Skip to main content

Legal

Privacy notice

How Cheta Wellness handles your personal information, and the rights you have under UK data protection law.

Last updated: 23 April 2026

Our commitment

At Cheta Wellness, we are committed to supporting mental and physical wellbeing in a safe, respectful, and confidential environment. We take your privacy seriously and handle your personal information responsibly when you use our website or access our services.

This notice explains how we collect, use, store, and protect your information. We recommend reading it alongside any other privacy notices we may provide, so you fully understand how and why your data is used.

Who is responsible for your data

Cheta Wellness is the controller of your personal data. You can reach us using the contact details at the end of this notice.

What personal data we collect

Personal data means any information that can identify you. The data we hold depends on how you interact with us.

When you use our website

If you only browse the site and do not contact us, we collect very little beyond what your browser reports for basic site functioning, such as your IP address, browser type, and general usage information. Messages submitted through the contact form are sent directly to us by email and are not stored in a website database.

When you become a client

If you engage our services, we collect the information needed to provide safe and appropriate care, which may include:

  • Identity information: your name, title, date of birth, and gender.
  • Contact information: address, email, and telephone number.
  • Financial information: payment and billing details, and records of services you have received from us.
  • Special category (health) data: details about your mental or physical health, medication, relevant medical and psychiatric history, and any other information needed to support your care.

We do not collect other special category data unless it is directly relevant to the support we provide. Where required, we will ask for your explicit consent to process sensitive health information.

How we collect your information

We collect information directly from you when you:

  • complete enquiry or onboarding forms
  • fill in forms before or during appointments
  • share information during sessions
  • contact us by email, phone, post, or other communication methods
  • request or use our services
  • provide feedback or contact us through our website

We may also collect limited technical information automatically through website cookies and similar technologies. In some cases, we may receive information from third-party providers such as analytics or search providers.

If we need certain information by law or under the terms of our agreement with you, and you do not provide it, we may not be able to offer our services or continue working with you. We will always let you know if this is the case.

How we use your personal data

We may use your personal data to:

  • register you as a client
  • provide therapy and wellbeing services
  • manage appointments, payments, fees, and charges
  • communicate with you about your care or our services
  • notify you of changes to our terms or policies
  • respond to enquiries or requests
  • improve our website, services, and client experience
  • manage and protect our website and business operations

Lawful basis for processing

We rely on one or more lawful bases when processing your personal data. These may include:

  • fulfilling our contract with you
  • complying with legal obligations
  • pursuing our legitimate interests in running and improving our practice
  • your consent, particularly where sensitive health data is involved

In some cases, more than one lawful basis may apply.

Cookies

Our website may use cookies to help it function properly, improve your experience, and understand how visitors use the site. You can manage cookie settings through your browser.

Use of AI tools

Cheta Wellness may use carefully selected AI tools to support aspects of service delivery or business administration, such as note-taking, communication support, or administrative content. Where AI tools are used, we make sure that:

  • personal data is processed lawfully, fairly, and transparently
  • only the minimum necessary information is used
  • appropriate security measures are in place
  • data is retained only for as long as necessary, then securely deleted or anonymised where appropriate

If AI tools are used in connection with your data, this will always be done in line with UK data protection law.

Third-party links

Our website may include links to third-party websites or services. If you follow these links, those sites may collect or share your data. We do not control third-party websites and are not responsible for their privacy practices. We recommend reading their privacy notices separately.

Who we share your data with

We share your personal data only where necessary and with appropriate safeguards in place. This may include:

  • IT and system administration providers
  • professional advisers such as accountants, insurers, or legal advisers
  • other healthcare professionals involved in your care, where appropriate
  • health insurers, where relevant for billing
  • clinical supervisors, with identifying information kept to a minimum
  • your GP or another professional, where appropriate and usually with your consent
  • regulators, HMRC, courts, or legal authorities where required by law
  • debt recovery agencies where payment remains outstanding

In rare situations, we may need to share information without your consent if there is a serious risk of harm to you or someone else, or where we are legally required to do so.

All third parties are required to respect the security and confidentiality of your data and only process it in line with our instructions.

International transfers

Some of our service providers may be based outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place to protect it in accordance with UK data protection law.

How we keep your data secure

We have appropriate security measures in place to protect your personal information from being lost, misused, accessed without permission, altered, or disclosed.

Access to your personal data is limited to those who need it for legitimate purposes and who are subject to confidentiality obligations. If a data breach occurs and we are legally required to notify you or a regulator, we will do so.

How long we keep your data

We only keep your data for as long as necessary to fulfil the purpose it was collected for, including legal, regulatory, tax, and accounting requirements.

As a general guide:

  • clinical records for adults are usually retained for 7 years after treatment ends
  • records for children are usually retained until the child’s 25th birthday
  • financial and transaction records may be retained for 6 years for tax and legal purposes

Retention periods may vary depending on the nature of the information and legal requirements.

Your rights

You have rights in relation to your personal data, including the right to:

  • request access to the data we hold about you
  • ask us to correct inaccurate or incomplete information
  • request erasure of your data where appropriate
  • object to certain types of processing
  • request restriction of processing in some circumstances
  • request transfer of your data to you or another organisation
  • withdraw consent where we rely on consent to process your data

To exercise any of these rights, please contact us using the details at the end of this notice.

We do not usually charge a fee for responding to these requests, although we may charge a reasonable fee or refuse a request if it is clearly unfounded, repetitive, or excessive. We aim to respond within one month, although this may take longer for more complex requests.

Raising a concern

If you have a concern about how we have handled your data, we would like the chance to put it right, so please contact us first. You also have the right to raise a complaint with the Information Commissioner’s Office (ICO) if you believe your data has not been handled appropriately.

Changes to this notice

We may update this privacy notice from time to time. Any changes will be posted on this page, and the date at the top will be updated.

Contact us

If you have any questions about this notice, or how your information is handled, please contact us:

For general enquiries about therapy and to make an initial contact, please use the contact form.