Privacy Notice

Last updated: 8th April 2026

Who I am

Remember Who We Are Therapy Ltd, trading as Remember Who We Are Therapy, is the data controller for the personal information collected through this website and in the course of providing psychotherapy services.

Registered office: 71–75 Shelton Street, Covent Garden, London WC2H 9JQ.
Company number: 17142385
Email: jamila@rememberwhowearetherapy.com
Website: rememberwhowearetherapy.com

About this notice

This privacy notice explains how I collect, use, store and protect your personal information when you:

  • visit this website;

  • get in touch by email, form or phone;

  • book or attend a consultation;

  • enquire about or receive psychotherapy services; or

  • Otherwise, communicate with Remember Who We Are Therapy.

I aim to handle your information with care, consent and steadiness. I only collect what is reasonably necessary to run the practice, respond to enquiries, provide therapy, and meet my legal, ethical and professional obligations.

The personal information I may collect

Depending on how you interact with the practice, I may collect and use the following information:

Identity and contact information

  • your name;

  • email address;

  • telephone number;

  • postal address, if you provide it;

  • emergency contact details, if relevant.

Enquiry and booking information

  • the information you include in an enquiry form, email or booking request;

  • your availability and preferences for online or in-person sessions;

  • appointment history and scheduling information.

Therapy and health-related information

  • information you choose to share about your mental health, emotional wellbeing, relationships, family history, identity, life circumstances, and reasons for seeking therapy;

  • assessment information;

  • clinical notes and other records relating to therapy;

  • risk, safeguarding or safety-related information where relevant.

Payment and financial information

  • invoice details;

  • records of payments made;

  • limited financial information needed for accounting and tax purposes.

Website and technical information

  • basic technical information such as IP address, browser type, device information, pages visited, and approximate location derived from IP address;

  • cookie and analytics information, where used.

Information from other people or organisations

  • information from a GP, psychiatrist, insurer, referrer, or another professional if you ask them to share it with me, or if sharing is otherwise lawful and necessary;

  • information from a parent, guardian or other responsible adult where relevant and lawful.

Special-category information

Psychotherapy work often involves information about health, mental health, ethnicity, religion, sexual life or orientation, and other sensitive matters. Under UK data protection law, this is known as special-category data.

I only process this information where it is necessary and lawful for the provision of therapy, the management of the practice, safeguarding, or where you have clearly chosen to provide it in the context of seeking or receiving therapy.

In some cases, therapy records may also contain information relating to allegations, incidents or criminal offences where this is relevant to the therapeutic work.

How I use your information and my lawful basis

I use personal information for the following purposes:

To respond to enquiries and arrange consultations
This includes reading and replying to emails or contact form messages, arranging an initial call, and deciding whether I may be an appropriate therapist for you.

Lawful basis: contract, or taking steps at your request before entering into a contract.

To provide psychotherapy services
This includes assessment, ongoing therapeutic work, session administration, record-keeping, reviewing the work, and communicating with you about appointments and practical matters.

Lawful basis: contract.
Special-category condition: health or social care/treatment.

To keep clinical records and manage therapy safely and responsibly
This includes keeping notes, monitoring risk, maintaining professional standards, seeking supervision, and making decisions necessary for safe practice.

Lawful basis: legitimate interests and, where relevant, legal obligation.
Special-category condition: health or social care/treatment.

To manage invoicing, accounts, and tax records
This includes issuing invoices, recording payments, maintaining accounting records, and sharing necessary information with an accountant, bookkeeper or HMRC where required.

Lawful basis: legal obligation.

To run, maintain and improve the website and practice systems
This includes website security, troubleshooting, preventing misuse, and reviewing how the site is used so that I can improve it.

Lawful basis: legitimate interests.

Optional marketing or newsletters
If I ever offer a newsletter, mailing list, workshop updates or similar marketing by email, I will only send these where I have a valid legal basis to do so, usually your consent where required.

Lawful basis: consent, where applicable.

Who I may share your information with

I treat your information as confidential. I do not sell your personal information.

I may share information, where necessary and lawful, with:

  • trusted service providers who help me run the practice, such as website hosting, email, cloud storage, calendar or booking systems, online meeting platforms, payment processors, and accounting support;

  • my clinical supervisor, on an anonymised or minimally identifying basis wherever possible;

  • your GP, psychiatrist or another health professional, where you have agreed to this or where sharing is otherwise lawful and necessary;

  • my insurer, legal adviser or professional body where necessary for complaints, claims, ethical advice, or legal compliance;

  • HMRC or other authorities, where required by law;

  • safeguarding, emergency or law-enforcement services where I believe there is a serious risk of harm, or where I am legally required to share information.

Where I use third-party providers, I take reasonable steps to ensure they handle personal information appropriately.

International storage and transfers

Some of the third-party services I use may store or process personal information outside the UK. Where this happens, I take steps to ensure that appropriate safeguards are in place so that your information remains protected.

How long I keep your information

I keep personal information only for as long as necessary for the purpose for which it was collected, and in line with legal, insurance, professional and ethical requirements.

My current retention periods are:

  • General enquiries that do not become clients: up to [6 or 12] months after the last contact;

  • Consultation and prospective client information where therapy does not begin: up to [6 or 12] months after the last contact, unless there is a clear reason to retain it for longer;

  • Client clinical records: 7 years after therapy ends;

  • Records relating to minors (if applicable): 7 years after the child reaches the age of 18;

  • Invoices, accounting records and related financial documents: 6 years from the end of the relevant financial year;

  • Website and analytics data: in line with the settings and retention periods of the relevant provider.

When information is no longer required, it will be securely deleted or destroyed.

Your data protection rights

Under UK data protection law, you may have the right to:

  • ask for access to the personal information I hold about you;

  • ask for inaccurate or incomplete information to be corrected;

  • ask for your information to be erased in certain circumstances;

  • ask for processing to be restricted in certain circumstances;

  • object to processing based on legitimate interests;

  • ask for a copy of the information you provided to me, in a portable format, where applicable;

  • withdraw consent at any time, where I rely on consent;

  • complain if you are unhappy with how your information has been handled.

These rights are not absolute, and there are circumstances in which I may lawfully need to retain or limit disclosure of certain information. For example, this may apply where information also relates to another person, where I need to comply with legal obligations, or where an exemption applies.

If you would like to exercise any of these rights, please get in touch with me using the details at the end of this notice.

Subject access requests

You can ask for a copy of the personal information I hold about you. I may need to confirm your identity before responding.

I aim to respond without undue delay and usually within one month of receiving a valid request, although the law allows longer in some cases, for example where a request is complex.

Website forms, cookies and analytics

This website may use cookies and similar technologies to make the site work properly, understand how visitors use the site, and improve performance.

Where non-essential cookies or analytics tools are used, these should be managed through a cookie banner or consent tool. You can usually control cookies through your browser settings as well.

12. Where I get information from

Most of the personal information I process comes directly from you.

In some situations, I may also receive information from:

  • a referrer;

  • a GP, psychiatrist or other health professional;

  • a parent, guardian or responsible adult;

  • an insurer or employee assistance provider;

  • a third-party booking or payment system you have used.

If I receive personal information about you from another source, I will handle it in line with this privacy notice.

13. Confidentiality and its limits

Therapy is confidential, and I take confidentiality seriously. However, there are limited circumstances in which I may need to share information without your consent. This may include where:

  • there is a serious risk of harm to you or someone else;

  • there are safeguarding concerns involving a child or vulnerable adult;

  • disclosure is required by law or court order;

  • disclosure is necessary for the establishment, exercise or defence of legal claims;

  • sharing is otherwise lawful, proportionate and necessary.

Where possible, I will aim to discuss this with you first unless doing so would increase risk or would not be lawful or appropriate.

14. Data security

I take reasonable technical and organisational steps to protect personal information from loss, misuse, unauthorised access, alteration or disclosure.

These steps may include secure passwords, restricted access, encrypted or protected systems, secure email and cloud services, and careful handling of paper and digital records.

No system can ever be guaranteed to be completely secure, but I aim to use reputable providers and proportionate safeguards.

15. Changes to this notice

I may update this privacy notice from time to time to reflect changes in the law, the way the practice operates, or the systems I use. The most current version will always be posted on this website.

16. Contact

If you have any questions about this privacy notice or how your personal information is handled, please contact:

Jamila Andersson
Remember Who We Are Therapy Ltd
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UNITED KINGDOM
Email: jamila@rememberwhowearetherapy.com

If you are unhappy with how I have handled your information, I would appreciate the opportunity to respond first. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.