Privacy Policy
Last updated: 16th January 2026
1. Introduction
This privacy policy explains how Sarah Hayes collects, uses, and protects your personal data when you visit this website or contact me.
I am committed to safeguarding your privacy and handling your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using this website or contacting me, you confirm that you are aged 13 or over.
2. Data Controller
For the purposes of data protection law, Sarah Hayes is the data controller.
Contact details:
Name: Sarah Hayes
Email: sarahhayes.ipt@gmail.com
Telephone: 07715390441
Please ensure that the personal data you provide is accurate and up to date. You can notify me of any changes by using the contact details above.
3. Personal Data I Collect
Personal data means any information that can identify you as an individual.
Depending on how you interact with this website or contact me, I may collect and process the following types of personal data:
a) Communication Data
This includes information you provide when you contact me via the website contact form, email, telephone, or text message.
This may include your name, email address, phone number, and the content of your message.
Purpose:
Responding to enquiries
Keeping appropriate records of communications
Establishing, exercising, or defending legal claims
Lawful basis:
Legitimate interests (responding to enquiries and managing my practice)
b) Enquiry and Client Data
If you enquire about or engage my services, I may collect basic contact and administrative information such as your name, email address, telephone number, appointment details, and payment information (where applicable).
Purpose:
Providing therapy services
Managing appointments and payments
Meeting legal and professional obligations
Lawful basis:
Performance of a contract
Taking steps at your request prior to entering a contract
c) Website Usage Data
This includes information about how you use this website, such as pages visited and interactions with the site.
Purpose:
Operating and improving the website
Ensuring website security
Understanding how visitors use the site
Lawful basis:
Legitimate interests
d) Technical Data
This may include your IP address, browser type, device information, time zone settings, and other technical details collected automatically through cookies or similar technologies.
Purpose:
Website administration and security
Website analytics
Lawful basis:
Legitimate interests
4. Special Category (Sensitive) Data
I do not intentionally collect special category personal data through this website.
Special category data includes information about health, racial or ethnic origin, religious beliefs, sexual orientation, political opinions, or criminal convictions.
If you contact me via the website, please do not include detailed sensitive personal information in your initial message. Sensitive information is more appropriately shared once a therapeutic relationship is established and appropriate privacy safeguards are in place.
5. How Your Personal Data Is Collected
Personal data may be collected:
Directly from you when you contact me or complete forms on this website
Automatically through cookies and similar technologies when you use this website
From third-party service providers such as website hosting or analytics providers
6. Marketing Communications
I will only send you marketing communications where:
You have given your consent, or
It is permitted under UK law and you have not opted out
You can opt out of marketing communications at any time by contacting me using the details above.
Your personal data will never be shared with third parties for their own marketing purposes.
7. Sharing Your Personal Data
Your personal data may be shared only where necessary, including with:
Website hosting and IT service providers
Professional advisers such as accountants, insurers, or legal advisers
Regulatory or government authorities where required by law
All third parties are required to keep your data secure and to process it in accordance with data protection law.
8. International Data Transfers
Some third-party service providers may be located outside the UK or European Economic Area (EEA).
Where personal data is transferred internationally, appropriate safeguards will be in place to ensure your data remains protected, such as approved contractual clauses or adequacy decisions.
9. Data Security
Appropriate security measures are in place to protect your personal data against loss, misuse, unauthorised access, or disclosure.
Access to personal data is restricted to those who have a genuine professional need to access it and who are subject to confidentiality obligations.
In the event of a personal data breach, I will notify affected individuals and the relevant authorities where legally required.
10. Data Retention
Personal data is retained only for as long as necessary for the purposes for which it was collected, including legal, accounting, and professional requirements.
Retention periods are determined by considering the nature of the data, its sensitivity, and applicable legal obligations.
In some circumstances, personal data may be anonymised and retained for statistical or administrative purposes.
11. Your Legal Rights
You have rights under data protection law, including the right to:
Access your personal data
Request correction or erasure
Restrict or object to processing
Request data portability
Withdraw consent where applicable
Further information is available from the Information Commissioner’s Office (ICO):
https://ico.org.uk
Requests can be made using the contact details above. I may need to verify your identity before responding.
12. Complaints
If you have concerns about how your personal data is handled, please contact me first so I can try to resolve the matter.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK authority for data protection matters.