Privacy Policy

Last updated: February 2026

Introduction

This Privacy Policy explains how I collect, use, store and protect your personal data when you visit my website or work with me as a surf confidence coaching or psychotherapy client.

I am committed to protecting your privacy and handling your data transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller:
Danni Unway
Surf Confidence Coach
Email: danniunwaytherapy@gmail.com

What Information I Collect

I may collect and process the following types of personal data.

Website Visitors

  • Name

  • Email address

  • Information submitted via contact forms

  • IP address

  • Browser type and device information

  • Website usage data (via Google Analytics)

  • Cookie data

Mailing List Subscribers

  • Name

  • Email address

  • Any preferences you provide

Coaching Clients

  • Name and contact details

  • Emergency contact details (where relevant)

  • Information relevant to your coaching goals

  • Session notes

  • Payment details (processed via Squarespace Payments)

Psychotherapy Clients (Special Category Data)

As part of therapeutic work, I collect sensitive personal data, including:

  • Mental health information

  • Personal history

  • Information disclosed during sessions

  • Risk-related information where relevant

  • Session notes

This data is classified as “special category data” under UK GDPR and is handled with additional safeguards.

How I Use Your Information

I process your personal data in order to:

  • Respond to enquiries

  • Provide coaching or psychotherapy services

  • Manage appointments and scheduling

  • Maintain appropriate clinical records

  • Process payments

  • Send newsletters or updates (where you have opted in)

  • Improve website performance and user experience

Lawful Basis for Processing

Under UK GDPR, I rely on the following lawful bases:

  • Consent – when you subscribe to my mailing list

  • Contract – when you engage my coaching or therapy services

  • Legitimate Interests – to operate and improve my website and services

  • Legal Obligation – where I am required to retain records or disclose information

  • Provision of Health Care (Special Category Data) – for psychotherapy services

You may withdraw consent at any time where consent is the lawful basis.

Confidentiality and Legal Limits

Everything disclosed within therapy sessions is treated as confidential, except where disclosure is required:

  • With your consent

  • By a Court of Law

  • Where statutory law requires disclosure

  • Where there is significant risk of harm to yourself or others

  • Where there are safeguarding concerns involving children or vulnerable adults

Where possible, I will discuss any required disclosure with you first.

Supervision

As part of my professional and ethical practice, I attend clinical supervision. Client information discussed in supervision is anonymised where possible, and my supervisor is also bound by strict confidentiality.

How Your Data Is Stored

Website Hosting

My website is hosted by Squarespace, which securely stores data on its servers.

Payments

Payments are processed via Squarespace Payments. I do not store your full card details.

Mailing List

Mailing list data is managed via Squarespace Email Campaigns.

Analytics

I use Google Analytics to understand website traffic and improve user experience. This collects anonymised usage data.

Therapy Records

Session notes are kept securely in accordance with UK GDPR and professional insurance requirements. Records are retained for the period required by my insurer and professional body, after which they are securely destroyed (for example, shredded if paper-based).

While I take all reasonable steps to protect your data, no online system can guarantee absolute security.

Online Therapy and Coaching

If we work together online:

  • Sessions are conducted via a secure platform

  • You are responsible for ensuring you are in a private space

  • You may be asked to provide an alternative contact number in case of disconnection

  • In situations involving significant risk, you may be asked to provide emergency contact details

International Clients

I am based in the United Kingdom and operate under UK jurisdiction and professional insurance. If you are accessing services from outside the UK, your data will still be processed under UK GDPR standards.

Data Retention

I retain personal data only for as long as necessary:

  • Enquiry emails are typically kept for up to 12 months

  • Mailing list data is kept until you unsubscribe

  • Coaching records are retained in line with insurance requirements

  • Therapy records are retained in accordance with professional and insurance guidelines

After this period, data is securely deleted or destroyed.

Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where legally permissible)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent (where applicable)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: https://www.ico.org.uk

Cookies

This website uses cookies through Squarespace and Google Analytics to:

  • Enable website functionality

  • Analyse traffic and usage

  • Improve user experience

You can manage cookie preferences through your browser settings.

Third-Party Services

I use trusted third-party providers including:

  • Squarespace (hosting, payments, mailing list)

  • Google Analytics (website analytics)

These providers may process data on my behalf in accordance with their own privacy policies.

Contact

If you have any questions about this Privacy Policy or your data, please contact:

Danni Unway
Email: danniunwaytherapy@gmail.com