Privacy & Cookie Policy

This Privacy & Cookie Policy describes how my practice handles personal information when you access this website (www.valendinova.com), contact me for therapy or otherwise share personal data with me.

By using this website or contacting me, you agree to the practices described in this policy.

For the purposes of the Data Protection Act 2018 (‘UK GDPR’) and the EU General Data Protection Regulation 2016/679 (‘EU GDPR’), the data controller and data processor is Valendin Limited (ICO registration ZA746941), a company registered in England and Wales. I, Kristina Valendinova, am the sole practitioner operating through Valendin Limited.

Information I Collect

I collect two types of data:

  1. Non-personal information is unidentified and non-identifiable, and contains technical information about how you use the website. This may include your aggregated usage information and technical information transmitted by your device, as well as information on your activity on the website.

  2. Personal data or personal information is any information that identifies an individual or may with reasonable effort identify an individual. To assist with administration, I may collect the following:

    • Information you provide when contacting me, including enquiries submitted through the website contact form, email or phone, and referrals from colleagues or professional networks;

    • In addition to basic contact details collected at enquiry stage, I may also collect your full name, telephone number, postal address, GP details and an emergency contact once therapy begins. This policy relates only to administrative and clinical-responsibility data, not the content of therapy sessions, which remains confidential.

    • Billing information, payment card information and transaction details;

    • Device information, including geolocation data, Internet Protocol (IP) address, unique identifiers (e.g. MAC address and UUID) and other information, which is collected automatically by website analytics services.

Legitimate Reasons for Processing Your Personal Data

I will only collect, store, use and share your personal information when I have a legitimate reason for doing so, and only information that is reasonably necessary to provide services to you.

Collection and Use of Personal Data

I collect most of your information directly from you – in person, by telephone, text or email and/or via this website when you do any of the following:

  • Use a mobile device or web browser to access this website;

  • Contact me via email, social media or on any similar technologies;

  • Engage any services from me.

I may also collect data:

  • Directly from a third party (e.g. your representative or legal guardian when appropriate);

  • From cookies on this website;

  • From publicly accessible sources, public registers, third-party providers and services (e.g. traffic analytics vendors).

I may collect, hold, use and disclose information for the following purposes:

  • To provide you with therapy services;

  • To receive and record payments for therapy sessions, including bank transfers, Monzo payments, PayPal payments and cash payments;

  • To contact and communicate with you;

  • To provide you with this website’s features and for analytics, to operate and improve this website;

  • For internal record keeping and administrative purposes;

  • To use fully anonymised material in professional supervision, with no identifying details shared;

  • To comply with legal obligations and resolve any disputes.

I do not use automated (AI-assisted) decision-making or transcription services of any kind.

In the event of incapacity or death, a named clinical executor may access client information solely to notify clients and ensure safe and ethical closure, and, where appropriate, facilitate continuation of care. Any transfer of clinical information to another therapist would then only occur with your explicit consent.

Cookies

This website uses cookies - small data files stored on your device that help the website function properly:

  • Essential cookies, to enable basic website functions;

  • Analytics cookies, which are set by other online services (e.g. by third-party analytics companies) to understand how you use the website and help me improve it.

You can disable cookies through your browser preferences; however, this may affect how the website works. For more information about the cookies used by our website platform (Squarespace), see their Cookie Policy

Sharing Personal Data

I will always treat your personal data with care and never sell or share it with third parties, unless required by law or set in this policy.

Different types of information may be shared with the following parties:

  • Clinical supervision: fully anonymised clinical material may be shared in ongoing supervision;

  • Limits to clinical confidentiality: confidential information may be disclosed only under exceptional circumstances and only as required by law, where there are overriding legal or other concerns pertaining to the well-being of a client. Where I reasonably believe this to be the case, I may need to inform appropriate authorities. Whenever possible, I will consult with a supervisor before taking such a step and will encourage a client to self-report.

  • Contractors and third-party service providers: financial and technical data may be shared with service providers (web designer, accountant) and technical providers who assist in providing information or services to you;

Third parties I currently use include:

Where and How Long Is Your Data Held

Your personal data may be held in my office (paper records), in encrypted digital storage, in email correspondence, and with the third-party service providers described above. Some of these service providers (e.g. Google and Squarespace) are based outside the UK/EEA and may store data on servers in other countries, including the United States. These countries may not have identical data protection laws to the UK, but all providers I use are required to maintain appropriate security standards and comply with applicable data protection regulations.

For clients under the age of 18, personal data is processed with the consent of a parent or legal guardian, and confidentiality is managed in accordance with safeguarding requirements and the clinical needs of working with minors.

I keep your personal data only for as long as needed for the purpose for which it is used.

  • Administrative and clinical information is kept for up to three years after therapy ends;

  • Financial records are retained for six years as required by law;

  • Clinical notes are minimal and anonymised where possible.

If your personal information is no longer required, I will delete it or make it anonymous by removing all details that identify you. However, I may retain your personal information where necessary to comply with ongoing legal, accounting or reporting obligations.

Security

I protect your personal data using commercially acceptable security means to prevent loss, theft and unauthorised access, disclosure, copying, use or modification. In the event of a suspected data security breach, I will notify you and the Information Commissioner’s Office where legally required to do so.

Although I will do my best to protect your personal information, please be aware that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.

Limits of This Policy

This website may contain links to third-party sites and services, which have their own privacy policies. After following a link to any third-party content, you should read these to understand how they collect, store, use and share personal data. This policy does not apply to any of your activities after you leave this website.

Your Rights

You have the following rights regarding your personal information: 

  • Access: You can request details of the personal information I hold about you.

  • Correction: If any information I hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact me and I will take reasonable steps to correct it.

  • Deletion: You may request deletion of your personal information, with some legal exceptions.

  • Restriction: You can ask me to restrict processing of your personal information in certain circumstances.

  • Objection: You can object to processing based on my legitimate interests.

  • Data portability: You can request your information in a portable format.

  • Withdraw consent: Where processing is based on your consent, you can withdraw it at any time.

Complaints

To exercise any of these rights, if you have concerns about how I handle your personal information, or for any other questions regarding this policy, please contact me:

You have the right to lodge a complaint with the Information Commissioner in the UK by visiting their website or by calling them at 0303 123 1113

  • Legal Bases for Processing Your Personal Information

    I will only collect and use your personal information when I have a legal right to do so. I will collect and use your personal information lawfully, fairly and in a transparent manner. If I seek your consent to process your personal information and you are under 16 years of age, I will seek your parent or legal guardian’s consent.

    My lawful bases depend on the services you use and how you use them. I only collect and use your information on the following grounds:

    • Consent From You
      Where you give me consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time; however, this will not affect any use of your information that has already taken place.
      If you have questions about how to withdraw your consent, please contact me.

    • Performance of a Contract or Transaction
      Where you have entered into a contract with me for therapy services, or to take preparatory steps prior to our entering into a contract. For example, when you begin therapy, I need to use your personal and payment information to provide the service and process payments.

    • My Legitimate Interests
      Where I assess it is necessary for my legitimate interests, such as providing, operating and improving my services, and communicating with you about your therapy. I consider my legitimate interests to include maintaining professional standards, ensuring safe practice, and protecting my legal rights and interests.

    • Compliance with Law
      In some cases, I may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests and regulatory obligations.

    • Processing of Special-Category Data
      I process special-category data (including information relating to mental health and therapy) under Article 9(2)(h) UK GDPR, as this processing is necessary for providing health-related treatment and for the management of my professional healthcare services.

    International Transfers Outside of the European Economic Area (‘EEA’)

    Some of the third-party services I use (such as Google and Squarespace) store data on servers outside the UK/EEA, including in the United States. I will ensure that any transfer of personal information to countries outside the EEA is protected by appropriate safeguards, such as standard data protection clauses approved by the European Commission.

    Additional Rights Under Local Laws

    If you are accessing this website from outside the UK, you may have additional rights under your local data protection laws. Please contact me if you have questions about how your local laws apply to your personal information.

I reserve the right to modify this policy at any time.

Last updated: 17 January, 2026.