top of page

Privacy Policy and Data Protection

Effective Date: 13th of October 2024

​

At Tiffany Leung, your privacy and the security of your personal information are of utmost importance. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

​

By using this website and our services, you agree to the collection and use of information in accordance with this policy.

​

1. Information We Collect

We collect the following personal data to provide psychological services and manage client relationships:

  • Personal Information: Full name, date of birth, email address, phone number, and postal address.

  • Health Information: Details related to your mental health, therapy goals, or medical history provided during the intake process or during sessions.

  • Financial Information: Payment details, such as credit card or bank information, when booking and paying for sessions.

  • Technical Data: Information about your use of our website, including IP address, browser type, and cookies (see our Cookies Policy below).

​

2. How We Use Your Data

We use your personal data to:

  • Provide and manage therapy services.

  • Schedule and confirm appointments.

  • Communicate with you about your therapy sessions and any administrative matters.

  • Process payments and issue invoices.

  • Comply with legal obligations (e.g., record-keeping for tax or regulatory purposes).

  • Improve the website’s functionality and services (through technical data analysis).
     

3. Legal Basis for Processing Your Data

We process your data based on one or more of the following legal grounds:

  • Consent: You have given us consent to use your data when accepting our cookies policy, booking an appointment. 

  • Contract: Processing is necessary for the performance of a contract (e.g., providing therapy services).

  • Legal Obligation: We must comply with certain legal or regulatory obligations.

  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our services), except where such interests are overridden by your rights.
     

4. How We Protect Your Data

We take data protection seriously and have implemented appropriate technical and organizational measures to safeguard your personal data from unauthorized access, disclosure, alteration, or destruction.

  • Encryption: Personal data is encrypted during transmission (e.g., using SSL certificates) and stored on secure servers.

  • Access Control: Only authorized personnel (such as Tiffany Leung and any necessary support staff) have access to your personal data.

  • Data Retention: We retain your personal data for as long as is necessary to provide our services and comply with legal obligations. Health records are typically retained for 7 years, as required by law.
     

5. Sharing Your Data

We do not sell, rent, or trade your personal data to third parties. However, in certain circumstances, we may share your data with trusted third-party service providers for the following purposes:

  • Payment Processing: Wix Payment processes your payment information securely.

  • IT Support and Hosting: Wix may access data as part of providing secure hosting and technical support.

  • Legal Compliance: We may disclose your information if required by law, such as to comply with a court order or a legal request.

We ensure that any third parties who process your data are bound by contractual obligations to protect your data in accordance with GDPR.
 

6. Your Rights

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.

  • Right to Rectification: You can request correction of inaccurate or incomplete data.

  • Right to Erasure (Right to be Forgotten): You can request that we delete your data, provided we are not legally obligated to retain it.

  • Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.

  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.

  • Right to Object: You can object to the processing of your data in certain situations, such as for direct marketing purposes.

  • Right to Withdraw Consent: You may withdraw your consent at any time, where consent is the legal basis for processing your data.

To exercise any of these rights, please contact us at corimuscoun@gmail.com or 0161 850 3557 . We will respond to your request within 30 days.

​

7. Cookies Policy

Our website uses cookies to improve your browsing experience and provide certain functionalities. Cookies are small text files that are placed on your device to track usage patterns, authenticate sessions, and store preferences.

  • Essential Cookies: These cookies are necessary for the operation of the website.

  • Analytics Cookies: We use Google Analytics to collect anonymous data on how visitors use our website.

You can control cookie settings through your browser. However, disabling cookies may affect your ability to use certain features of the website.

 

For more information, please refer to our Cookies Policy .

​

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Health-related records are retained in accordance with legal and professional guidelines, typically for 7 years after your last session or as otherwise required by law.

​

9. Data Transfers

In certain cases, your data may be transferred to and stored on servers outside the UK or the European Economic Area (EEA). Where this happens, we ensure that your data is transferred in accordance with GDPR and other applicable data protection laws by using standard contractual clauses or other legally accepted mechanisms.

​

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. Any changes will be posted on this page, and we will notify you via email if the changes are significant. Continued use of our services constitutes acceptance of the updated policy.

​

11. Contact Information

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at:

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been violated. You can contact the ICO at https://ico.org.uk/ 

bottom of page