Privacy Notice

Last updated: January 2026

Introduction

Your privacy matters to me. This notice explains how I collect, use, and protect your personal information when you use my services, visit my website, or interact with me in any way.

I provide psychotherapy services, wellness walks, in-person workshops, online CPD training, and therapeutic resources. This privacy notice covers all of these activities.

I follow the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and my professional codes of conduct (BACP and UKCP).

1. Who I Am

I am the data controller for the personal information you provide. This means I decide how your data is used and I am responsible for keeping it safe.

  • Name: Victoria Froome
  • Trading as: Dragonfly Psychotherapy
  • Address: Guildford Therapy Rooms, 3 Beaufort, Railton Road, Guildford, Surrey GU2 9JX
  • Phone: 07546 431 448
  • Email: victoria@dragonflypsychotherapy.co.uk
  • Website: www.dragonflypsychotherapy.co.uk
  • ICO Registration: ZB904048

If you have any questions about this notice or how I handle your data, please get in touch using the details above.

2. Why I Can Use Your Data (Lawful Basis)

Data protection law requires me to have a valid reason for processing your personal information. Depending on what we are doing together, I rely on different lawful bases:

  • Contract: When you book therapy sessions, wellness walks, or purchase resources, I process your data to provide those services to you.
  • Legitimate Interests: I keep records to meet my professional and insurance obligations, and to respond to any legal claims. I also use your data to run my practice effectively.
  • Consent: For sensitive information (such as health information shared in therapy), I ask for your explicit consent. I also ask consent before using your image in photographs or sending you marketing communications.
  • Legal Obligation: Sometimes I am required by law to share information, for example for safeguarding purposes.

3. What Information I Collect

The information I collect depends on which of my services you use.

Therapy Clients

When you come to me for therapy, I collect:

  • Your name, contact details (phone, email, address), date of birth, and emergency contact information. I also record your GP details.
  • Brief session notes about our work together. These are factual and anonymised where possible.
  • Information about your mental health and wellbeing that you share with me during our sessions. This is classed as sensitive (special category) data and I ask for your explicit consent to hold it.
  • Any correspondence between us, including emails, text messages, and messages through my website or social media.
  • If you are referred by another professional (such as your GP) or by someone you know, I may receive some information from them.

Wellness Walk Participants

When you book a wellness walk, I collect:

  • Your name, contact details, and emergency contact information.
  • Any relevant health information you choose to share that might affect your participation (for example, mobility considerations). This is sensitive data and I ask for your consent.
  • Booking and payment information.
  • Photographs taken during walks, but only with your consent. I will always ask before using any images for marketing or social media.

Please note: Initially, bookings for wellness walks are handled through the venue (East Horsley Place). Their privacy notice will apply to the booking process. Once you attend a walk, this privacy notice applies to any information I collect directly.

Resource Purchasers

When you purchase resources (such as guides, workbooks, or other materials), I collect:

  • Your name, email address, and delivery address (for physical products).
  • Payment information. I do not store your full card details – these are processed securely by my payment provider.
  • Your purchase history so I can provide customer support and, if you have opted in, let you know about related resources.
  • If you purchase through Amazon, Amazon's privacy policy applies to that transaction. I receive limited information from Amazon to fulfil your order.

Online CPD Participants

When you register for or purchase online CPD (continuing professional development) sessions, I collect:

  • Your name, email address, and professional details (such as your profession, employer, and professional registration number if you need a CPD certificate).
  • Payment information. I do not store your full card details – these are processed securely by my payment provider.
  • Records of which sessions you have completed, including dates and times. This is necessary to issue CPD certificates and to provide evidence of your learning if required by your professional body.
  • Any feedback or evaluation responses you provide.
  • Technical information about how you access the content (such as device type and viewing duration) to help me improve the learning experience.

In-Person Workshop Participants

When you book an in-person workshop or training event, I collect:

  • Your name, contact details, and emergency contact information.
  • Professional details (such as your profession, employer, and professional registration number) if you need a CPD certificate.
  • Any dietary requirements, accessibility needs, or health information you choose to share to help me accommodate you. This may include sensitive data, and I ask for your consent to hold it.
  • Payment and booking information.
  • Attendance records, which are necessary for issuing CPD certificates.
  • Photographs taken during workshops, but only with your consent. I will always ask before using any images for marketing or social media.
  • Any feedback or evaluation responses you provide.

Website Visitors

When you visit my website, I may collect:

  • Technical information such as your IP address, browser type, and which pages you visit. This helps me understand how people use the site and improve it.
  • Information you provide through contact forms or enquiry forms.
  • Cookie data (see the Cookies section below).

General Enquiries

If you contact me with an enquiry but do not go on to use my services, I keep your contact details and our correspondence for up to one month, then delete them (unless you ask me to delete them sooner).

4. How I Use Your Information

I use your information to:

  • Provide the services you have asked for (therapy, wellness walks, resources).
  • Communicate with you about appointments, bookings, and purchases.
  • Keep appropriate professional records.
  • Meet my legal, regulatory, and professional obligations.
  • Send you information about my services, but only if you have opted in to receive marketing.
  • Improve my website and services.

I do not use automated decision-making or profiling with your personal data.

5. Sensitive Information (Special Category Data)

Some of the information I collect is classed as sensitive or "special category" data under data protection law. This includes information about your physical or mental health.

For therapy clients, I need to collect this information to provide my services effectively and safely. I ask for your explicit consent to process this data when we begin working together.

For wellness walk participants, I may ask about health conditions that could affect your participation. You can choose what to share, and I ask for your consent to hold any health information you do provide.

You can withdraw your consent at any time, though this may affect my ability to continue providing services to you.

6. Young People

I work with young people aged 11 and over. When working with anyone under 18, I involve parents or guardians appropriately while respecting the young person's developing autonomy and right to confidentiality.

For young people under 13 who use my website or services, I require parental consent before collecting their personal information.

I keep records for young people until they reach the age of 25, or for seven years after our work ends, whichever is longer.

7. Confidentiality

Confidentiality is fundamental to my work. What you share with me stays between us, except in certain limited circumstances where I may need to share information:

  • If you disclose involvement in, or knowledge of, terrorism, money laundering, or drug trafficking.
  • If there is a serious risk of harm to yourself or others.
  • If there is a safeguarding concern involving a child or vulnerable adult.
  • If I am required by law or a court order to share information.

I will always try to discuss this with you first, unless doing so would put someone at risk.

I have regular clinical supervision, which is a professional requirement. I discuss my work in supervision to ensure I am providing safe and effective support. I do not share identifying information about you unless there is a safeguarding concern.

8. How I Keep Your Information Safe

I take the security of your information seriously:

  • Paper records are stored in a locked filing cabinet in a locked room.
  • Digital records are stored on password-protected, encrypted devices. I use secure, encrypted systems for client records.
  • Emails and texts: I delete text messages after one week (with any relevant information saved in your records). Unnecessary emails are deleted after one week.
  • Backups are made securely and stored in compliance with UK GDPR.
  • I use strong passwords and keep my devices and software up to date.

9. Who I Share Your Information With

I do not sell your information or share it for marketing purposes.

I may share your information with:

  • Service providers who help me run my practice, such as secure practice management software, cloud storage, website hosting, email marketing platforms, or booking systems. These providers are under strict contracts and cannot use your data for any other purpose.
  • Payment processors (such as Stripe, PayPal, or similar) who handle transactions securely.
  • Professional advisers such as accountants or lawyers, where necessary.
  • Regulatory bodies or government agencies, if required by law.

Some of my service providers may be based outside the UK. Where this is the case, I ensure appropriate safeguards are in place to protect your data, such as using providers who are certified under approved data protection frameworks or who have signed standard contractual clauses.

10. How Long I Keep Your Information

I only keep your information for as long as I need it:

  • Therapy records: Seven years from the end of our work together. If you were under 18 when we finished, I keep records until you reach 25 or for seven years, whichever is longer.
  • Wellness walk records: Seven years from the date of the walk, in line with insurance requirements.
  • Resource purchase records: Six years after the transaction, for tax and accounting purposes.
  • CPD records: Six years after the session, to allow you to evidence your learning to professional bodies and for tax purposes.
  • Workshop records: Six years after the event, to allow you to evidence your learning to professional bodies and for tax purposes.
  • General enquiries: One month if you do not proceed with services.
  • Marketing preferences: Until you unsubscribe, plus a record of your opt-out to ensure I respect your wishes.

After these periods, I securely delete or destroy your information.

11. Your Rights

You have rights over your personal information. You can:

  • Access the information I hold about you.
  • Correct any inaccurate or incomplete information.
  • Request deletion of your information in certain circumstances.
  • Restrict how I use your information.
  • Object to certain types of processing.
  • Request a copy of your information in a portable format.
  • Withdraw consent at any time (where I am relying on consent to process your data).

To exercise any of these rights, please contact me using the details at the top of this notice. I will respond within one month.

You also have the right to complain to the Information Commissioner's Office (ICO) if you are unhappy with how I handle your data. Their website is www.ico.org.uk. I would be grateful if you contacted me first so I can try to resolve any concerns.

12. Marketing Communications

I will only send you marketing information (such as newsletters, updates about new resources, or information about events) if you have specifically opted in.

You can unsubscribe at any time by clicking the unsubscribe link in any email, or by contacting me directly.

If you have previously purchased resources from me, I may send you information about similar products or services, but you can opt out at any time.

13. Cookies

My website uses cookies, which are small files stored on your device that help the site work properly.

  • Essential cookies: These are necessary for the website to function. They do not collect personal information about you. My site currently uses only essential cookies and does not use analytics or other non-essential cookies.

You can control cookies through your browser settings. If I introduce analytics or other non-essential cookies in future, I will ask for your consent before they are placed on your device, and I will update this notice accordingly. You can opt out of Google Analytics at any time at tools.google.com/dlpage/gaoptout.

14. Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, I will inform the ICO within 72 hours and will notify you as soon as possible.

15. Links to Other Websites

My website may contain links to other websites. I am not responsible for the privacy practices of other sites. I encourage you to read the privacy notice of any website you visit.

16. Changes to This Notice

I may update this privacy notice from time to time. The date at the top shows when it was last updated. For significant changes, I will let you know directly where possible.

17. Questions and Concerns

If you have any questions about this notice, or if you want to exercise any of your rights, please contact me:

  • Email: victoria@dragonflypsychotherapy.co.uk
  • Phone: 07546 431 448
  • Post: Dragonfly Psychotherapy, Guildford Therapy Rooms, 3 Beaufort, Railton Road, Guildford, Surrey GU2 9JX

Thank you for taking the time to read this privacy notice. I want you to feel confident that your information is safe with me.