Privacy Policy

The Positive Psychologist

Last updated: 4th March 2026

1. Data Controller
Dr Kristin Sonja Bohn, sole trader trading as The Positive Psychologist, is the Data Controller.
Trading address: 130 Gidley Way, Oxford, OX33 1TD, UK
Email: drkristinbohn@gmail.com
Where required, I am registered with the
Information Commissioner's Office.

2. Personal Data Collected
I may collect:
Name
Contact details
Payment details (processed via secure third-party providers)
Session notes
Psychological and health history information
Correspondence
Technical website data (IP address, browser type)

3. Special Category Data
As a Clinical Psychologist, I process health-related information which is classified as special category data under UK GDPR.
This data is processed:
For provision of health care
Under professional confidentiality obligations
In accordance with HCPC standards
In line with BPS ethical guidance
Legal guidance is provided by the
Information Commissioner's Office.

4. Lawful Bases for Processing
I rely on:
Contract – delivery of services
Legal obligation – safeguarding and record keeping
Provision of health care – clinical services
Legitimate interests – website improvement
Explicit consent – marketing communications

5. How Data Is Used
Your data is used to:
Provide therapy or coaching
Maintain professional clinical records
Process payments
Send service-related communications
Send newsletters (if opted in)
Improve website performance

6. Data Retention
Clinical records are retained in accordance with professional standards (typically 7 years after last contact for adults; longer for children where applicable).
Financial records retained in line with HMRC requirements.
Marketing data retained until consent is withdrawn.

7. Data Sharing
Data may be shared with:
Secure payment processors
Website hosting providers
Email marketing providers (where subscribed)
Data is never sold.
If data is processed outside the UK, appropriate safeguards are in place.

8. Your Rights
Under UK GDPR, you have rights including:
Access
Rectification
Erasure
Restriction
Data portability
Objection
Withdrawal of consent
You may lodge a complaint with the
Information Commissioner's Office.

9. Data Security
Appropriate technical and organisational measures are implemented to safeguard personal data.