Privacy Policy

Last updated: 31/12/2025

This Privacy Policy explains how personal data is collected, used, stored, and protected when you engage with Bishoy Basha ("I", "me", "my") for coaching, psychotherapy, or through use of this website. This policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

1. Data Controller

The data controller is:

Bishoy Basha
Coach and Psychotherapist
Website: https://bishoybasha.com
Email: info@bishoybasha.com

I am responsible for deciding how your personal data is used and protected.

2. Scope of This Policy

This policy applies to:

  • Visitors to this website

  • Individuals who contact me via the website, email, or phone

  • Clients engaging in coaching and/or psychotherapy services

It does not apply to external websites linked from this site.

3. Personal Data I Collect

a) Website Use

When you visit this website, I may collect limited technical data, such as:

  • IP address

  • Browser type and version

  • Device and operating system

  • Pages visited and time spent

This data is collected via cookies or analytics tools and is anonymised where possible.

b) Enquiries and Contact

If you contact me, I may collect:

  • Name

  • Email address

  • Phone number

  • Information you choose to share in your message

c) Coaching and Psychotherapy Clients

If you engage in services, I may collect:

  • Contact details (name, address, email, phone number)

  • Date of birth

  • Emergency contact details

  • Session notes

  • Assessment information

  • Relevant personal history you choose to disclose

Some of this information may be classified as special category data.

4. Special Category Data

For psychotherapy and some coaching work, I may process special category data, including information relating to:

  • Mental health

  • Emotional wellbeing

  • Addiction and recovery

This data is processed in accordance with Article 9(2)(h) of the UK and EU GDPR for the provision of health or therapeutic services, and with appropriate safeguards in place.

5. Legal Bases for Processing

I process personal data under the following lawful bases:

  • Consent – where you have given clear permission (e.g. contact forms)

  • Contract – where processing is necessary to deliver agreed services

  • Legal obligation – where required by law (e.g. insurance, taxation)

  • Legitimate interests – for running my practice, provided your rights are not overridden

For special category data, processing is based on:

  • Provision of health or therapeutic services

  • Explicit consent where required

6. How Your Data Is Used

Your personal data may be used to:

  • Respond to enquiries

  • Arrange and deliver coaching or psychotherapy sessions

  • Maintain accurate client records

  • Communicate about appointments or services

  • Meet legal, ethical, and professional obligations

Your data will never be sold or shared for marketing purposes.

7. Data Storage and Security

I take reasonable steps to protect your personal data, including:

  • Password-protected devices and accounts

  • Encrypted storage where available

  • Secure email and practice systems

  • Limiting access to data on a need-to-know basis

Session notes are stored separately from identifying information where possible.

8. Data Retention

Personal data is retained only for as long as necessary:

  • Client records are typically retained for 7 years after the end of services (or 7 years after a minor reaches 18), in line with professional and insurance guidance

  • Enquiry data is retained for up to 12 months

  • Website analytics data is retained according to the relevant provider’s settings

Data is securely deleted or destroyed when no longer required.

9. Sharing of Data

Your data may be shared only when necessary:

  • With professional supervisors (anonymised where possible)

  • With legal or regulatory authorities if required by law

  • In cases of serious risk of harm to you or others

I will not share your data with third parties without lawful justification.

10. Confidentiality and Safeguarding

All coaching and psychotherapy work is confidential, subject to legal and ethical limits. Confidentiality may be broken if:

  • There is a serious risk of harm to you or others

  • Disclosure is required by law

  • There are safeguarding concerns involving children or vulnerable adults

Where possible, this will be discussed with you first.

11. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of data (where applicable)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

Requests should be made in writing using the contact details above.

12. Complaints

If you are unhappy with how your data is handled, you have the right to complain to the supervisory authority:

UK: Information Commissioner’s Office (ICO)
Website: https://ico.org.uk

EU: Your local Data Protection Authority

I encourage you to contact me first so I can try to resolve any concerns.

13. Cookies

This website may use cookies to improve functionality and understand site usage. You can control or disable cookies via your browser settings.

A separate Cookie Policy may be provided if required.

14. Changes to This Policy

This Privacy Policy may be updated from time to time. The most recent version will always be available on this website.

15. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact:

Bishoy Basha
Email: info@bishoybasha.com

This policy is intended to meet UK and EU data protection requirements for coaching and psychotherapy practices.