THERAPEUTIC FITNESS
  • Home
  • Dr Joanne Lacey
  • Specialities
  • Prices
  • FAQ
  • Contact
THERAPEUTIC FITNESS
  • Home
  • Dr Joanne Lacey
  • Specialities
  • Prices
  • FAQ
  • Contact

Privacy Policy

  

Privacy Notice

1. Introduction

This privacy notice explains how I collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I am committed to protecting your privacy and handling your data in a lawful, transparent, and secure way, in line with British Association for Counselling and Psychotherapy (BACP) ethical guidelines.

2. Data Controller

Name: Joanne Lacey
Practice name: Therapeutic Fitness
Email: appointments@therapeuticfitness.co.uk

I am the data controller for the personal data you provide.

3. What Personal Data I Collect

I may collect and process the following types of personal data:

a) Personal and Contact Information

  • Name
  • Email address
  • Phone number

b) Therapy-Related Information (Special Category Data)

  • Brief anonymised notes of Information shared during therapy sessions
  • Relevant health, wellbeing, or personal history shared by you

c) Administrative and Technical Data

  • Appointment dates and times
  • Correspondence (emails, messages)
  • Online session details (e.g. Zoom meeting links)

I only collect data that is necessary for providing therapy and managing the practice.

4. Lawful Basis for Processing

Under UK GDPR, the lawful bases I rely on are:

  • Article      6(1)(b) – Processing is necessary for the performance of a contract      (providing therapy services)
  • Article      6(1)(c) – Compliance with legal obligations
  • Article      6(1)(f) – Legitimate interests (practice administration and safeguarding)

For special category data:

  • Article      9(2)(h) – Provision of health or social care
  • Article      9(2)(a) – Explicit consent (where required)

5. How Your Data Is Used

Your data is used to:

  • Provide counselling or psychotherapy services
  • Arrange and manage appointments
  • Communicate with you about your therapy
  • Maintain accurate clinical and financial records
  • Meet legal, ethical, and professional obligations

Your data is never sold or used for marketing purposes.

6. Online Services Used

Zoom (Online Therapy Sessions)

I use Zoom Healthcare to deliver online therapy sessions. Zoom processes limited personal data (such as your name and email address) to facilitate video calls.

Zoom acts as a data processor and is GDPR-and DTAC healthcare delivery compliant. Sessions are not recorded unless explicitly agreed in advance with your written consent.

Calendly (Appointment Booking)

I use Calendly to book initial consultations only. Calendly collects your name, email address, and appointment details for booking purposes only.

Calendly is GDPR-compliant and acts as a data processor on my behalf.

Both services store data on secure servers and use encryption.

7. Confidentiality and Data Sharing

All therapy sessions are confidential. Your data will not be shared without your consent except in the following limited circumstances:

  • If there is a serious risk of harm to you or others
  • If required by law (e.g. court order)
  • With professional supervisors (anonymised)
  • With the professional executor appointed to contact you if exceptional      circumstances (my death or other life critical emergency) mean that I can no longer work. This contact requires your permission. 

Any disclosure will follow BACP ethical guidance.

8. How Your Data Is Stored and Protected

  • Electronic records are stored on password-protected, encrypted devices or secure platforms
  • Paper records are stored in locked storage
  • Emails and digital communications are kept secure
  • Only I have access to your identifiable data
  • With the exception of a password protected contact list for people who have      given permission to be contacted by the executor. 

I take reasonable steps to protect your data from loss, misuse, unauthorised access, or disclosure.

9. How Long Your Data Is Kept

In line with BACP guidance and the terms of my insurance, I retain therapy records for 7 years).

After this period, data is securely deleted or destroyed.

10. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure of your data (where applicable)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent (where consent is the legal basis)

To exercise your rights, please contact me using the details above.

11. Complaints

If you are concerned about how your data has been handled, please raise this with me in the first instance.

You also have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk

12. Updates to This Privacy Notice

This privacy notice may be updated from time to time to reflect legal or practice changes. The most recent version will always be available upon request or on my website.

Last updated: [29.01.2026]

Copyright © 2026 THERAPEUTIC FITNESS - All Rights Reserved.

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept