1. Introduction
This Privacy Policy explains how I, Daria Smolina, collect, use, store, and protect your personal data in accordance with the **UK General Data Protection Regulation (UK GDPR)**, the **Data Protection Act 2018**, the **EU General Data Protection Regulation (EU GDPR)**, and relevant German data protection laws.
By using my services or website, you agree to the practices described here. If you need this policy translated to another language, contact me via email listed below.
For details about Heilpraktikerin für Psychotherapie - see Impressum.
This privacy Policy is active in both UK and Germany (Heilpraktikerin für Psychotherapie) services.
2. UK Data Controller Contact Details
Name: Daria Smolina
Address: 124 City Road, London EC1V 2NX
Email: contact@dariasmolina.com
Website: www.dariasmolina.com
ICO Registration Number: 00011004494
As a sole trader, I am not required to appoint a Data Protection Officer.
3. Data Collected
I collect the following personal data where necessary:
- Identification details (name, contact information)
- Information shared during therapy sessions
- Appointment records, payment and invoicing details
- Email correspondence
Children’s Data:
I do not knowingly collect personal data from minors under the age of 18. My services and website are intended for adults only.
4. How and Why I Use Your Data
Purposes of Processing
Your personal data is processed for:
- Delivering and managing therapy services
- Record-keeping in line with legal and professional standards
- Appointment management and communication
- Invoicing and accounting
- Complying with legal obligations
- Responding to client inquiries or complaints
Legal Bases for Processing (UK GDPR / EU GDPR):
- Contract: To provide requested services to you
- Legal obligation: To retain records for required time periods
- Consent: If you voluntarily agree to certain uses (e.g., marketing emails – not currently in use)
- Legitimate interests: Limited to administrative purposes, business management, and professional obligations. No unrelated profiling or marketing is conducted.
5. Automated Decision-Making
My business does **not** use any form of automated decision-making or profiling that has legal or similarly significant effects on clients.
6. Sharing of Personal Data
Third-party processors/service providers:
I use the following GDPR-compliant services to deliver my work:
- **FreeAgent** or **Accountable** – for accounting purposes
- **Gmail** – for email communication
- **Google Drive** – for secure storage of anonymised notes (client names, addresses, and other identifiers are removed)
Your data may also be shared with regulators or legal authorities where required by law.
**Accountants:** I do not currently share personal data with accountants. If this becomes necessary to meet legal or professional obligations, I will only share what is strictly required, under contract, and in compliance with relevant data protection legislation.
7. International Data Transfers
If personal data is processed outside the UK/EU/EEA (for example, where cloud services use international servers), transfers are safeguarded by legally recognised mechanisms such as:
- UK/EU Adequacy Decisions
- Standard Contractual Clauses
- Participation in recognised frameworks (e.g., EU–US Data Privacy Framework)
8. Data Retention
I retain data only for as long as necessary for the purposes collected and to meet legal or professional obligations.
- Germany (Heilpraktikerin für Psychotherapie – sessions records): Retained for 10 years after the last appointment, in line with local regulations.
- Germany (Heilpraktikerin für Psychotherapie - Invoices/Accounting records): Retained for 8 years from the date of issue (German fiscal regulations)
- UK (Therapy records): Retained for 7 years after the end of therapy (with professional standards & guidance).
- UK (Invoices/Accounting records): Retained for 6 years from the end of the financial year (HMRC requirements)
9. Your Rights
You have the following rights under UK GDPR / EU GDPR:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision-making and profiling (not applicable here)
To exercise your rights, please contact me via the details above.
10. Statutory/Contractual Requirement
Providing certain personal information may be required by law or contract (e.g., for accounting or tax purposes). Without such data, services may not be possible.
11. Complaints
If you have concerns about my data handling, please contact me first so I can address them.
If unresolved:
- **UK residents**: Contact the Information Commissioner’s Office (ICO) – www.ico.org.uk
- **EU/EEA residents**: Contact your local data protection authority.
12. Cookies & Website Tracking
This website uses essential cookies for basic functions and analytics cookies to understand how the site is used. No marketing or tracking cookies are set without your consent.
You can change your cookie settings at any time using the pop‑up on this website, or by adjusting your browser settings.
13. Changes to This Policy
This Privacy Policy may be updated from time to time. Changes will be posted on this page and, where significant, communicated via email.
Last updated: 01.08.2025