Privacy policy.

Last Updated: 28th May 2025

1. Introduction I, Stacie Moxon, am committed to protecting and respecting your privacy. This Privacy Policy outlines how I collect, use, and safeguard your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Contact Details - Data Controller: Stacie Marie Moxon - Practice Address: available from September 2025 - Phone: 07740199006 - Email: hello@moxietherapies.com - ICO Registration Number: [Your ICO Number]

3. What Information I Collect I collect and process the following types of personal data: - Identity and Contact Data: Name, address, phone number, email - Special Category Data (Health Data): Mental health history, current difficulties, therapy session notes, risk assessments - Administrative Data: Appointment records, payment information, invoices - Website Data (if applicable): IP address, cookies

4. Lawful Basis for Processing Under UK GDPR, the lawful bases I rely on for processing your data include: - Consent - You have given clear permission for processing specific data. - Contract - Processing is necessary for the provision of a therapy service. - Legal Obligation - Required to comply with laws or regulations. - Vital Interests - To protect life in an emergency. - Legitimate Interests - For secure practice management. For special category data, the lawful basis is: - Provision of healthcare as a regulated professional (Article 9(2)(h)).

5. How I Collect Your Data - Directly from you (via phone, email, contact forms, or during sessions) - Through online intake forms (if applicable) - Automatically via my website (cookies or analytics, with your consent)

6. How I Use Your Data I use your data to: - Provide psychological therapy - Manage appointments, correspondence, and billing - Keep accurate and lawful records - Communicate securely with you or your GP (only with consent) - Meet legal, professional, and regulatory obligations

7. How I Store Your Data Your information is stored securely: - In encrypted digital records or password-protected files - In locked physical storage (if paper records are used) - Using GDPR-compliant practice management software I retain your data in line with professional guidelines, usually for 7 years after the end of therapy, or until a child client turns 25.

8. Sharing of Information I will not share your personal information without your consent unless: - Required by law (e.g., safeguarding, court order) - There is a risk of serious harm to yourself or others - With your GP or other professionals (only with consent)

9. Your Rights Under the UK GDPR You have the right to: - Access the personal data I hold about you - Request correction of inaccurate data - Request erasure (in some circumstances) - Restrict or object to processing - Request transfer of your data to another provider - Withdraw consent To exercise these rights, contact me using the details above. You may also contact the Information Commissioner's Office (ICO): www.ico.org.uk | Tel: 0303 123 1113

10. Website and Cookies (If Applicable) My website may use cookies for functionality and performance purposes. These are only used with your consent.

11. Changes to This Privacy Policy This policy is reviewed regularly and may be updated. The most current version will be available on this website or provided upon request.