Privacy Policy

Information Governance Policies & Procedures

Last updated: 21/01/2026

Section A – Introduction

Future You Today (“we”, “I”, “us”, “our”) is committed to protecting the privacy, rights, and freedoms of individuals whose personal data we process.

All personal and sensitive data is:

Processed lawfully, fairly, and transparently
Collected for specified and legitimate purposes
Adequate, relevant, and limited to what is necessary
Accurate and kept up to date
Stored securely
Retained only for as long as legally required

We will not disclose personal data to third parties unless:

We are legally required to do so; or
There is a safeguarding concern involving risk of harm to the client or others

Data is processed primarily to maintain client records, provide services, and communicate appropriately.

If you would like us to stop contacting you, you can do so at any time by contacting:

Email: info@futureyoutoday.co.uk
Call/Text/WhatsApp: 07713 455 333

Scope of This Policy

This policy applies to all personal data held by the organisation, including:

Written documents
Electronic documents and spreadsheets
Hardcopy case notes and files
Databases
Images and recordings
Emails and text messages
Supervision notes
Website visits
Social media communications

Aim & Purpose

The purpose of this policy is to ensure that [Your Business Name]:

Complies with UK GDPR and the Data Protection Act 2018
Protects individual rights under Article 1 of GDPR
Follows best practice in information governance
Maintains professional, ethical, and secure record keeping

Information Governance ensures that information is:

The right information
In the right place
At the right time
Accessible only to the right people
Used for the right reasons

This is a live document and may be updated to reflect changes in legislation or business practice.

Roles & Responsibilities

For the purposes of this policy:

Data Controller / Data Protection Officer: Rhian Kemp
Head of Organisation: Rhian Kemp

The Data Controller is responsible for ensuring compliance with data protection legislation and allocating appropriate resources to meet these obligations.

Information Governance Framework Principles

Future You Today adheres to the following principles:

GDPR training has been completed, with refresher training undertaken at least every two years
Data is collected solely to provide a person-centred service
Business changes are planned with data protection risks assessed in advance
The Caldicott Principles and ICO Codes of Practice guide best practice
All electronic devices are password protected
Sensitive documents are individually password protected
Records are identifiable, retrievable, and intelligible
Secure procedures exist for managing, retaining, and disposing of data

Section B – Privacy Notice: Use of Information

How Personal Data Is Stored

Hardcopy records are stored in locked filing cabinets behind locked doors
Electronic data is stored on password-protected devices
Documents containing personal data are clearly marked “Private and Confidential”
Emails include a privacy notice

Your Rights Under GDPR

You have the right to:

Be informed
Access your data
Rectify inaccurate data
Request erasure
Restrict processing
Data portability
Object to processing
Not be subject to automated decision-making

We do not use automated decision-making or profiling.

Website Visitors & Analytics

When visiting our website, anonymised information may be collected using analytics tools (such as Google Analytics) to understand website performance and visitor behaviour. This data does not identify individuals.

Website Hosting

Our website is hosted on Wix, a GDPR-compliant platform. Server logs may collect anonymised technical data (e.g. IP address, browser type) to maintain website performance and security.

Cookies

Our website uses cookies to:

Ensure correct website functionality
Improve user experience
Analyse website traffic

You can manage cookie preferences through your browser settings or the cookie banner.

Children

Our services and website are not intended for children under the age of 16 without parental consent.

Information Security

We use appropriate technical and organisational measures to safeguard personal data, including:

Password-protected computers and devices
Secure email accounts
Encrypted or password-protected attachments
Locked physical storage

Email is not considered a fully secure medium. Clients choosing to share personal data by email do so at their own discretion.

Section C – Data Breaches

In the event of a personal data breach, we will:

Assess the risk to individuals
Notify the ICO within 72 hours where required
Inform affected individuals where there is a risk to their rights

All data breaches will be documented in accordance with Article 33 GDPR.

Subject Access Requests (SARs)

Individuals may request access to their personal data. Requests:

Must be made in writing
Will be responded to within one month (or up to two months if complex)
Are usually free of charge

Right to Erasure

You may request deletion of your data where legally permissible.
Hardcopy data will be cross-shredded and electronic data permanently deleted.
A record of the request will be retained for legal purposes.

Confidentiality & Supervision

All therapy sessions are confidential. Anonymised discussion may occur during professional supervision. Supervisors are bound by GDPR and confidentiality obligations.

Exceptions to Confidentiality

Confidentiality may be breached where:

There is a risk of serious harm to you or others
Disclosure is required by law or court order

Where possible, this will be discussed with you first.

Complaints

If you are unhappy with how your data is handled, please contact us directly. If unresolved, you may contact the Information Commissioner’s Office (ICO) on 0303 123 1113.

Business Continuity

In the event of death or serious illness, a professional supervisor will manage client communication and securely archive records in line with GDPR.

Contact

Email: info@futureyoutoday.co.uk

Retention Schedule

Information Asset Information Owner Retention Period Disposal Trigger

Emails Head of Organisation Annual review each January End of retention

Mobile contact details Head of Organisation Until device decommission End of retention

Recordings Head of Organisation 5 years or consent withdrawn End of retention

Images Head of Organisation 5 years or consent withdrawn End of retention

Promotional materials Head of Organisation Until superseded End of retention

Paper diaries Head of Organisation 3 months after use End of retention

Policies Head of Organisation Until replaced End of retention

Client records & notes Head of Organisation 8 years after final session

(children: age 25/26) End of retention

Safeguarding records Head of Organisation 5 years or insurer requirement End of retention

Payment records Head of Organisation 6 years (HMRC) End of retention

Waiting lists Head of Organisation Annual review End of retention

CPD records Head of Organisation While in service + 8 years End of retention

Supervision records Head of Organisation While in service + 8 years End of retention

Service evaluations Head of Organisation Anonymised within 6 months End of retention

Tax returns Head of Organisation 6 years End of retention

Incident reports Head of Organisation 40 years End of retention

Insurance policies Head of Organisation 40 years End of retention

Complaints Head of Organisation 8 years End of retention

SARs Head of Organisation With records or +2 years End of retention

Equal Opportunities Policy (Summary)

Future You Today is committed to equality, diversity, and inclusion and complies fully with the Equality Act 2010. Discrimination is not tolerated in any form