Privacy & Legal
Introduction
This Privacy Policy explains how Dr Jay Solanki and Solara Psychology (“we”, “us”, or “our”) collects, uses, and protects personal data provided by visitors to our website solarapsychology.com (“Website”) and clients who engage our services. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.
By using our Website and services, you consent to the terms of this Privacy Policy.
Data Controller
Dr Jay Solanki and Solara Psychology is the data controller responsible for the collection and processing of your personal data. If you have any questions or concerns about this policy, please contact us at: hello@solarapsychology.com
What Data We Collect
We may collect the following types of personal data:
1. Personal Identification Information
• Name
• Date of birth
• Contact details (phone number, email address, address)
• Emergency contact details
2. Health Information
• Medical history relevant to psychological therapy
• Details of previous psychological or psychiatric treatment
• Session notes and assessments made during the course of therapy
3. Website Usage Data
• IP address
• Browser type
• Pages visited and time spent on the Website
• Cookies and tracking technologies (see Cookie Policy below)
4. Payment Information
• Bank or payment card details, when applicable for billing purposes
How We Use Your Data
We will only process your personal data when we have a legal basis to do so. The ways in which we use your data include:
To provide psychological services: Your personal and health data are essential for us to deliver safe and effective therapy.
To communicate with you: We may use your contact details to arrange appointments, send reminders, or share relevant information regarding your therapy.
To manage billing and payments: We process payment details to facilitate transactions for our services.
For Website improvement: Usage data helps us improve the functionality and performance of our Website.
To comply with legal obligations: In certain cases, we may be required to share your data with authorities for legal or regulatory purposes, such as safeguarding.
Legal Basis for Processing Personal Data (GDPR)
Under the GDPR, we rely on the following legal bases for processing your personal data:
Consent: We will ask for your explicit consent before processing any sensitive personal data (e.g., health records).
Contractual obligation: We may process your personal data to fulfill a contract, such as providing psychological therapy services.
Legal obligation: We may be required to process personal data to comply with legal requirements.
Legitimate interests: We may process personal data for our legitimate interests, such as improving our services, where those interests are not overridden by your privacy rights.
Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, including legal, accounting, or reporting requirements. Clinical records are typically kept for a minimum of 7 years from the date of your last session, in line with professional guidelines, unless otherwise required by law.
Data Sharing and Disclosure
We do not share your personal data with third parties unless required to do so by law or where necessary to provide our services. We may share data in the following instances:
Healthcare providers: With your consent, we may liaise with other medical professionals (e.g., GPs or psychiatrists) to ensure comprehensive care.
Service providers: We may share limited personal data with third-party service providers (e.g., IT support, payment processors) who assist in our operations, under strict confidentiality agreements.
Legal obligations: We may disclose your personal data to regulatory authorities or law enforcement if legally required to do so.
International Transfers of Data
If your data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as EU-approved standard contractual clauses, to protect your data in accordance with GDPR.
Your Rights under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right to Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure: You may request the deletion of your personal data in certain circumstances.
Right to Restrict Processing: You can request that we limit the processing of your personal data in certain situations.
Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
Right to Object: You can object to the processing of your personal data for certain purposes, such as marketing.
Right to Withdraw Consent: Where we rely on your consent to process data, you may withdraw that consent at any time.
To exercise any of these rights, please contact us using the contact details provided above. We aim to respond to all legitimate requests within one month.