Privacy Policy | Journey to Self with Sufiya

Privacy Policy

How Journey to Self with Sufiya collects, uses, and protects your personal information.

Overview

Journey to Self with Sufiya (“we”, “us”, “our”) provides online counselling and psychotherapy services. We are committed to protecting your privacy and handling your personal information in a lawful, fair, and transparent way. This policy explains what we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

Effective date: 11 November 2025 · Last updated: 11 November 2025

Who is the Data Controller?

Journey to Self with Sufiya
Email: safyauk@yahoo.co.uk
Phone/WhatsApp: +971 52 699 3521
Website: /privacy-policy

If you have questions about this policy or how we handle your data, please contact us. You may also complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

What information we collect

  • Contact details (name, email, phone).
  • Administrative info such as scheduling and payment details.
  • Clinical information shared during assessments and sessions.
  • Website analytics/cookies (basic usage data).
  • Safeguarding information if there is a concern about risk.

Why we use your information (lawful bases)

  • To provide counselling services (contract).
  • To communicate about appointments (contract & legitimate interest).
  • Clinical record keeping (legal obligation & legitimate interest).
  • Safeguarding (vital interests & public interest).
  • Processing sensitive health data (explicit consent).
Special category data (health information) is processed using explicit consent, except in emergencies where legal or safeguarding duties apply.

Working with Under-18s

We may work with young adults and, where appropriate, those under 18. Children under 16 require parent/guardian consent. We handle all young people’s data with additional care and confidentiality.

How we share information

  • For administration or anonymised clinical supervision.
  • With emergency services/GPs if there is significant risk.
  • With service providers supporting email, hosting, or storage.

We never sell personal data.

International transfers

Some service providers store data outside the UK. We use providers with appropriate safeguards such as standard contractual clauses.

How long we keep data

Clinical records are kept for 7 years from the last contact (or until a young client turns 25). Administrative/financial records are kept for 6 years.

Your rights

You have rights under UK GDPR:

  • Access your data
  • Correct inaccurate data
  • Request deletion (in certain cases)
  • Restrict processing
  • Data portability
  • Object to certain processing
  • Withdraw consent for health data processing

To use these rights, email safyauk@yahoo.co.uk. You may also complain to the ICO at ico.org.uk.

Security

We use reasonable technical and organisational measures to protect your data. Only essential personnel have access.

Cookies & analytics

Our WordPress site may use essential cookies and basic analytics. You can control cookies through browser settings.

Communications

Email and WhatsApp have their own privacy policies. Avoid sharing highly sensitive details through them.

WhatsApp notice: By contacting via WhatsApp you agree to WhatsApp’s Privacy Policy.

Changes to this policy

Policy updates will appear on this page. Please check periodically for changes.

View Terms & Conditions  •  Contact