Privacy Policy
Last Updated: November 2025
About Your Privacy and This Privacy Policy
Your privacy is extremely important to us. We are constantly putting a great deal of thought, effort, tools, resources, and procedures in place to protect and safeguard your privacy.
This document is our Privacy Policy, and it explains how Omnia Therapy Ltd (“we”, “us”, “our”) collects, uses, stores, and discloses information when you use our services.
This Privacy Policy applies to visitors to our public websites, registered users of our associated mobile and web applications (collectively the “Platform”), and to the counsellors who provide counselling services (“Counsellors”).
It is intended to inform you of our policies, procedures, and practices regarding the collection, use, and disclosure of any information that you provide through the Platform.
Data Controller: Omnia Therapy Ltd, 2nd Floor, 10 Charles II Street, London, England, SW1Y 4AA, United Kingdom
Company Number: 14389028
ICO Registration Number: ZB513535
Data Protection Lead: [email protected]
This Policy does not apply to employment-related data collected from staff or contractors.
If you are located in the United Kingdom, European Union, or Switzerland, additional information about your rights under applicable privacy laws appears in the GDPR Notice at the end of this Policy.
By using our Platform, you agree to the Terms and Conditions and to this Privacy Policy. If you do not agree, you should stop using the Platform immediately.
Information Collection, Use and Disclosure
Categories of Information Collected
We collect, use, and store the following categories of information to operate the Platform effectively and deliver counselling services safely:
- Visitor Data: pages visited, session times, browser/device type, and anonymised analytics.
- Onboarding Data: responses during registration, pages viewed, and questionnaire progress.
- Account Registration Data: email verification status, linked profiles, and anonymised client IDs.
- Transaction Data: payment details processed through secure third-party providers.
- Login Data: time and frequency of logins, session activity, and message volumes.
- Counselling Session Data: session scheduling, attendance, and cancellations.
- Customer Data: name (or chosen nickname), contact details, and emergency information.
- Counsellor Data: professional, financial, and credential information for therapists.
- Communications Data: messages between clients, counsellors, and the Omnia support team.
Emergency and GP Information
When you register for therapy, we collect emergency-contact and GP details (name, surgery, address, and phone number).
These details are used solely for safeguarding purposes — for example, to contact your GP or emergency services if there is a serious concern about your safety or wellbeing.
GP Notification where a Safety Plan or Risk is Identified:
If a Safety Plan is created or any element of risk is identified during sessions, your GP may be notified so that appropriate support can be co-ordinated. You will be informed if this happens, and this discussion will form part of the safety-planning process.
The lawful basis for processing this data is Legitimate Interest and Vital Interests, in line with the UK GDPR and BACP ethical requirements.
Clinical Record Retention
Clinical records (including counselling notes) are retained for seven (7) years from the end of therapy, or until the client reaches age 25 if they were under 18 when therapy ended, whichever is later.
This is to comply with professional guidance, legal limitation periods, and safeguarding requirements.
After this time, records are securely destroyed.
Emergency and GP details are retained for the duration of therapy and up to seven years after therapy ends, in line with these retention periods.
Record Storage and Security
Electronic records are stored on encrypted systems hosted within the UK or EEA, protected by strong password, access-control, and audit protocols.
Paper records (where used) are stored in locked cabinets in restricted-access offices.
No clinical records are transferred outside the UK or EEA without equivalent data-protection safeguards.
Purposes for Which Information is Used
We may use your information for the following purposes:
- Communication with you — to provide information, alerts, or suggestions related to the Platform; verify identity; complete registration; and reach out where there is a safeguarding concern.
- Delivery of services — to create and manage your account; facilitate therapy sessions; process payments; and ensure quality service.
- Administration and improvement — to supervise, monitor, and improve our services.
- Customisation — to personalise your experience and content (where consented).
- Compliance with law — to meet legal, safeguarding, tax, and health-and-safety obligations.
- Other uses with consent — for optional activities such as marketing or case-study participation.
Lawful Bases for Processing
Omnia Therapy Ltd processes personal data in accordance with the lawful bases set out in Article 6 UK GDPR.
Our primary lawful bases are:
- Performance of a contract – to provide counselling and related services as agreed.
- Compliance with a legal obligation – for safeguarding, tax, insurance, and record-keeping.
- Vital interests – where processing is necessary to protect life or prevent serious harm.
- Consent – for optional activities such as marketing or testimonials.
For special-category data relating to health, Omnia Therapy Ltd relies upon Article 9(2)(h) UK GDPR – processing necessary for the provision of health or social-care services by a professional subject to legal confidentiality.
Purposes for Which Information is Disclosed to Third Parties
Opting Out of Marketing Communication
You can opt out of receiving marketing emails at any time by using the unsubscribe link in our messages or by contacting [email protected].
Cookies and Web Beacons
We use cookies and similar technologies in accordance with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and the UK GDPR.
Where cookies are not strictly necessary to provide the service, we seek your consent before placing them.
You can change your browser settings at any time to manage or delete cookies.
For full details, see our Cookie Policy below.
Social and General Information Tools
We operate public channels such as our blog and social-media pages. Any information you share via those channels is subject to the respective platform’s privacy terms.
Phishing
We will never ask for your login or card details in an unsolicited message. Always ensure you are entering details on our secure website.
Links
Our Platform may contain links to other websites or services owned by third parties. We are not responsible for their content or privacy practices.
Security of Information
While no internet-based service can guarantee absolute security, we maintain industry-standard encryption, access controls, and monitoring to prevent unauthorised access, use, or disclosure.
Personal Data Breaches
In the unlikely event of a data breach likely to result in risk to your rights or freedoms, Omnia Therapy Ltd will notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected individuals where required.
All breaches and near-miss incidents are recorded and reviewed for accountability.
Service Providers
We may employ third-party companies to perform tasks related to the Platform (customer service, technical maintenance, billing, analytics, etc.). They receive only the minimum information required and must comply with confidentiality and data-protection standards.
Children’s Privacy
We do not knowingly collect data from anyone under 13 or allow them to create accounts.
Omnia Therapy provides therapy to clients aged 13 and above.
For clients 13–15, consent and registration are managed with a parent or guardian; for 16–17-year-olds, consent may be given directly if assessed as Gillick competent.
Compliance with Laws and Law Enforcement
We cooperate with government and law-enforcement agencies as required by law.
Therapists are also professionally obliged to disclose information in cases of:
(a) reported or suspected abuse of a child or vulnerable adult;
(b) serious suicidal potential;
(c) threatened harm to another person;
(d) court-ordered treatment;
(e) suspected terrorism;
(f) money-laundering offences.
Changes to the Privacy Policy
We may update this Policy from time to time. The effective date will appear at the top. Any material changes will be communicated through the Platform or by email.
Contacting Us
For any questions about this Privacy Policy or our privacy practices, contact:
[email protected] or use the “Contact” link on our website.
General Data Protection Regulation (GDPR) and UK GDPR Notice
Lawful Use of Your Personal Information
Omnia Therapy may use your personal information when:
- It is necessary to perform our contract with you;
- It is in our legitimate interest to provide and improve the Platform;
- It is required to meet a legal obligation;
- It is necessary to protect your or another’s vital interests in an emergency;
- You have consented to the specific processing (e.g., marketing or cookies).
Sensitive Data Clause
We may process special-category data such as health, racial or ethnic origin, or sexual orientation information, solely for the purposes of providing health or social-care services and in accordance with professional confidentiality.
Your Rights and Choices
If you are resident in the UK, EU, or Switzerland, you have the right to:
- Access – request a copy of the data we hold;
- Rectification – correct inaccurate information;
- Erasure – request deletion where lawful;
- Portability – transfer your data to another provider;
- Object – to certain processing, including direct marketing;
- Restriction or complaint – to limit processing or raise a complaint with the ICO.
To exercise these rights, contact [email protected].
You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) or your local supervisory authority in the EU/EEA or Switzerland.