Privacy Policy

Last updated: January 2026

1. Introduction

This Privacy Policy explains how personal data is collected, used, stored, and protected when you use this website (jessicahirani.com) and when you engage in therapy or related services with Jessica Hirani Wellness Ltd.

By using this website or providing your personal data, you confirm that you are 18 years or older. Therapy services are not offered to children or minors without explicit written consent and appropriate safeguarding procedures.

Data Controller:
Jessica Hirani Wellness Ltd (“we”, “us”, “our”)

Contact details:
Email: hi.jesshirani@gmail.com
Website: jessicahirani.com
Postal address:

We are registered with and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Types of Personal Data We Collect

A. Website & Enquiry Data

  • Identity Data: name, title

  • Contact Data: email address, phone number

  • Communication Data: emails, contact forms, messages

  • Technical Data: IP address, browser type, device data

  • Usage Data: website interaction, page views

  • Marketing Preferences

B. Therapy & Client Data (Special Category Data)

When you engage in therapy or therapeutic services, we may collect special category personal data, including:

  • Health and mental health information

  • Personal history shared during sessions

  • Session notes and clinical observations

  • Assessment forms and intake questionnaires

  • Emergency contact details

This data is considered confidential clinical information.

3. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract – to provide therapy or services you request

  • Consent – where you explicitly agree (e.g. email marketing)

  • Legal obligation – safeguarding, insurance, tax, or regulatory requirements

  • Legitimate interests – website administration, record keeping

  • Vital interests – where there is serious risk of harm

For special category (health) data, the lawful basis is:

  • Provision of health or therapeutic care

  • Explicit consent

4. Confidentiality & Its Limits (Therapy-Specific)

All therapy sessions and records are treated as confidential. However, confidentiality may be broken if:

  • There is a serious risk of harm to you or others

  • There is a safeguarding concern involving a child or vulnerable adult

  • Disclosure is required by law or court order

  • Information is required by professional indemnity insurers or supervisors (shared anonymously where possible)

Where possible, this will be discussed with you before any disclosure.

5. How We Collect Your Data

  • Directly from you (forms, emails, sessions)

  • Automatically via cookies and analytics

  • From third parties only where necessary (e.g. payment processors, booking systems)

We do not buy personal data or use data brokers for therapy work.

6. Marketing Communications

You will only receive marketing communications if you:

  • Have opted in, or

  • Are an existing contact and marketing is relevant

You may unsubscribe at any time using the link in emails or by contacting jesshirani15@gmail.com.

7. Data Sharing & Disclosures

Your data may be shared only with:

  • Secure practice management or booking systems

  • Accountants, insurers, legal advisors

  • Clinical supervisors (anonymised)

  • Regulators or authorities where legally required

Your therapy data is never sold or shared for marketing purposes.

8. International Data Transfers

Where data is transferred outside the UK/EEA (e.g. cloud services), we ensure appropriate safeguards such as:

  • UK adequacy regulations

  • Standard Contractual Clauses (SCCs)

9. Data Security

We use appropriate technical and organisational measures, including:

  • Password-protected systems

  • Encrypted devices and platforms

  • Secure storage of clinical notes

Only authorised persons have access to your data.

10. Data Retention (Therapy-Specific)

  • Therapy records: 7 years after last contact (or 7 years after age 18 for minors, where applicable)

  • Financial records: 7 years

  • Marketing data: until consent is withdrawn

After this period, data is securely deleted or anonymised.

11. Your Legal Rights

You have the right to:

  • Access your personal data

  • Request correction or erasure

  • Restrict or object to processing

  • Withdraw consent

  • Data portability

Requests can be made to jesshirani15@gmail.com. We respond within one month.

If you are dissatisfied, you may complain to:

UK Information Commissioner’s Office (ICO)
https://www.ico.org.uk

12. Third-Party Links

We are not responsible for the privacy practices of external websites linked from this site.

13. Cookies

This website uses essential and non-essential cookies. Please see the Cookie Policy below for full details.

14. Use of Images & Testimonials

Images, testimonials, or case material are only used with explicit written consent. You may withdraw consent at any time and request removal.

15. Social Media

We advise against sharing sensitive personal or therapeutic information via social media platforms. Please contact us directly via email for confidential matters.

16. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on this website.

Jessica Hirani Wellness Ltd
Email: [removed]
Website: jessicahirani.com

Cookie Policy

(Your existing Cookie Policy text remains valid and compliant. No material changes required beyond confirming UK GDPR alignment.)