Privacy & Cookie Policy – Hampstead Psychology

​Introduction

This Privacy and Cookie Policy explains how Hampstead Psychology (“we”, “our”, “us”) collects and processes personal data when you use our website, communicate with us, or work with us as a client or service provider. It also explains how we use cookies and your rights under data protection law.

​

If you have any questions or comments about this policy, please email info@hampsteadpsychology.com. You can be assured that any information you share with us will be handled carefully, securely, and in line with UK GDPR and the Data Protection Act 2018.

 

Who we are

• Data controller: Dr Jo Stuart

• Website: http://www.hampsteadpsychology.com/

• Address: Elsynge House, Forty Hill, London

• Email: info@hampsteadpsychology.com

 

What personal data we collect

We may collect and process the following types of data:

• Information you provide directly: via website forms, questionnaires, surveys, emails, phone calls, or during therapy. This may include your name, contact details, health information, payment details, personal description, and medical history.

• Correspondence: records of your communications with us.

• Website data: details of your visits, resources accessed, IP address, browser type, operating system, and interaction with our website.

• Cookies and similar technologies: to remember preferences, monitor usage, and improve site performance (see Cookies section).

• Third-party data: information from professionals involved in your care (with your consent) or from service providers (e.g., analytics or payment processors).

• Special category health data: information about your mental health that is necessary for providing therapy or psychological services.

 

Lawful bases for processing

We only process your personal data where a lawful basis applies (UK GDPR Art. 6):

• Contract – to deliver the services you request.

• Legal obligation – to comply with professional, tax, and safeguarding duties.

• Legitimate interests – for practice management, website security, analytics (balanced against your rights).

• Consent – for cookies, marketing communications, or sharing with other professionals where appropriate.

For special category health data, we rely on UK GDPR Art. 9(2)(h) – processing necessary for health or social care, treatment, and management – and on explicit consent where required.

 

Children and young people

Where services are provided to those under 18, we may seek consent from a parent or guardian where required. Clinical records for young people are retained for longer periods (see Retention).

 

How we use your personal data

We may use your information to:

• Provide therapy and fulfil contracts with you.

• Communicate about appointments, services, or changes.

• Maintain secure clinical records.

• Carry out anonymised audits, service evaluations, or outcome monitoring.

• Administer and improve our website, troubleshoot, and keep it secure.

• Enable participation in online features such as secure video calls.

• Provide information about services similar to those you have received or enquired about (you can opt out at any time).

• Comply with legal and professional obligations.

We do not use automated decision-making or profiling.

 

Cookies

Our website uses cookies, pixels, and similar technologies in line with UK/EU law.

Cookies are used for:

• Essential session management: recognising returning users, capacity planning, diagnosing site issues, enabling logins.

• Functionality: remembering preferences and customising content.

• Performance & measurement: collecting statistics on how visitors use the site so we can improve it.

Most browsers accept cookies automatically; you can change settings to block or alert you about cookies. Blocking cookies may affect site functionality.

 

Sharing your data

We do not sell your data. We may share information:

• With other healthcare professionals involved in your care (with your consent).

• With trusted service providers (processors) such as:

  • Google – analytics, email, calendar, documents

  • Wix.com – website hosting

  • Zoom.us – online video consultations

• With legal/regulatory bodies where required by law.

• To establish, exercise, or defend legal claims.

• In the event of a business transfer or reorganisation (under safeguards).

All third-party providers are required to comply with data protection law and only process data under our instructions.

 

International transfers

Some service providers may process data outside the UK/EEA. Where this occurs, we ensure that recognised safeguards (e.g., adequacy decisions, Standard Contractual Clauses with UK Addendum) are in place to protect your rights.

 

Security

We take appropriate technical and organisational measures to protect your information, including encryption, secure servers, access controls, and staff confidentiality agreements. While internet transmission cannot be guaranteed 100% secure, we apply strict safeguards once your data is received.

If we issue login details, you are responsible for keeping them confidential.

 

How long we keep your data (Retention)

We retain personal data only as long as necessary for the purposes collected or to meet professional/legal obligations:

• Adult clinical records – usually retained for 7 years after last contact.

• Children/young people – retained until age 25 (or 26 if aged 17 at last contact), whichever is later.

• Marketing/contact data – up to 3 years after last interaction.

• Website/analytics data – up to 3 years.

Data is securely deleted or anonymised once retention periods expire.

 

Your rights

Under UK GDPR you have the right to:

• Access your data and obtain a copy.

• Request corrections to inaccurate or incomplete data.

• Request deletion of your data where no longer required (subject to legal/professional retention duties).

• Restrict or object to certain processing.

• Request data portability (for information you provided under consent or contract).

• Withdraw consent where relied upon.

• Complain to the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.

We may need to verify your identity before processing requests.

 

Service providers, referrers and associates

If you work with us as an associate clinician or service provider, we process your contact, credentialing, contractual, and payment details for practice administration and compliance with our legal obligations.

 

Links to other sites

Our website may link to external websites. We are not responsible for their privacy practices or content. Please review their policies before providing personal data.

 

Changes to this policy

We may update this policy from time to time. The latest version will always be available on our website. If changes are significant, we will notify you.

 

Queries, requests, or concerns

To exercise your rights or raise a concern, please contact:
info@hampsteadpsychology.com

If your concern is not resolved, you may contact the ICO:

• Phone: 0303 123 1113

• Website: https://ico.org.uk/global/contact-us/email/

• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK

 

Latest update: 1 August 2025