Privacy Policy

At Mysia Wellness, your privacy and trust are very important. This policy explains how I collect, use, and protect your information when you visit my website or use my services.

1. Who I am

I am Caroline Maitland, founder of Mysia Wellness in Andover, Hampshire. I provide trauma-informed therapy, coaching, and support for adults, young people, parents and families.

For the purposes of data protection law, I am the Data Controller, which means I am responsible for deciding how your information is used.

2. Information I Collect

I only collect the information needed to provide my services safely and effectively. This may include:

  • Personal details: name, email address, phone number, location

  • Session records: brief notes from sessions (kept minimal and factual)

  • Health or background information: only if you choose to share it and it is relevant to support

  • Payment information: if you pay me directly (handled securely via third-party payment systems)

  • Website data: cookies, IP addresses, browser information (see section 9)

3. How I Use Your Information

I use your information to:

  • Provide therapy, coaching, and wellness support

  • Contact you about appointments, updates, or resources

  • Process payments and invoices

  • Ensure safe, ethical, and professional practice

  • Meet legal or safeguarding requirements

I do not use your data for unsolicited marketing, nor do I sell or share it with third parties.

4. Legal Basis for Processing

Under UK GDPR, I process your information based on:

  • Contract: to deliver services you have booked

  • Legal obligation: where safeguarding or law requires it

  • Consent: where you have agreed (e.g., to receive resources)

  • Legitimate interests: limited use such as maintaining professional records

5. Sharing Your Information

Your information is confidential. I only share it if:

  • I have your clear, written consent

  • There is a legal obligation (e.g. court order)

  • There is a safeguarding concern (risk of harm to yourself or others)

Where possible, I will always discuss this with you first.

6. Data Storage & Retention

  • Session notes and personal information are stored securely (password-protected and/or encrypted).

  • I keep records for up to 7 years after our work ends, in line with professional guidelines.

  • After that, information is securely deleted or destroyed.

7. Your Rights

You have the right to:

  • Access the information I hold about you

  • Request corrections if details are wrong

  • Ask me to delete your information (unless I must keep it for legal reasons)

  • Limit or object to how I use your data

  • Withdraw consent at any time

To exercise your rights, contact me.

8. Security

I take security seriously and use safeguards to keep your information safe, including secure storage, passwords, and encryption. However, no system is 100% secure, so I cannot guarantee complete protection.

9. Children’s Privacy

I work with children and young people with appropriate consent. For anyone under 18, I require parental or guardian consent before collecting or processing personal information.

10. Contact

If you have any questions or concerns about this policy, please get in touch.

If you are unhappy with how I handle your data, you can also contact the Information Commissioner’s Office (ICO): www.ico.org.uk