Outsider Therapy

Privacy Policy

1. Introduction

Outsider Therapy (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR).

2. Personal Data We Collect

We may collect and process the following personal data:

  • Personal identification information (e.g., name, date of birth)
  • Contact information (e.g., address, email address, phone number)
  • Health information (e.g., medical history, therapy notes)
  • Payment information (e.g., bank details)

3. Purpose of Data Processing

We use the collected data for the following purposes:

  • To provide therapy services
  • To manage client relationships
  • To process payments
  • To comply with legal obligations

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Your consent
  • The necessity to fulfill a contract
  • Compliance with a legal obligation
  • Our legitimate interests

5. Data Storage and Security

We store your data securely using Google Workspace, including for email and note-taking. If a device which is logged into Google Workspace is lost or stolen we can log out of that device remotely.  All devices which access Google Workspace use two-factor authentication. 

As this therapy is conducted through video conferencing technology, we encourage clients and potential clients to ensure that their firewalls and IT security systems are up to date. 

6. Data Sharing

We do not share your personal data with third parties except:

  • With your consent (ie. If we agree to write to your GP)
  • If required by law (ie. if there is a court order)
  • If there is an active risk to someone’s safety 
  • If there you provide information about the commission of terrorist acts.
  • With service providers who assist us in our operations (e.g., IT support) and who are bound by confidentiality agreements

7. Data Retention

We retain personal data for seven years after a client has finished working with us. Once data is no longer needed, we will securely delete or anonymize it.

8. Your Rights

Under GDPR, you have the following rights:

  • Access to your personal data
  • Correction of inaccurate data
  • Erasure of your data
  • Restriction of processing
  • Data portability
  • Objection to processing

To exercise your rights, please contact us at cee@outsidertherapy.com.

9. Data Breaches

In the event of a data breach, we will notify affected clients and the relevant authorities as required by GDPR. 

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on our website and, where appropriate, by notifying you directly.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at cee@outsidertherapy.com.