top of page

Privacy Policy

Last updated: 20 November 2025
 

This privacy policy explains how I, Marika Marsh, collect, use and protect your personal information when you visit my website or work with me as a therapy client.


I am committed to protecting your privacy and handling your information safely, lawfully and transparently.
 

1. Who I am

Data Controller:
Name: Marika Marsh

I am registered with the Information Commissioner’s Office (ICO) as a data controller.
ICO Registration Number: [ICO NUMBER – IF YOU HAVE IT]
 

2. What information I collect


I may collect and process the following types of personal information:
 

a) When you use the website or contact form

​​

  • Name

  • Email address

  • Phone number (if provided)

  • Any information you include in your message (for example, why you’re seeking therapy, availability, preferences)

​

b) During therapy assessment and sessions

 

Because I offer psychological therapy, I may collect special category data, for example:

​

  • Mental health information (difficulties, history, symptoms, goals)

  • Relevant medical information (medication, diagnoses, GP details)

  • Background information (family, work, relationships, risk history)

  • Session notes and summaries

​

c) Administrative information

​​

  • Invoices, payment records and appointment logs

  • Email or message exchanges about appointments and practical arrangements

​

I only collect information that is relevant to providing a safe and effective therapeutic service and managing my practice.

​

3. Lawful bases for processing your data

​

Under UK data protection law (UK GDPR and Data Protection Act 2018), I rely on the following lawful bases:

​

  • Contract: to provide therapy services you have asked for (e.g. booking and delivering sessions).

  • Legitimate interests: to respond to enquiries, manage my diary, maintain records, and improve my service in ways that do not override your rights.

  • Legal obligation: to meet legal, regulatory and professional requirements (for example, insurance, tax records, safeguarding concerns).

  • Explicit consent: for processing special category (health) data where required, and where I ask for your clear agreement (e.g. contacting your GP or another professional, if appropriate).

 

You can withdraw consent at any time where consent is the lawful basis, but this may affect the services I can provide.

​

4. How I use your information

 

I use your information to:

​

  • Respond to enquiries and manage appointments

  • Assess whether my service is suitable for you

  • Provide psychological therapy and keep clinical records

  • Maintain secure financial and administrative records

  • Contact you about changes to appointments or services

  • Comply with legal, professional and insurance requirements

 

I do not use your information for automated decision-making or marketing without your consent.

​

5. Confidentiality and when I may share information

​

What you share in therapy is kept confidential. There are, however, specific situations where I may need to share information or seek advice:

​

  1. Risk of serious harm
    If I am seriously concerned about your safety or someone else’s safety (for example, risk of harm to self, others, or a child / vulnerable adult), I may need to share relevant information with appropriate services. Where possible, I will discuss this with you first.

  2. Legal obligations
    If I am required by law or a court order to disclose information, I must comply with this.

  3. Supervision
    Like most therapists, I discuss my work in clinical supervision to ensure you receive good quality care. I do not use full names, and identifying details are minimised.

  4. With your consent
    With your explicit consent, I may share information with other professionals involved in your care (for example, your GP, psychiatrist, or another therapist).

I will only share the minimum necessary information and will keep a record of what has been shared and with whom.

​

6. How I store and protect your information

 

I take the security of your information seriously. I use reasonable physical, electronic and organisational safeguards to protect it, for example:

​

  • Password-protected devices and secure accounts

  • Encrypted or reputable practice management / email systems (where used)

  • Limited access to records (only by me, unless otherwise agreed)

  • Paper notes, if used, stored securely and separately from identifying details

​

Despite these precautions, no system can be completely secure, but I take appropriate steps to minimise risk.

​

7. How long I keep your data

​

I keep personal data only for as long as necessary for the purposes it was collected and to meet legal, regulatory and insurance requirements.

​

As a guide:

​

  • Clinical records (adult clients): usually kept for [E.G. 7 YEARS] after the end of therapy

  • Emails and administrative records: kept for as long as needed for accounting, tax and practice management, typically up to [E.G. 7 YEARS]

  • Enquiry data (if you do not start therapy): usually kept for up to [E.G. 12 MONTHS] and then deleted

​

After these periods, I will delete or securely destroy your information.

​

8. Your rights

 

You have the following rights over your personal data, subject to certain legal limitations:

​

  • Right of access – to request a copy of the personal data I hold about you.

  • Right to rectification – to ask me to correct inaccurate or incomplete information.

  • Right to erasure – to request deletion of your data in some circumstances.

  • Right to restrict processing – to ask me to limit how I use your data.

  • Right to data portability – to request your data in a usable format for transfer to another provider (where technically possible).

  • Right to object – to object to certain types of processing based on legitimate interests.

​

To exercise any of these rights, please contact me via my Contact page. I may need to verify your identity before responding.

​

If you are unhappy with how I handle your data, please let me know first so I can try to resolve any concerns. You also have the right to complain to the Information Commissioner’s Office (ICO):

​

ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113

​

9. Website, cookies and analytics

 

My website may use basic cookies or analytics (for example, to see how many people visit the site and which pages are most viewed). This helps me understand how the website is used and improve it over time.

​

Where cookies are used:

​

  • They are not used to identify you personally.

  • You can usually disable cookies in your browser settings if you prefer.

​

If I add or change any use of cookies or analytics tools in future, I will update this policy and, where required, ask for your consent.

​

10. Third-party services

 

If I use trusted third-party services (for example, website hosting, email provider, online video platform or practice management software), they may process data on my behalf. I only use providers that take data protection seriously and have appropriate security measures in place.

 

I do not sell or rent your personal information to any third parties.

​

11. Changes to this privacy policy

 

I may update this privacy policy from time to time to reflect changes in law, guidance or how I work. The updated version will be posted on this page with a revised “Last updated” date.

​

12. How to contact me

 

If you have any questions about this privacy policy or how I handle your data, please contact me via my contact page.​)

bottom of page