Privacy Policy


Our Approach to Privacy

Angsana Consulting treats privacy, confidentiality, and data security as fundamental. Any personal information shared with us is handled with discretion and in accordance with applicable data protection laws.

This policy explains how personal data is collected, used, stored, and protected when you engage with Angsana Consulting or use our website. We encourage you to review it carefully.

Data Controller

The data controller is The Angsana Practice.

Contact: hello@angsanaconsulting.co.uk

Concerns

If you have any concerns regarding how your data is handled, we encourage you to contact us directly so we can address them promptly. You also have the right to raise a concern with the Information Commissioner’s Office (ICO): www.ico.org.uk

Data We Collect

‘Personal data’ refers to information that can identify you. Where data is anonymised, it is no longer considered personal data.

We may collect and process the following categories of information:

  • Identity information: first and last name, marital status and title, date of birth, gender

  • Contact information: address, email address, telephone number

  • Financial information: bank account and payment card details

  • Transaction information: details of payments made and services p

  • Special Category Data (health-related information): including relevant medical history, medication, or other information required to deliver services safely and appropriately

We do not collect data relating to race, ethnicity, political opinions, religious beliefs, trade union membership, genetic or biometric data, sexual orientation, or criminal records.

Consent for Health-Related Data

Explicit consent is required to process health-related information. This consent will be requested during onboarding or prior to service delivery.

How Data is Collected

Information is collected primarily through direct interaction, including:

  • Client onboarding and assessment forms

  • Information provided before or during appointments

  • Verbal discussions

  • Correspondence via email, phone, or post

  • Feedback or enquiries

  • Website interactions, including cookies

Our website uses cookies to support functionality and improve user experience. Cookie preferences can be managed through your browser settings. Please refer to our Cookies Policy for further details.

If Data is Not Provided

Where personal data is required to meet legal or contractual obligations and is not provided, we may be unable to deliver services. In such cases, you will be informed at the relevant time.

How We Use Your Data

Personal data is used for the following purposes:

  • Client registration and administration

  • Delivery of services and management of payments

  • Ongoing client communication, including updates to terms or policies

  • Practice administration, system maintenance, and website security

  • Analysis to improve services, communications, and operational effectiveness

Processing is carried out on one or more lawful bases, including contractual necessity, legitimate interests, legal obligations, and consent (where required).

In certain circumstances, we may request your explicit consent, particularly where sensitive information is involved. Depending on the purpose, your personal data may be processed on more than one lawful basis. Further information on the legal grounds relied upon is available on request.

Third-Party Links

Our website may include links to third-party websites or services. Angsana Consulting does not control these sites and is not responsible for their privacy practices. Users are encouraged to review third-party privacy policies independently.

Data Sharing

Access to personal data is restricted to those who require it for legitimate purposes. Data may be shared with: 

  • IT and systems service providers

  • Professional advisers (e.g. healthcare professionals, lawyers, bankers, auditors, insurers) who provide consultancy, banking, legal, insurance and accounting services

  • Health insurers (where services are funded or reimbursed) with details about your appointment schedule and treatment updates

  • Clinical supervisors, with identifying patient details minimised. As an HCPC-accredited clinician, we are obliged to consult with another mental health professional for supervision purposes. This is to ensure we reflect and improve on our clinical skills

  • Medical or safeguarding professionals (e.g. GP, social worker), where required and with consent prior to doing so. When the information concerns risk of harm to the client or another person then we may need to disclose information about you without your consent for your own safety or for the safety of someone else

  • HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances

  • Debt recovery services, in the event that payment is not received for services rendered

  • Courts or legal authorities, where required by law or to protect vital interests. We ensure that this data sharing is conducted lawfully and with due regard for your privacy rights

All third parties are required to maintain appropriate confidentiality and security standards and may only process data in line with our instructions.

International Data Transfers

We may transfer your data outside of the United Kingdom/EEA, but only when we can be sure it is protected.

Many of our external third parties are based outside the United Kingdom/EEA and so their processing of your personal data will involve a transfer of data outside the United Kingdom. 

Whenever we transfer your personal data out of the United Kingdom, we make sure it is protected by at least implementing one of the following safeguards: 

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the United Kingdom

  • Where we use certain service providers, we may use specific contracts approved by the UK Information Commissioner’s Office and the European Commission which give personal data the same protection it has in Europe

Further details are available on request.

Data Security

Appropriate technical and organisational measures are in place to protect personal data. Access is limited to authorised individuals with a legitimate need to know.

In the unlikely event of a data breach, we will notify affected individuals and relevant regulators where legally required.

Data Retention

Personal data is retained only for as long as necessary and in line with legal and regulatory requirements.

By law, we have to retain the following information:

  • Medical information about patients is retained for 7 years after treatment concludes

  • Medical information relating to children is retained until age 25

  • Basic client information (including contact, identity, financial and transaction data) is retained for 6 years after treatment concludes for tax purposes

For information that does not fall under the definition of basic, to determine the appropriate retention time, we look at what kind of data it is, how sensitive it is, the risks if it's misused, why we need it, and if there are other ways to achieve the same goals. We also consider applicable legal, regulatory, tax, accounting and other requirements.

Your Rights

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (subject to legal limitations)

  • Object to certain processing

  • Request restriction of processing

  • Request data portability

  • Withdraw consent where processing relies on consent

Requests can be made by contacting us directly. We aim to respond within one month, subject to complexity and volume. No fee is charged unless requests are manifestly unfounded or excessive.

Updates and Contact

We regularly review our privacy policy. Please keep us updated if your personal data changes.

If you have any questions or wish to exercise your rights, please contact us at hello@angsanaconsulting.co.uk

This policy was last updated in February 2026.