Privacy Policy
Last Updated: May 2026
Welcome to the privacy policy for Family Therapy Norwich (www.familytherapynorwich.com). This policy explains how Tania Pombeiro ("we", "our", "us") collects, uses, stores, and protects your personal data when you visit our website, use our contact forms, or register for our psychotherapy services.
We are committed to protecting your privacy and handling your data in an open, transparent, and secure manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Important Information & Who We Are
Tania Pombeiro is the Data Controller responsible for your personal data.
If you have any questions about this privacy policy or how your data is handled, please contact me using the details below:
-
Full Name: Tania Pombeiro
-
Business Name: Family Therapy Norwich
-
Email Address: familytherapynorwich@protonmail.com
-
Main Practice Address: The Practice Rooms, Lower Goat Lane, Norwich
2. The Data We Collect About You
Personal data means any information about an individual from which that person can be identified. We may collect, use, and store different kinds of personal data about you, grouped as follows:
-
Identity Data: First name, last name, dob, title.
-
Contact Data: Email address, telephone number, and home address.
-
Technical Data: Internet protocol (IP) address, browser type, time zone setting, operating system, and platform via website cookies.
-
Special Category Data (Health/Clinical Data): If you complete our "Register & Book" form or provide details about your mental or physical health during an inquiry, you are sharing Special Category Data. This data is handled with the highest levels of clinical confidentiality.
3. How We Collect Your Data
We use different methods to collect data from and about you, including:
-
Direct Interactions: You give us your Identity, Contact, and Health data by filling out forms on our website, using our online booking links, or corresponding with us by email or phone.
-
Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment and browsing patterns via cookies.
4. How and Why We Use Your Personal Data
We will only use your personal data when the UK law allows us to. Most commonly, we use your data in the following circumstances:
-
To process your initial inquiry or booking: (Lawful Basis: Performance of a Contract / Taking steps to enter a contract).
-
To deliver safe and effective psychotherapy services: (Lawful Basis for Special Category Data: Article 9(2)(h) of the UK GDPR – the provision of health or social care or treatment).
-
To respond to website form submissions: (Lawful Basis: Legitimate Interests).
We do not use your data for marketing or sell your data to any third parties.
5. Data Security and Confidentiality
As an accredited systemic psychotherapist, your privacy is treated with strict clinical confidentiality.
-
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.
-
The website and the Practice Portal are hosted on a secure platform (HTTPS/SSL encryption).
-
Access to your data is strictly limited to Tania Pombeiro.
A Note on Our Live Chat/Contact Forms: Please note that standard website forms and chat features are intended for initial booking logistics. Please do not submit extensive, sensitive clinical or medical details via the open website form. Detailed histories are taken safely during your first clinical consultation.
6. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or professional clinical record-keeping requirements.
In line with professional psychological practice guidelines in the UK, client clinical records are securely retained for a standard period of 7 years after the conclusion of therapy (or, in the case of children, 7 years after they reach the age of 18), after which they are securely destroyed.
7. Your Legal Rights
Under the UK GDPR, you have rights in relation to your personal data, including the right to:
-
Request access to your personal data (commonly known as a "data subject access request").
-
Request correction of the personal data that we hold about you.
-
Request erasure of your personal data (subject to our legal and professional duties to retain clinical medical records).
-
Object to the processing or request restriction of processing of your data.
If you wish to exercise any of these rights, please contact us via email.
8. Right to Complain
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact me in the first instance.
