top of page

Privacy Policy

Myndpower Limited

 

 

Privacy Policy & GDPR Consent

 

Myndpower Limited recognises the importance of protecting personal data and is committed to processing it in accordance with the UK GDPR and the Data Protection Act 2018. This document outlines how personal data is collected, used, stored, and protected.

 

 

Personal Data Collected

 

Myndpower Limited collects personal data necessary for the provision of counselling and psychotherapy services for individuals and couples. This may include:

 

  • personal identification and contact details

  • relevant health and psychosocial information

  • presenting issues

  • GP and emergency contact details (where appropriate)

 

 

Special Category Data

 

Therapy records may include sensitive personal data, including information relating to health, ethnicity, religion, sexual orientation, or other protected characteristics.

 

Processing is carried out in accordance with:

 

  • Article 9(2)(h) UK GDPR (provision of health care), and/or

  • the client’s explicit consent

 

 

Lawful Basis for Processing

 

Personal data is processed under the following lawful bases:

 

  • Contract (to provide therapeutic services)

  • Legitimate Interests (for record keeping and professional requirements)

 

 

Data Storage and Security

 

Personal data is securely stored using encrypted, password-protected systems (such as WriteUpp) and secure devices.

 

Access to personal data is restricted to authorised personnel only.

 

 

Data Retention

 

Records are retained for a period of 7 years following the conclusion of services, in line with professional and regulatory standards.

 

After this period, all data is securely deleted.

 

 

Data Sharing

 

Personal data is treated as confidential and will not normally be shared without the client’s consent.

 

Exceptions may include:

 

  • legal obligations (e.g. court order)

  • safeguarding concerns involving children or vulnerable adults

  • risk of serious harm to the client or others

  • communication with other healthcare providers (e.g. GP), where necessary

 

 

International Data Transfers

 

Where personal data is processed outside the United Kingdom, appropriate safeguards are implemented in accordance with UK GDPR.

 

 

Data Subject Rights

 

Clients have the right to:

 

  • request access to their personal data

  • request rectification of inaccurate data

  • request erasure of data (where applicable)

  • restrict or object to processing

  • request data portability

  • withdraw consent at any time (where consent is relied upon)

 

Requests will be responded to within one calendar month.

 

 

Regulatory Authority

 

Myndpower Limited is registered with the Information Commissioner’s Office.

 

ICO Registration Number: ZC108265

 

 

GDPR Consent

 

bottom of page