Privacy Policy
Privacy Notice
Last updated: February 2026
1. Who I am
I am Larushka Ivan-Zadeh, trading as Zadeh Therapy. For the purposes of UK data protection law, I am the Data Controller responsible for your personal data.
Contact details:
Email: zadehtherapy@gmail.com
2. What data I collect
I may collect and process the following personal data:
· Name, age and contact details (email address, phone number, address)
· Information you provide when enquiring about or booking sessions
· Health and wellbeing information shared in the course of therapy
· Brief session notes
· Emergency contact or medical professional details (where relevant)
· Website enquiry data (submitted via contact forms)
I only collect data that is necessary for providing my services safely and professionally. On the website I also use Calendly, a third-party scheduling service provided by Calendly LLC, to allow visitors to book appointments or meetings via our website. When you interact with the Calendly booking form embedded on this site, certain personal data (such as your name, email address, phone number and any other information you submit in the booking form) is collected by Calendly. Calendly acts as a data processor on our behalf and processes this information in accordance with its own privacy policy.
3. Lawful basis for processing your data
Under UK GDPR, I rely on the following lawful bases:
· Article 6(1)(b) – performance of a contract (providing therapy services)
· Article 6(1)(c) – compliance with a legal obligation (record-keeping, safeguarding)
· Article 6(1)(f) – legitimate interests (running a professional practice)
· Article 9(2)(h) – processing of special category health data for the provision of health or therapeutic care
I do not rely on consent as the primary lawful basis for processing therapy notes, as this would not be appropriate or reliable in a clinical context.
4. How I use your data
Your data is used to:
· Respond to enquiries and manage bookings
· Provide hypnotherapy services
· Maintain accurate clinical records
· Ensure client safety and safeguarding
· Meet legal, ethical and insurance requirements
I do not use your data for marketing without your explicit permission.
5. How your data is stored
Your data is stored securely:
· Paper records are kept in a locked filing cabinet
· Digital records are stored on password-protected devices
· Access to your data is restricted to me alone
I take appropriate technical and organisational measures to protect your information.
6. How long I keep your data
In line with professional and insurance requirements, I retain client records for 10 years from the date of the final therapy session.
After this period, records are securely destroyed or permanently deleted.
7. Sharing your data
Your data is treated as confidential. I do not sell or share your information with third parties.
There are limited circumstances where I may be legally required to share information, including:
· If there is a serious risk of harm to you or others
· If disclosure is required by law or court order
· In anonymised form during professional supervision
Only the minimum necessary information would be shared.
8. Your rights
Under UK GDPR, you have the right to:
· Access the personal data I hold about you
· Request correction of inaccurate or incomplete data
· Request restriction of processing
· Object to processing in certain circumstances
· Request erasure of data (subject to legal and professional obligations)
· Lodge a complaint with the Information Commissioner’s Office (ICO)
Please note that the right to erasure does not apply where I am legally required to retain records.
9. Complaints
If you have concerns about how your data is handled, please contact me in the first instance.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK data protection regulator.
Website: https://ico.org.uk
10. Changes to this Privacy Notice
This Privacy Notice may be updated from time to time. The most recent version will always be available on this website.