← Back to home
Privacy Notice: alma therapy
1. Independent Practice & Data Control
Alice Wheeler is an independent counsellor and psychotherapist whose sole trading business is alma therapy.
Alice Wheeler is the independent Data Controller for alma therapy. This means she is solely responsible for protecting, storing, and managing your personal information and clinical therapy records.
Data Protection Registration: Alice Wheeler is officially registered with the Information Commissioner’s Office (ICO) under registration number: ZB620971.
2. How Your Data Is Safely Handled
To ensure the absolute confidentiality of your therapeutic journey, alma therapy maintains the following security measures regarding how your contact information and clinical records are processed and stored:
- Anonymised Record Keeping: Brief, factual clinical notes of your therapy sessions. To maximise privacy, these notes contain no identifying personal details (such as your name or address) and are linked solely to a unique client code.
- Secure Digital Storage: All electronic client records, contact details, and session notes are stored on a dedicated computer that is fully password-protected and encrypted.
- Controlled Access & Clinical Will: No other therapist or third party has day-to-day access to the computer or clinical files. Your information is accessed exclusively by Alice Wheeler for the sole purpose of providing your care.
- Emergency Exception (Clinical Will): In accordance with professional ethical frameworks, Alice Wheeler maintains a Clinical Will. In the event of her sudden incapacitation, serious illness, or death, a designated and professionally bound Clinical Executor will be granted secure, emergency access to your contact details. This is strictly so that you can be notified compassionately and supported in finding alternative care. The Clinical Executor is bound by the same strict rules of professional confidentiality.
- Third-Party Scheduling (Calendly): This practice uses Calendly to manage appointment bookings. When you schedule a session, Calendly collects your name, email address, and appointment time.
- Data Processing & Security: Calendly acts as a secure Data Processor under a strict Data Processing Addendum (DPA) that complies fully with UK data protection laws.
- International Transfers: Calendly securely stores this data on encrypted cloud servers located in the United States. This international transfer is fully protected and legalized under standard statutory contractual safeguards (the UK Addendum to the Standard Contractual Clauses). Calendly does not have access to your clinical therapy notes.
3. Subject Access Requests (SAR)
You have a legal right to request a copy of the personal data and therapy notes held about you.
- Submit Directly: To request your records, please email Alice Wheeler directly at almatherapy.counselling@gmail.com.
- Identity Checks: Alice will securely verify your identity before releasing any sensitive clinical records to protect your confidentiality.
- Proportionate Searches: In line with the Data (Use and Access) Act, searches for your information will be reasonable and proportionate to your request.
- The “Stop the Clock” Rule: Under UK law, Alice has one calendar month to fulfil your request. However, if clarification or further information is required from you to complete the search safely, this statutory timer will be paused (“stopped”) and will only resume once you provide the necessary details.
4. Data Protection Complaints Procedure
Under the Data (Use and Access) Act, you have an explicit right to make a formal complaint if you believe your personal data has been handled incorrectly.
Any data complaints must be sent directly to Alice Wheeler via email at almatherapy.counselling@gmail.com. Alice will personally manage this mandatory statutory process:
- 30-Day Acknowledgement: You will receive a formal written acknowledgement of your complaint within 30 calendar days.
- Investigation: Alice will independently investigate your concern thoroughly and without undue delay.
- Written Outcome: You will receive a comprehensive written response detailing the outcome and any actions taken.
If we are unable to resolve your data concern together, you have the right to escalate the matter directly to the UK's data protection regulator, the Information Commissioner’s Office (ICO), quoting the registration number listed in Section 1. You can contact them via ico.org.uk/livechat or by calling 0303 123 1113.