Privacy Policy

Settled Self Therapy | Kate Hodsdon

Last reviewed: June 2026

Introduction

Your privacy is very important to me. I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I am Kate Hodsdon, trading as Settled Self Therapy (sole trader). I am the data controller for the purposes of this notice. I am registered with the Information Commissioner’s Office (registration number CSN7859390).

You can contact me via the form at settled-self.com/contact

This privacy notice tells you what I will do with your personal information from initial point of contact through to after therapy has ended, including why I am able to process it, how long I store it, whether there are other recipients of your information, and what your data protection rights are.

The Bases on Which I Process Information About You

The law requires me to determine under which basis I process different categories of your personal information.

1. Information I process because we have a contract

When you engage with me for therapy, I process your personal information on the basis that there is a contract between us. This includes special category data (information relating to your mental health) which I process under Article 9 of the UK GDPR, as it is necessary for the provision of health treatment.

2. Information I process with your consent

When you contact me via the form on settled-self.com/contact, sign up to my newsletter, or download a free resource, you are giving your consent for me to process the information you provide. You may withdraw this consent at any time by contacting me via settled-self.com/contact.

3. Information I process for legitimate interests

Once therapy has ended, I will retain your records on the basis of legitimate interest, for the proper administration of my practice and to comply with my obligations as a BACP-registered therapist.

4. Information I process due to a legal obligation

There are circumstances where I am legally required to process or share your information, for example if required by a court order or for safeguarding purposes.

How I Use Your Information

Initial contact

When you contact me via the form at settled-self.com/contact, sign up to my newsletter, or register to download a free resource, I collect the information you provide to respond to your enquiry or send you relevant content. If you decide not to proceed with therapy, I will delete your personal data within 28 days. If you would like me to delete it sooner, please let me know via the contact form.

During therapy

Everything you discuss with me is confidential. That confidentiality will only be broken if I believe there is a risk to your life or the life of another person, or if I am required to do so by a court of law. I will always try to speak with you about this first unless safeguarding concerns prevent this.

I keep written records of our sessions digitally. For your privacy, your identifying contact details are stored separately from your session notes and any administrative records such as payments or cancellations. No single file contains both your name and your session content.

After therapy ends

Once therapy has ended your records will be kept for 7 years in line with BACP guidance, after which they are securely deleted. If you would like me to delete your records sooner, please contact me via settled-self.com/contact.

Third Party Recipients of Personal Data

I use a small number of trusted third-party services to run my practice and website. These are listed below:

Squarespace - hosts my website and contact form. Your data is transmitted securely via their platform. Squarespace’s privacy policy applies to data processed through their systems.

Mailchimp - if you sign up to my newsletter, register to download a free resource, or make contact via the website, your name and email address are stored with Mailchimp for the purpose of sending you updates and relevant content. You can unsubscribe at any time via the link in any newsletter or email.

Google Analytics - I use this to collect anonymous, aggregate data about how visitors use my website. This is governed by Google’s privacy policy.

Google Meet - if we conduct sessions online, these take place via Google Meet. Google’s privacy policy applies to data processed through their platform.

I do not sell or share your personal information with any other third parties.

Your Rights

Under UK GDPR you have the following rights regarding your personal data:

The right to access - you can request a copy of the personal information I hold about you at any time.

The right to correction - you can ask me to correct any inaccurate or incomplete information I hold about you.

The right to erasure - you can ask me to delete your personal information, subject to my legal obligations to retain certain records.

The right to restrict processing - you can ask me to limit how I use your personal information.

The right to object - you can object to me processing your personal information in certain circumstances.

The right to withdraw consent - where I process your data on the basis of consent, you can withdraw that consent at any time.

To exercise any of these rights, please contact me via settled-self.com/contact. I will respond within 30 days.

If you are unhappy with how I have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office at ico.org.uk/concerns.

Data Security

I take the security of your personal data very seriously. The following measures are in place to keep your information safe:

•       All devices and files are protected by Apple’s Face ID biometric authentication

•       All accounts (Google, Mailchimp, Squarespace) are secured with two-factor authentication via my mobile phone

•       Client folders have an additional password protection layer, meaning there are three separate access controls before any client data can be reached

•       Your identifying details are stored separately from your session notes, so no single file contains both your name and your session content

If I ever become aware of a data breach that affects your personal information I will notify you and the ICO as required by law.

Cookies

A cookie is a small file stored on your device when you visit a website. My website uses the following cookies:

Google Analytics - I use Google Analytics to collect anonymous, aggregate data about how visitors use my website, such as which pages are visited most. This helps me improve the site. Google Analytics uses cookies to collect this data.

No other cookies are set by my website.

When you visit settled-self.com you will be asked for your consent to use cookies via a cookie consent banner before any non-essential cookies are set. You can withdraw or change your cookie preferences at any time via the banner on the website.

For more information about how Google handles this data, please see Google’s privacy policy at policies.google.com/privacy.

Changes to this Privacy Policy

I may update this privacy notice from time to time. Any changes will be posted on this page and the date at the bottom will be updated accordingly. I encourage you to check this page periodically.

This policy was last reviewed: June 2026.