Privacy Policy

We take the privacy rights of all clients seriously and we adopt a high standard of compliance and confidentiality when handling your data. This is the privacy notice of Dr Sarah Straughan at Mind Growth Psychology. In this document, “we”, “our”, or “us” refer to Dr Sarah Straughan at Mind Growth Psychology.

1. Purpose of this Notice
This privacy policy aims to give you information on how we collect and process your personal data through your use of our services and treatments. It is important that you read this privacy notice, so that you are fully aware of how and why we are using your data, and what data protection rights you have.

2. Data Protection Legislation
The law requires us to tell you about your rights and our obligations to you regarding the processing and control of your personal data. Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR). Dr Sarah Straughan is the data controller and is responsible for your personal data.

3. The data we collect about you

Personal Data: Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together below:

Identity data: Title, first name, last name, marital status, date of birth and gender.

Contact data: Address, email address and telephone numbers

Financial & Transactional data: Bank account details, payment card details, details of invoices issued/received, details of payments made/received

Professional data: Job title; name of business or organisation; professional credentials

Communication data: Information emailed to/from us, referrer details such as name, address, telephone number and referral reason. Details of information submitted by you through our website or social media pages, information obtained via networking, subscription and newsletter services

Contract data: Details of your contract with us

Sensitive data:

Sensitive data includes information about your health, including information about your existing and previous medical conditions, medication details, psychiatric history, and any other relevant health information to enable us to carry out our services to you. We require your explicit consent for processing sensitive data, so we will ask you to confirm your consent to this processing via the consent tick boxes on our registration form.

Special categories of data:
Special categories of data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and genetic and biometric data. It also includes information about criminal convictions and offences. We do not routinely collect this data but, it may be necessary to collect certain additional types of special category data about you during our assessment and/or therapy sessions. If so, we will ask you to confirm your consent to this processing via a consent form provided to you.

4. How we collect your data
We use different methods to collect data from you and about you including:

Direct Interactions with you: when you contact us (e.g. by phone, email, visiting my clinic rooms); when you register your interest in our services; when you use our services; when you undergo a clinical assessment or treatment; when you participate in our user research activities (e.g. provide us with feedback or respond to our questionnaires and surveys); when you network with us (e.g. provide us with your business card or contact us via our social media); when you attend webinars we organise; when you attend training events we organise

Use of our website when you use our website, and interact with us on social media; when you submit an enquiry or feedback to us or complete our survey; when you sign up to our mailing list, when you post any information or materials on website or response to emails

Automated Technologies or interactions as you interact with our website, we may automatically collect technical data. We collect this personal data by using cookies, server logs and other similar technologiesUse of our social media pages when you follow, post on, or interact with us on our social media accounts

From publicly accessible sources your website; your profiles on social media platforms (e.g., LinkedIn, Facebook, Twitter); professional networking groups and databases.

Third Parties from another organisation or professional who may have made an onward referral; doctors; clinicians; health-care professionals; hospitals; clinics; universities.

5. How and why we use your personal data
Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example: consent, contact, legitimate interests, or legal obligation. We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so:

Contract: We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to determine whether you are suitable for our services, register and set you up as a new client, provide our services to you, manage our relationship with you, provide ongoing care and support, make referrals to other organisations

Consent: We rely on consent as a legal basis for processing your personal data to register and set you up as a new client, make a video recording of you undergoing an assessment or therapy session which may form part of additional clinician training, provide our products/services to you including processing your health data, race, ethnic origin and religion data and criminal convictions and offence data where appropriate, make referrals to other organisations. Where your permission is required, we will clearly ask you for such consent separately from the body of this privacy notice. You have the right to withdraw consent by emailing us at [email protected]

Legitimate interests: We may process your personal data when we (or a third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example: to manage you as a client and our relationship with you, to deal with your enquiry unrelated to a contract which we may have with you, to measure or understand the effectiveness of services we provide to you, to improve our products, services and customer relationships, for the establishment, exercise or defence of our rights under our contract with you and/or legal claims.

Legal obligation: We may process your personal data to comply with our legal obligation. For example, to notify you about changes to our terms or privacy notice, address any complaint, comply with a request from a competent authority, to cooperate with our regulators, to deal with a dispute or complaint you may have against us.

Vital interests: We may process your personal data to comply with our vital interests. For example, to report where there is a risk to someone’s life, report any safeguarding concerns.

Public task: We may process your personal data to comply with our public task interests. For example, to provide you with our services, comply with a request from a competent authority, cooperate with our regulators, undertake any medico-legal work, deal with any risks to public health.

6. 6. Marketing
   We may send you emails about our products and services if you are our existing client (on the basis of our legitimate interests) or, if you are our prospective client, when you expressly consent to receive such marketing emails. If you subscribe to our email list, we will collect and store your name and email address.

8. This data is used to:

9. Send newsletters to inform you of new services, events, and resources

10. Market our digital products (such as online courses)

We rely on your explicit consent to send marketing communications. You may withdraw this consent at any time by clicking the “unsubscribe” link at the bottom of any email, or by contacting us at [email protected]

We use secure, GDPR-compliant third-party providers (e.g. Funnel Sketchers) to manage our email lists.

7. Website Use, Cookies & Analytics

When you visit our website, we may automatically collect certain information through cookies and similar technologies. This includes your IP address, browser type, device identifiers, and pages visited.

We use this information to:

Improve our website’s functionality and performance

Analyse user behaviour

Understand engagement with our content

Cookies can be managed through your browser settings. We may use third-party analytics tools such as Google Analytics or Meta Pixel to monitor website traffic and engagement. These tools may track anonymised visitor behaviour across our website.

8. Online Courses and Digital Products

When purchasing an online course or product via our website, we collect additional data such as:

Payment information (processed via third-party platforms like Stripe or PayPal)

Purchase history

Login credentials (for course platforms such as Teachable or Thinkific, Kartra or Funnel Sketchers)

This information is collected for the purpose of:

Delivering your product or service

Managing your account access

Providing customer support

We do not store your full payment information ourselves. All transactions are handled securely by our payment processors.

9. 9. Social Media & Public Engagement

10. We use platforms such as Instagram and Facebook to:

Share content relevant to ageing, psychology, and mental wellbeing, Engage with our community and Promote services and events

If you interact with us via social media (e.g. follow, like, comment, send a DM), your personal data (such as your name and profile) will be visible and governed by the privacy policies of those platforms. If you join our private Facebook group, we may collect and moderate comments to maintain community standards. We ask that you avoid sharing sensitive personal information in these spaces.

10. Disclosure of your personal information
We may share your information with third parties for the purposes set out in this notice.

Service providers - acting as processors who provide IT and system administration services such as Zoom, Microsoft Teams, Skype or Bilateral Base for online sessions.

Professional advisers - acting as processors or joint controllers, including healthcare professionals, lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

Regulatory authorities - such as HMRC and other authorities, acting as processors or joint controllers, based who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal and sensitive data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal and sensitive data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Please note that any transfer of sensitive data is carried out under strict security obligations on our third party service providers.

11. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

All information recorded is digitised and is stored in a secure cloud service offering high levels of security. Confidential information containing sensitive data or information will be sent by the psychologist via the internet will be encrypted and/or password protected (password sent separately by text). Letters sent to professionals such as GPs, by surface mail, will be clearly marked Confidential.

All electronic devices (e.g. computer, laptop and phone) used to access stored information will themselves be password protected and use facial recognition.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

12. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Consultation notes, questionnaires and any other clinical materials will be held for 7 years after the conclusion of our contract, in line with the British Psychological Society guidance.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes as required by UK HMRC.

In some circumstances you can ask us to delete your data; see your legal rights below for further information.

13. Children’s Data

Our services and online resources are not intended for use by individuals under the age of 18. We do not knowingly collect data from children. If we learn that we have collected data from a child without verified parental consent, we will delete that information.

14. Your rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

Access your data, Correct your data, Request erasure, Object to or restrict processing, Transfer your data, Withdraw consent

If you wish to exercise any of the rights set out above, please contact us at [email protected]

15. Complaints
We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by emailing [email protected]

The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority, in the country where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the United Kingdom is the Information Commissioner, who may be contacted at https://ico.org.uk/make-a-complaint/, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

16. Review of this privacy policy
We may update this privacy notice from time to time as necessary. If you have any question regarding our privacy policy, please contact us. The policy was last updated 2025.