Privacy Policy & Data Protection Statement

Last Updated: March 2026

At Caroline Michael Therapy, I am committed to protecting and respecting your privacy. This policy explains when and why I collect personal information, how I use it, the conditions under which I may disclose it to others, and how I keep it secure.

1. Who I Am

Caroline Michael is the "Data Controller" for your personal data. I am a qualified Hypnotherapist and Psychotherapist based in Esher, Surrey. I am registered with the Information Commissioner’s Office (ICO) under registration number ZA708700.

2. The Type of Information Collected

  • Contact Information: Name, email address, and phone number provided via contact forms.

  • Clinical Information: Sensitive Special Category data, including mental health history, lifestyle details, and session notes (collected during consultations).

  • Technical Data: IP address, browser type, and cookies (see Cookie Policy below).

  • Transaction Data: Details about payments to and from you via my processor, Stripe. Note: I do not store credit card numbers on my internal servers or in the website CMS.

3. Legal Basis for Processing

Under GDPR, I process your data under the following legal bases:

  • Contractual Necessity: To provide the therapy services you have requested.

  • Legitimate Interests: For the administration of my business (e.g., responding to inquiries).

  • Special Category Data (Health): I process health-related data under Article 9(2)(h) of the GDPR, which relates to the provision of health or social care.

4. How Your Information is Stored & Retained

  • Digital Data: Stored on encrypted devices and secure, password-protected cloud storage.

  • Physical Records: Any paper-based clinical notes are kept in a locked filing cabinet.

  • Retention: In accordance with professional insurance requirements, clinical records are kept for 7 years after the conclusion of therapy, after which they are securely destroyed.

5. Third-Party Service Providers

I will not sell or rent your information to third parties. I work with secure third-party providers to run my practice, including:

  • Payment Processor: Stripe.

  • Website Hosting: Squarespace.

  • Communication: Secure email and video platforms for online sessions.

6. Your Rights

You have the right to access the information I hold about you, request rectification of errors, or request erasure (subject to clinical retention laws). To exercise these rights, please contact hello@carolinemichaeltherapy.co.uk

Cookie Policy

This website uses cookies to distinguish you from other users. This helps me provide you with a good experience when you browse my site.

Strictly Necessary -Required for the operation of the website (e.g., secure login or payment processing).

Analytical/Performance - Allows me to recognise and count the number of visitors (e.g., Google Analytics, Bing).

Functionality - Used to recognise you when you return to the website. 

How to Manage Cookies: You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you block all cookies, you may not be able to access all parts of the site.[KN1]