Privacy Policy

Mindful Pathways Ltd operates this website and provides mental health services. This policy describes how we collect, use, and protect personal data when you use our site or interact with our online platform. We are committed to protecting your privacy and handling your data in a transparent and responsible manner, in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The data controller responsible for your personal data is Mindful Pathways Ltd, located at 14 Park Row, Bristol, South West England, BS1 5LJ, United Kingdom.

Information We Collect

We collect information to provide and improve our services. The types of personal data we may collect include:

• **Contact Information:** Such as your name, email address, telephone number, and address when you make an enquiry, book an appointment, or sign up for our services.
• **Usage Data:** Information about how you use our site, including your IP address, browser type, operating system, pages visited, referring URLs, and the dates and times of your visits. This is collected automatically through cookies and similar technologies.
• **Service Data:** Information you provide when engaging with our counselling, therapy, assessments, or training services. This may include details about your health, psychological state, and background relevant to the services provided. We collect this sensitive data based on your explicit consent for the purpose of delivering healthcare services.
• **Communication Data:** Records of your correspondence with us, such as emails or contact form submissions.

How We Use Your Information

We use your personal data for the following purposes and under the following legal bases:

• **To Provide Services:** To deliver the mental health services you request, including scheduling appointments, providing therapy, assessments, and workshops. The legal bases for this are the necessity for the performance of a contract with you, and for processing sensitive health data, your explicit consent or necessity for the provision of health care.
• **To Communicate with You:** To respond to your enquiries, send you information about your appointments or services, and provide updates. The legal basis is performing a contract or our legitimate interests in responding to communications.
• **To Improve Our Site and Services:** To understand how our online platform is used and to make improvements to its functionality and content. The legal basis is our legitimate interests in maintaining and improving our service.
• **For Internal Operations:** To manage our business, including record keeping, administration, and internal reporting. The legal basis is our legitimate interests in running our business effectively.
• **For Security and Fraud Prevention:** To protect our site, services, and users from security threats and fraudulent activity. The legal basis is our legitimate interests in ensuring the security of our operations.
• **To Comply with Legal Obligations:** To meet our legal and regulatory requirements, such as maintaining health records or responding to lawful requests from authorities. The legal basis is compliance with a legal obligation.

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with third parties in the following circumstances:

• **Service Providers:** We may share data with trusted third-party service providers who perform functions on our behalf, such as website hosting, IT support, appointment scheduling systems, and analytics. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• **Professional Advisors:** We may share data with professional advisors, such as lawyers, accountants, or clinical supervisors, where necessary for legal, accounting, or professional practice purposes.
• **Legal Requirements:** We may disclose your information if required to do so by law, in response to a legal process (e.g., a court order or subpoena), or to protect our rights, property, or safety, or the rights, property, or safety of others.
• **With Your Consent:** We may share your information with other third parties if you have given us your explicit consent to do so, for example, when making a referral.

We take particular care when handling sensitive health data. This type of information is shared only with individuals or entities directly involved in providing your care, professional supervisors subject to confidentiality obligations, or as legally required.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. The retention period for health records is subject to specific professional and legal guidelines. When your data is no longer required, we will securely delete or anonymise it.

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• **Right to Access:** You have the right to request a copy of the personal data we hold about you.
• **Right to Rectification:** You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• **Right to Erasure (Right to Be Forgotten):** You have the right to request the deletion of your personal data in certain circumstances. Please note that we may need to retain certain information for legal or healthcare record-keeping purposes.
• **Right to Restriction of Processing:** You have the right to request that we restrict the processing of your personal data in certain situations.
• **Right to Object to Processing:** You have the right to object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
• **Right to Data Portability:** You have the right to request a copy of your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• **Rights Related to Automated Decision-Making:** You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently engage in such processing.
• **Right to Withdraw Consent:** Where we process your data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the address provided below. We may require you to verify your identity before fulfilling your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, if you are not satisfied with our handling of your request or your data.

Cookies and Tracking Technologies

Our site uses cookies and similar technologies to collect information about your usage of the site and to improve your experience. Cookies are small text files placed on your device. We use cookies for essential site functions and analytics. You can manage your cookie preferences through your browser settings. Please refer to our separate Cookie Policy for more detailed information.

Data Security

We have implemented appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, and destruction. However, no internet transmission or electronic storage method is 100% secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data may be stored and processed in countries outside the United Kingdom or European Economic Area. When we transfer your data internationally, we take steps to ensure that adequate safeguards are in place to protect your data, such as relying on adequacy decisions by the European Commission or using Standard Contractual Clauses approved by the relevant authorities.

Children's Privacy

Our services and this site are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post any changes on this page, and the updated policy will be effective immediately upon posting. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, you can contact us by writing to:

Mindful Pathways Ltd
14 Park Row,
Bristol, South West England,
BS1 5LJ,
United Kingdom