Privacy Policy – My Trauma Release

Introduction

My Trauma Release (“we”, “us”, or “our”) is committed to protecting the privacy and confidentiality of all personal information we collect.

This Privacy Policy explains how we collect, use, and safeguard personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

Who We Are

• Business name: My Trauma Release

• Email: emma@mytraumarelease.co.uk

​

For any privacy-related enquiries, please contact us using the details above.

​

What Personal Data We Collect

We may collect and process the following information:

• Names and contact details (e.g. telephone number, email, address)

• Date of birth

• Purchase or session history

• Payment details (including card or bank information)

• Health information (including relevant physical, mental-health or wellbeing details)

• Information relating to compliments or complaints

​

Because the services we provide may involve health-related discussion, some of this information is classed as special-category data under UK GDPR and is handled with heightened care.

​

Purposes of Processing

We collect and use personal information to:

• Deliver coaching or therapeutic sessions safely and effectively

• Conduct health or wellbeing questionnaires to assess suitability for services

• Maintain client records and session notes

• Manage scheduling, payments, and communications

• Comply with professional codes of conduct and legal duties of care

• Respond to enquiries, feedback, or safeguarding concerns

• Send service updates or marketing material (only with consent)

​

Lawful Bases for Processing

We rely on the following lawful bases under Article 6 of UK GDPR:

• Contract: Processing necessary to provide our services or fulfil a client agreement.

• Consent: Processing health information and sending marketing communications where you have given explicit consent.

• Legitimate Interests: To ensure safe service delivery, manage relationships, and maintain professional records.

• Legal Obligation: To comply with applicable law or requests from authorities.

• Vital Interests: Where processing is necessary to protect someone’s life or wellbeing (for example, in a safeguarding emergency).

​

Legitimate Interest Assessment

We have reviewed that collecting relevant health and contact data is necessary and proportionate to maintain client safety and professional standards, as required by our governing or accrediting body. The benefits of ensuring appropriate duty of care outweigh any minimal privacy impact.

​

Children’s Data

We may collect limited information about children only with parental or guardian consent and strictly where necessary for the delivery of agreed therapeutic services.

​

Where We Get Your Data

We obtain personal information:

• Directly from you, through forms, emails, telephone calls, or online bookings.

• From completed health questionnaires prior to sessions.

​

We do not receive information from unrelated third parties.

​

Systems and Sub-Processors

To operate efficiently, we use secure third-party platforms that process data under written agreements and in compliance with UK GDPR:

• Wix – for website hosting, scheduling, and health-questionnaire submissions.

• QuickBooks – for accounting and financial record-keeping.

• Google Workspace (Gmail & Calendar) – for communications and session scheduling.

​

All sub-processors apply encryption, access controls, and standard contractual protections.

​

Data Sharing

We will never sell or rent personal data.
We may share limited information only when necessary, including:

• With professional consultants or supervisors (under confidentiality) for reflective practice.

• With safeguarding bodies or emergency services if there is risk of serious harm to you or others.

• With regulatory or legal authorities if required by law.

​

Any disclosure is done with the minimum necessary information and in accordance with professional ethics.

​

​

Data Retention

• Client and session records are kept for seven years after the last interaction, in line with professional-body and insurance requirements.

• Financial records are retained for six years to satisfy accounting and tax obligations.

• Marketing data is retained until you withdraw consent.

​

International Data Transfers

Some of our technology providers (e.g. Wix and Google) may store data outside the UK.
Where this occurs, transfers are safeguarded using Standard Contractual Clauses (SCCs) or an adequacy decision ensuring equivalent data-protection standards.

​

Data Security

We take data security seriously and implement measures such as:

• Encryption of stored and transmitted data

• Multi-factor authentication for accounts

• Role-based access restrictions

• Regular review and secure deletion of old records

• Locked storage for any paper files

​

Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you

• Request correction of inaccuracies

• Request deletion (where legally possible)

• Withdraw consent for marketing or special-category processing

• Restrict or object to certain processing

• Request a copy of your data in a portable format

​

Requests can be made using the contact details above.

​

How to Complain

If you have any concerns about how your information is handled, please contact us first so we can address them.
If you remain dissatisfied, you can complain to the Information Commissioner’s Office (ICO):

• Website: www.ico.org.uk

• Telephone: +44 303 123 1113

​

Review

This Privacy Policy is reviewed regularly and updated when necessary to reflect changes in law or practice.
Last updated: October 2025