Privacy Policy

Last updated: 1 April 2026

1. Data Controller

The data controller for the purposes of UK GDPR and the Data Protection Act 2018 is:

Andrew Cheers
Headstart Mental Health
In Motion Clinics, 137 Long Lane, Upton, Chester CH2 1JF
Phone: 07469 870 295

Headstart Mental Health is registered with the Information Commissioner's Office (ICO).

2. What Personal Data We Collect

We may collect and process the following personal data:

  • Contact information: name, email address, phone number, and postal address, provided when you contact us or book an appointment.
  • Health and clinical data: information about your mental health, medical history, treatment notes, and progress records created during the course of therapy. This is classified as special category data under UK GDPR.
  • Website usage data: anonymised information about how you use our website, collected through cookies (see our Cookie Policy).
  • Communication records: records of correspondence between you and the clinic, including emails, phone calls, and messages submitted through our contact form.
  • Payment information: records of payments made for services. We do not store credit or debit card details.

3. Why We Collect Your Data (Lawful Basis)

We process your personal data under the following lawful bases:

  • Consent (Article 6(1)(a)): When you submit a contact form, sign up for communications, or consent to the use of cookies. You may withdraw consent at any time.
  • Contract (Article 6(1)(b)): To provide the therapy services you have engaged us for, including appointment scheduling, session delivery, and follow-up.
  • Legitimate interest (Article 6(1)(f)): To respond to enquiries, improve our services, and maintain the security of our website.
  • Vital interests (Article 6(1)(d)): In rare circumstances where there is an immediate risk to your safety or the safety of others.
  • Legal obligation (Article 6(1)(c)): Where we are required to retain records by law or regulatory requirements.

For special category data (health information), we rely on:

  • Explicit consent (Article 9(2)(a)): You provide explicit consent for us to process health data as part of your therapy.
  • Health or social care purposes (Article 9(2)(h)): Processing is necessary for the provision of health care.

4. How We Store Your Data

Your personal data is stored securely. Clinical records are kept in encrypted digital systems. Paper records, where they exist, are stored in locked cabinets at our clinic. Access to your data is restricted to Andrew Cheers only, unless you provide explicit consent for information to be shared.

We take appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

5. Third Parties

We may share your data with the following third parties, only to the extent necessary:

  • Formspree: Our contact form is processed by Formspree Inc. Data submitted through the contact form (name, email, phone number, message) is transmitted to Formspree's servers. See Formspree's privacy policy.
  • Google Analytics: We use Google Analytics to understand how visitors use our website. This data is anonymised and does not identify you personally. See Google's privacy policy.
  • Other professionals: With your explicit written consent, we may share relevant clinical information with your GP, other healthcare professionals, or referrers.
  • Legal requirements: We may disclose personal data if required by law, court order, or to protect the safety of you or others.

We will never sell your personal data to any third party.

6. Data Retention

We retain personal data in accordance with the following periods:

  • Clinical records for adults: Retained for 7 years after the last contact, in line with professional guidelines.
  • Clinical records for children: Retained until the child reaches the age of 25, or for 7 years after the last contact, whichever is longer.
  • Contact form submissions: Retained for up to 12 months, unless they lead to a therapeutic relationship.
  • Website analytics data: Retained for 26 months in Google Analytics.

When retention periods expire, data is securely deleted or destroyed.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to erasure: You can request that we delete your personal data, subject to our legal obligations.
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
  • Right to object: You can object to our processing of your data where we rely on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time.

To exercise any of these rights, please get in touch or call 07469 870 295. We will respond within one month.

8. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

9. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

Call WhatsApp Book