2. What Data I Collect

When you visit this website (hosted on Squarespace)

• IP address and browser/device information

• Pages visited, time spent on site, and referral source

• Cookie preferences

(This information is collected via Squarespace and any enabled analytics tools.)

When you contact me (e.g. via contact form or email)

• Your name and email address

• Any personal information you choose to include in your message

If you become a client

Please refer to the separate Client Privacy Notice provided at the start of therapy.

• Request deletion of your data (where appropriate)

• Restrict processing

• Object to processing based on legitimate interests

• Request data portability

• Withdraw consent at any time (where applicable)

To exercise your rights, contact: yasminpilkington@proton.me

I will respond within one calendar month.

3. Lawful Basis for Processing

I rely on the following lawful bases under UK GDPR:

• Responding to enquiries: Legitimate interests and/or consent

• Website analytics: Legitimate interests (with consent for non-essential cookies)

• Providing therapy services: Contractual necessity

• Maintaining clinical records: Legitimate interests and/or legal obligation

• Safeguarding: Legal obligation

4. Cookies

This website uses cookies to support functionality and improve user experience.

Essential cookies are necessary for the website to operate and do not require consent.

Analytics cookies (if used) help me understand how visitors use the site and are only set with your consent.

You can manage or withdraw your cookie preferences at any time via the cookie banner or your browser settings.

5. Third-Party Services

I use trusted third-party providers to support my services. These may include:

• Website hosting: Squarespace

• Email provider: Proton Mail (end-to-end encrypted)

• Video conferencing: Zoom (if used for online sessions)

• Analytics tools (if enabled)

These providers may process data on my behalf. Some may store data outside the UK; where this occurs, appropriate safeguards are in place.

I do not sell or share your data for marketing purposes.

6. Data Retention

• Enquiry emails: Up to 12 months after last contact

• Client records: Minimum 7 years after the end of therapy

• Financial records: 6 years (HMRC requirement)

• Website analytics: According to provider settings

7. Data Security

I take appropriate steps to protect your personal data, including:

• Secure, password-protected and encrypted systems

• Encrypted email via Proton Mail

• Restricted access to data (myself only)

• Anonymised discussion where required for clinical supervision

• Secure storage of any physical records

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request deletion of your data (where appropriate)

• Restrict processing

• Object to processing based on legitimate interests

• Request data portability

• Withdraw consent at any time (where applicable)

To exercise your rights, contact: yasminpilkington@proton.me

I will respond within one calendar month.

If you are not satisfied with my response, you can contact the Information Commissioner’s Office (ICO):
https://ico.org.uk
0303 123 1113

9. External Links

This website may contain links to other websites. I am not responsible for their content or privacy practices.

10. Changes to This Policy

This Privacy Policy may be updated from time to time. The “Last Updated” date at the top of this page reflects the current version.

11. Contact

For any privacy-related queries:

Yasmin Pilkington
yasminpilkington@proton.me
ICO Registration: ZC066585
Last Updated: April 2026