Privacy Policy

​

The Mindful Clinic
Last updated: 2025

This privacy notice provides you with details of how we collect and process your personal data.

​

1. How We Use Your Personal Data

The Mindful Clinic is committed to protecting your personal data. The only data we collect is that which you provide, including information submitted via referral, booking, or assessment forms.

We may use your sensitive personal data (such as health-related information) to provide our services to you, or to comply with legal obligations.
We may use your non-sensitive personal data to:
i. Register you as a new client
ii. Manage payments
iii. Collect and recover monies owed
iv. Manage our relationship with you
v. Send you information about our services

Our legal bases for processing your personal data are:

• For items (i) to (iv): Performance of a contract between you and The Mindful Clinic

• For item (v): Legitimate interest – to develop our services and grow our business

We do not share your personal information with third parties for marketing purposes.

​

2. Disclosure of Your Personal Data

We may share your personal data with the following third parties:

i. Service providers who support our IT systems and administrative operations
ii. Professional advisors (such as lawyers, auditors, insurers, or accountants)
iii. HMRC and other regulatory authorities, where required
iv. Third parties in the event of a merger, sale, or transfer of business assets
v. Other professionals directly involved in your care (e.g. GPs, therapists), or where required by your insurance provider if you are accessing therapy via insurance

All third parties with access to your data are required to respect its confidentiality and handle it in accordance with data protection law. They may only process your data under our instruction.

​

3. Data Security

We take data security seriously. We have implemented measures to prevent your personal data from being accidentally lost, accessed without authorisation, altered, or disclosed.

Access to your data is limited to those who have a legitimate business need. All personnel processing your data are subject to a duty of confidentiality.

We have protocols in place to respond to any suspected data breach. Where legally required, we will notify you and the relevant regulator of such breaches.

Where possible, we may anonymise your data for research or statistical purposes. In these cases, the data will no longer identify you and may be used indefinitely without further notice.

​

4. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or regulatory requirements.

In line with professional guidance, we typically retain client records for 7 years following the end of treatment.

You may request deletion of your data under certain circumstances – see Section 6 for details.

​

5. Your Rights

You have the right to access, correct, restrict, or erase your personal data. Full details of your rights under the UK GDPR can be found on the Information Commissioner’s Office (ICO) website:
🔗 https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you would like to submit a Subject Access Request, please contact us by email at:
📧 info@themindfulclinic.co.uk 

There is no fee for a request unless it is unfounded, repetitive, or excessive, in which case a reasonable fee may be charged, or the request may be declined.

We aim to respond within one month. If your request is complex or there are multiple requests, we will notify you of any delay, with a maximum response time of three months.

​

6. Keeping Your Data Up to Date

We aim to keep your personal data accurate and up to date. From time to time, we may contact you to confirm your details.

Please inform us of any changes (e.g. name, address, contact details) by emailing or writing to us using the contact details in Section 6.

​

7. Complaints

We are committed to protecting your personal data. If you are unhappy with any aspect of how we handle your data, please contact us so we can attempt to resolve the issue.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK regulator for data protection.
Website: https://www.ico.org.uk

​

8. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be communicated via our website or directly, where appropriate. 

​