Privacy Policy

Last updated: May 2026

1. Who We Are

Cambium Therapies is a private counselling practice operated by Jake Barry, Prof.Dip Psy C, MNCPS (acc.). We provide online counselling services to adults across the UK.

2. What Personal Data We Collect

We collect personal data in the following circumstances:

When you complete the counselling contract:

• Full name, preferred name, date of birth, pronouns
• Contact details (email address, telephone number, postal address)
• GP name and surgery details
• Current medications and relevant medical or mental health conditions
• Emergency contact details
• Session preferences and contracted session information
• Your digital signature

During our therapeutic work:

• Session notes and clinical records
• Invoices and payment records
• Any disclosures made during sessions relevant to your safety or the safety of others

When you use our website:

• IP address and browser type (via our hosting provider, Netlify)
• Pages visited and time spent (anonymised analytics, if enabled)

3. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract — to deliver the counselling services you have requested
• Legitimate interests — to maintain accurate clinical records and manage our practice
• Legal obligation — where we are required to disclose information by law (e.g. safeguarding duties)
• Vital interests — in situations where there is a serious and imminent risk to life

Special category data (health information) is processed under Article 9(2)(h) UK GDPR — for the purposes of preventive or occupational medicine and the provision of health care.

4. How We Use Your Data

• To provide counselling services and manage our therapeutic relationship
• To maintain clinical records in line with NCPS professional guidelines
• To contact you regarding appointments, invoices and practice communications
• To fulfil our safeguarding and legal obligations where required
• To receive clinical supervision (anonymised where possible)

We will never sell your personal data or use it for marketing purposes.

5. How Long We Keep Your Data

In line with NCPS guidelines and best practice for counselling records:

• Adult client records — retained for 7 years after the end of the therapeutic relationship
• Records involving minors — retained until the client turns 25, or 7 years after the end of therapy (whichever is longer)
• Financial records — retained for 6 years in line with HMRC requirements

After the retention period, records are securely deleted.

6. Third Parties We Share Data With

We use the following third-party services to operate our practice. Each acts as a data processor on our behalf:

• Supabase — secure cloud database storage for client records and session data (servers located in the EU)
• Brevo (Sendinblue) — email delivery service used to send contract confirmations
• Netlify — website hosting provider
• Google Fonts — web font delivery (Google may log IP addresses)

We may be legally required to share information with statutory authorities (e.g. police, social services) where there is a serious risk of harm. We will inform you of any such disclosure unless doing so would compromise safety.

Your data is never shared with our clinical supervisor in an identifiable form.

7. Your Rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your data (subject to our legal retention obligations)
• Restriction — ask us to restrict processing of your data
• Portability — request your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, please contact us at hello@cambium-therapies.co.uk. We will respond within 30 days.

8. Data Security

We take the security of your data seriously. Measures in place include:

• All data stored in encrypted, access-controlled cloud databases
• Row-level security policies ensure data is accessible only to authorised users
• Practice management tools are protected by two-factor authentication
• All data transmissions use HTTPS encryption

9. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance at hello@cambium-therapies.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated date. We encourage you to review this policy periodically.