Psychosexual and Relationship Therapy in Glasgow & Online
Your Privacy
This privacy policy explains how I collect, use, store, and protect your personal data when you interact with this website, contact me, or use my therapy services. I am committed to protecting your privacy and handling your data with the utmost confidentiality and in compliance with the UK GDPR and the Data Use and Access Act.
Last updated: June 2026
Who I Am (Data Controller)
The data controller responsible for your personal data is Nicola Toye trading as Nicola Toye Relationship Therapy.
If you have any questions about this privacy policy or how I handle your data, please contact me at:
- Email: hello@nicolatoye.co.uk
The Types of Data I Collect
I collect and process different types of information depending on how you interact with the practice:
- Identity & Contact Data: Name, email address, and phone number when you fill out the website contact form or email directly.
- Clinical & Health Data (Special Category Data): Session notes, assessments, and relationship history created during the delivery of therapy services.
- Schedule Data: Diary entries, appointment dates, and times.
- Financial & Transaction Data: Bank details, payment history, and invoicing details related to your sessions.
- Technical & Usage Data: IP addresses, website analytics, and referral sources (how you found this website) collected via standard tracking tools.
How I Use Your Data and My Lawful Basis
Under data protection law, I must have a valid legal reason (lawful basis) to process your data. Because therapy involves health information, I also meet strict conditions for handling "special category" data.
Data Type | Purpose | Lawful Basis (UK GDPR) | Special Category Condition |
|---|---|---|---|
Contact info | To respond to your initial inquiries and schedule appointments. | Contractual / Pre-contractual: Taking steps at your request before entering into a service agreement. | N/A |
Clinical Notes & Diary | To provide professional relationship therapy and manage your ongoing care. | Contract: To fulfil my service agreement with you. | Health or Social Care: To provide health or social care treatment. |
Financial Records | To process payments, issue invoices, and manage business accounts. | Legal Obligation: To comply with statutory financial reporting and tax laws. | N/A |
Website Analytics | To understand website performance, visitor numbers, and referral paths. | Legitimate Interests: To monitor and improve my website and marketing efforts. | N/A |
How I Store and Protect Your Data
I treat your personal information as confidential and will only share it where necessary for the provision and administration of my services or where required by law.
To support the operation of my practice, I use carefully selected third-party service providers acting on my behalf. Depending on the nature of the information, your personal data may be processed by providers of:
- email and electronic communications services;
- secure diary and appointment management systems;
- website hosting and contact form services;
- accounting and bookkeeping software;
- banking and payment services;
- cloud storage and backup services; and
- website analytics services.
These providers process personal data only where necessary for the services they provide and are subject to appropriate contractual and security obligations.
Sharing Your Data
I do not sell or rent your data to third parties. I only share information with trusted third-party service providers (processors) essential to running the practice, such as my secure therapy software provider, accounting platform, and website analytics tools. All providers are contractually bound to protect your data.
Some of the service providers I use may process personal data outside the United Kingdom. Where this occurs, I take reasonable steps to ensure that appropriate safeguards are in place to protect your personal data in accordance with UK data protection law, such as reliance on adequacy regulations or approved contractual safeguards where applicable.
Confidentiality Exceptions: I will only share your information without your consent if I am legally obligated to do so, or if there is a severe and immediate risk of harm to yourself or others (safeguarding and emergency services).
How Long I Keep Your Data
I only keep your personal data for as long as necessary to fulfil the purposes I collected it for, including satisfying any legal or accounting requirements.
- Therapy & Clinical Records: Retained for 7 years following the formal end of your therapy service provision, after which it is securely and permanently deleted.
- Financial & Transactional Records: Retained for at least 5 years after the 31 January submission deadline for the relevant tax year to remain fully compliant with HMRC record-keeping obligations for self-employed businesses.
Your Legal Rights
Under UK data protection law, you have rights regarding your personal data, including:
- Access: The right to request copies of the personal data I hold about you (Subject Access Request). In certain circumstances, however, UK data protection law permits or requires some information to be withheld or redacted. For example, this may be necessary to protect the rights and freedoms of another individual or where another legal exemption applies. If I am unable to disclose any information for these reasons, I will explain this to you where I am legally permitted to do so.
- Correction: The right to ask me to rectify inaccurate or incomplete information.
- Erasure: The right to ask me to delete your personal data in certain circumstances (subject to my legal obligations to retain financial data).
- Restriction/Objection: The right to object to or restrict certain types of data processing.
- Not to be subject to soley automated decision-making: No automated decision-making takes place with your data.
If you wish to exercise any of these rights, please contact me via the email address listed above. I will respond within one month. If you are unsatisfied with how I handle your data, you may make a complaint to me. At all times you retain the right to lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk).