: your information is processed securely in order to record and manage your enquiry; notification emails may be generated; an automated confirmation email may be sent to you; and enquiry data is stored securely within the Company’s private Google Workspace environment.

Lawful basis: Article 6(1)(b) UK GDPR – taking steps at your request prior to entering into a contract. Article 6(1)(f) UK GDPR – legitimate interests in securely and efficiently managing enquiries and communications.

Client Data

This includes information required to provide psychotherapy services, such as:

  • name;
  • contact details;
  • appointment information;
  • billing or invoicing information.

Lawful basis: Article 6(1)(b) UK GDPR – performance of a contract for the provision of psychotherapy services

Website Usage Data

This includes technical and analytical information about how visitors use the website. This data is used to:

  • maintain website security;
  • improve website functionality and performance;
  • administer online services;
  • maintain backups and system integrity.

Lawful basis: Article 6(1)(f) UK GDPR – legitimate interests in operating, securing, and improving the website and business systems.

2. Special Category Data

In order to provide psychotherapy services, the Company processes special category personal data, including:

  • information relating to mental and emotional wellbeing;
  • therapy notes;
  • health-related information;
  • personal history and life circumstances;
  • GP or healthcare professional details where relevant.

This information is processed only where necessary to provide psychotherapy services safely and appropriately.

Lawful Bases for Processing:

Article 6 UK GDPR

  • Article 6(1)(b): performance of a contract.

Article 9 UK GDPR

  • Article 9(2)(a): explicit consent.
  • Article 9(2)(h): provision of health or social care or treatment.

Purposes of Processing

Special category data may be processed to:

  • assess whether services are appropriate;
  • provide psychotherapy treatment;
  • maintain clinical records;
  • communicate regarding appointments and treatment;
  • meet legal, professional, insurance, and regulatory obligations;
  • manage risk and safeguarding concerns where necessary.

Confidential information is not disclosed to third parties without your consent unless there is a legal, ethical, or safeguarding obligation to do so.

3. Website Analytics and Cookies

This website uses Cloudflare Web Analytics and Cloudflare Pages Analytics to monitor website performance, reliability, and security. These analytics services are designed to be privacy-focused and do not use advertising cookies or cross-site behavioural tracking.

Technical Data Processing

Cloudflare may process limited technical connection data, including:

  • IP addresses; browser information;
  • device type;
  • approximate geographic region.

The Company only receives aggregated and de-identified analytical information.

Strictly Necessary Cookies

Cloudflare may place essential technical cookies on your device to:

  • protect the website from malicious traffic;
  • improve website reliability;
  • manage network performance.

These cookies are considered strictly necessary for the operation and security of the website and do not require consent under applicable UK privacy laws.

Lawful basis: Article 6(1)(f) UK GDPR – legitimate interests in website security, performance monitoring, and reliable service delivery.

4. Data Storage and Security

Appropriate technical and organisational measures are used to protect personal data against unauthorised access, loss, misuse, or disclosure. Security measures include:

  • encrypted and password-protected systems;
  • strong password policies;
  • two-factor authentication;
  • secure cloud-based storage environments;
  • restricted access to personal data.

As Anchor Point Psychotherapy Ltd is operated solely by its director, access to personal data is ordinarily limited to Dr Magdalena Marczak alone. In limited circumstances, trusted technical service providers may be granted restricted access where necessary to maintain website systems or IT infrastructure. Any such access is subject to confidentiality and data protection obligations.

Payment information is processed via direct bank transfer. The website does not store payment card details.

5. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including legal, professional, regulatory, and insurance requirements.

Enquiry Data

Enquiries that do not proceed to services are generally retained for approximately 3 to 6 months before secure deletion.

Clinical Records

Clinical records are generally retained for 7 years following the end of therapy, unless a longer retention period is required by law, safeguarding obligations, insurance requirements, or professional guidance.

Data is securely deleted or destroyed when no longer required.

6. Third-Party Service Providers

The Company uses trusted third-party service providers to support business operations, including:

  • website hosting, security, and analytics providers (such as Cloudflare);
  • cloud-based email and productivity services (such as Google Workspace);
  • professional IT and website maintenance providers where required.

All third-party providers are required to process personal data in accordance with applicable data protection laws and appropriate contractual safeguards.

Personal data is never sold or used for marketing purposes.

7. International Transfers

Some service providers used by the Company may process personal data outside the United Kingdom. Where international transfers occur, appropriate safeguards are implemented in accordance with UK GDPR requirements, including:

  • UK adequacy regulations;
  • International Data Transfer Agreements (IDTAs); or
  • Standard Contractual Clauses (SCCs).

These safeguards are intended to ensure that personal data receives an equivalent level of protection.

8. Your Rights

Under UK GDPR, you have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request erasure of your data where applicable;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • request transfer of your data to another provider;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with the Information Commissioner’s Office (ICO).

Please note that withdrawing consent may affect the Company’s ability to provide psychotherapy services safely and appropriately.

9. Contact

If you have any questions about this privacy policy or how your personal data is handled, you may contact Anchor Point Psychotherapy Ltd by email or through the website contact form.

10. Changes to This Privacy Policy

This privacy policy may be updated from time to time to reflect legal, technical, or operational changes. The latest version will always be available on the website.