top of page

Privacy Policy

Effective Date: 24/02/2026
Last Updated: 24/02/2026

Who We Are

Yellow Door Therapy (“we”, “us”, “our”) is a therapy service based in the United Kingdom.

For the purposes of UK data protection law, Yellow Door Therapy is the Data Controller of your personal information.

If you have any questions about this policy, please contact:

Email: keren@yellowdoortherapy.co.uk
Business Address: 13, St Albans Avenue, Halifax, HX3 0LZ
Telephone: 07803166151

The Legal Framework

We process personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)

  • The Data Protection Act 2018

As a therapy provider, we may process special category data (health information), which is subject to additional protections under UK law.

Information We Collect

A. Personal Information

We may collect:

  • Full name

  • Date of birth

  • Contact details (email, phone number, address)

  • Emergency contact details

  • GP details (if relevant)

  • Appointment history

B. Special Category Data (Health Information)

As part of providing therapy services, we may collect:

  • Mental health information

  • Medical history (where relevant)

  • Session notes

  • Assessment forms

This information is collected only where necessary for the provision of therapy services.

C. Payment Information

We collect payment information for both:

  • Online payments (via secure third-party payment processors)

  • In-person payments

We do not store full card details. Payments are processed securely by regulated payment providers.

D. Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address

  • Browser type

  • Device type

  • Pages visited

  • Date and time of visit

How We Use Your Information

We use your information to:

  • Provide therapy services

  • Schedule and manage appointments

  • Maintain clinical records

  • Process payments

  • Communicate with you regarding appointments or services

  • Comply with legal and professional obligations

  • Improve our website and services

We do not sell your personal data.

Legal Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – to provide therapy services

  • Legal obligation – to comply with professional and regulatory requirements

  • Legitimate interests – to manage and improve our services

  • Explicit consent – where required, particularly for health data

For special category (health) data, processing is necessary for the provision of health or social care services.

Google Analytics

We use Google Analytics to analyse website usage.

Google Analytics collects information such as:

  • Pages visited

  • Time spent on site

  • How users arrive at the website

This information is anonymised where possible and used solely to improve our website and services.

You can opt out of Google Analytics tracking via browser settings or Google’s opt-out tools.

Advertising

We may occasionally use online advertising platforms (such as Google or social media platforms) to promote our services.

These platforms may use cookies or tracking technologies to:

  • Measure advertising effectiveness

  • Show relevant adverts

You can manage cookie preferences through your browser settings.

Data Sharing

We may share your information with:

  • Secure payment processors

  • Website hosting providers

  • IT service providers

  • Professional supervisors (anonymised where appropriate)

  • Legal or regulatory authorities if required

All third parties are required to maintain appropriate security measures.

We will never sell your data.

Confidentiality

As a therapy provider, we are committed to maintaining strict confidentiality.

Information may only be disclosed where:

  • You provide consent

  • There is a serious risk of harm to you or others

  • We are legally required to disclose information (e.g., court order, safeguarding obligations)

Data Retention

Clinical records are retained in accordance with professional and legal requirements in the UK (typically 7 years after the end of therapy, or longer where required).

After this period, data will be securely deleted or destroyed.

Data Security

We implement appropriate technical and organisational measures including:

  • Secure storage systems

  • Password protection

  • Encrypted systems where appropriate

  • Restricted access to sensitive information

Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where applicable)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

To exercise your rights, contact us using the details above.

You also have the right to lodge a complaint with the:

Information Commissioner's Office (ICO)
Website: https://www.ico.org.uk

Cookies

Our website uses cookies to:

  • Improve functionality

  • Analyse traffic

  • Support advertising activities

You may disable cookies in your browser settings.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website with the updated effective date.

bottom of page