PRIVACY POLICY

Last Updated: 27th April 2026

At Miss Erica, I am committed to protecting and respecting your privacy. This notice explains how I collect, use, and protect your personal data when you use my website and services.

1. Who I Am

"Miss Erica" is the Data Controller for your personal information. If you have any questions regarding your data, you can contact me at: info@misserciastorm.co.uk.

2. The Data I Collect

I collect and process the following information:

  • Identity Data: Name, date of birth.

  • Contact Data: Email address, phone number, and physical address.

  • Sensitive Data: Information regarding your health, well-being, and personal history (shared during intake or sessions).

  • Financial Data: Payment details (processed securely via [e.g., Stripe/PayPal]—I do not store your full card details).

  • Technical Data: IP address and cookies when you browse my website.

3. How I Use Your Data

I only use your data when the law allows me to. Most commonly:

  • Contractual Necessity: To provide the coaching/therapy services you have booked.

  • Legal Obligation: To comply with UK tax laws or safeguarding legislation.

  • Vital Interests: To protect your life in an emergency (see the Safeguarding clause in my Terms).

  • Consent: When you sign up for my newsletter or marketing (which you can withdraw at any time).

4. Data Retention (The 7-Year Rule)

In accordance with UK professional indemnity insurance and HMRC requirements, I will retain your personal data and session notes for 7 years after our final session. After this period, your data will be securely deleted or shredded. For clients under 18, records are kept until they turn 25.

5. Data Security

Your data is stored using encrypted, password-protected digital systems or in locked physical filing cabinets. I take all reasonable steps to ensure your information is not lost, used, or accessed in an unauthorized way.

6. Sharing Your Data

I do not sell your data. I only share your data with:

  • Authorities: If required by law (safeguarding or court order).

  • Service Providers: Secure platforms I use to run my business (e.g., booking systems, email providers, or accountants).

  • Clinical Supervisors: As part of professional practice, I may discuss cases with a supervisor, but your identity remains anonymous.

7. Your Legal Rights

Under UK GDPR, you have the right to:

  • Request Access: You can ask for a copy of the data I hold about you.

  • Request Correction: You can ask me to fix inaccurate information.

  • Request Erasure: In certain circumstances, you can ask me to delete your data (subject to my 7-year legal retention requirement).

  • Object to Processing: You can ask me to stop using your data for marketing.

8. Complaints

If you are unhappy with how I handle your data, please contact me first. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.