top of page

Privacy Policy

Your privacy matters. This policy explains what personal information we collect when you use this website or book a session with Daniela, how it is used, and what rights you have over your data. We are committed to handling your information with care, transparency and respect — especially given the sensitive nature of mental health services.

Who We Are

This website is operated by:

Daniela Cabral Robb
Trading as: Breathe
Based in: Glasgow, Scotland, United Kingdom
Email: breathe@b-r-e-a-t-h-e.com
Website: www.b-r-e-a-t-h-e.com

Daniela Cabral Robb is the data controller responsible for your personal information under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Information We Collect

Information you provide directly

  • First and last name

  • Email address

  • Phone number (if provided)

  • Payment information (processed securely by Wix Payments or Stripe — we do not store card details)

  • Any health or personal information you choose to share when completing the nervous system check-in, booking forms, or during sessions

Information collected automatically

  • IP address and browser type

  • Pages visited and time spent on the site

  • Referring website or advertisement

  • Cookie data (see Section 8)

Special category data

Information relating to your mental or physical health is considered special category data under UK GDPR. This type of information is only collected with your explicit consent and is handled with the highest level of care and confidentiality.

How We Use Your Information

Booking and session management

To confirm, manage and send reminders for your appointments, and to process payments for therapy sessions.

Communication

To respond to your enquiries, send booking confirmations, and share pre-session resources such as the nervous system check-in form.

Marketing and newsletter

To send mental health resources, updates and news — only if you have given explicit consent. You can unsubscribe at any time.

Legal and professional obligations

To comply with legal requirements and professional guidelines, including record-keeping standards for psychological practice in the UK.

Website improvement

To understand how visitors use this website and improve its content and functionality.

Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract — to process bookings and payments

  • Explicit consent — for health-related data and marketing communications

  • Legitimate interests — to improve the website and respond to enquiries

  • Legal obligation — to comply with professional and legal record-keeping requirements

Who We Share Your Data With

We do not sell your personal data. We only share information with trusted third-party services necessary to operate this website and deliver our services:

  • Wix.com — website platform, booking system and email marketing

  • Stripe / Wix Payments — secure payment processing

  • Google — Analytics and Search Console (anonymised usage data)

  • Meta (Instagram / Facebook) — advertising and social media

  • Video call platform (e.g. Google Meet, Zoom) — for online sessions

All third-party providers are required to handle your data securely and in accordance with applicable data protection law.

International Data Transfers

Some of the third-party services we use (such as Google and Meta) may process data on servers located outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

How Long We Keep Your Data

  • Active client records — retained for the duration of the therapeutic relationship and for 8 years afterwards, in accordance with UK professional guidelines for psychological practice

  • Booking and payment records — retained for 7 years to comply with UK financial and tax obligations

  • Marketing data — retained until you unsubscribe or withdraw consent

  • Website analytics — retained for up to 26 months in anonymised form

After the relevant retention period, your data is securely deleted or anonymised.

Cookies

This website uses cookies — small text files stored on your device — to help the site function and to understand how it is used.

Types of cookies we use

  • Essential cookies — required for the website to function (booking, payments)

  • Analytics cookies — Google Analytics, to understand visitor behaviour (anonymised)

  • Marketing cookies — Meta Pixel, to measure the effectiveness of advertisements

You can manage your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of this website.

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct any inaccurate or incomplete information.

Right to Erasure

Request that we delete your personal data, subject to legal obligations.

Right to Portability

Receive your data in a structured, commonly used format.

Right to Object

Object to the processing of your data for marketing purposes.

Right to Withdraw Consent

Withdraw your consent at any time, without affecting prior processing.

To exercise any of these rights, please contact us at breathe@b-r-e-a-t-h-e.com. We will respond within 30 days.

Confidentiality in Therapy

Everything shared during therapy sessions is treated as strictly confidential. Information disclosed in sessions will not be shared with any third party without your explicit consent, except in the following circumstances required by law or professional duty:

  • Where there is a serious risk of harm to yourself or others

  • Where disclosure is required by a court order

  • Where there is a safeguarding concern involving a child or vulnerable adult

In such cases, Daniela will, wherever possible, discuss any disclosure with you beforehand.

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. These include:

  • Secure HTTPS connection on this website

  • Encrypted payment processing via Stripe / Wix Payments

  • Password-protected access to client records

  • Use of reputable, GDPR-compliant third-party platforms

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most recent version will always be available on this page. We encourage you to review it periodically.

Questions or Concerns?

If you have any questions about this Privacy Policy or how your data is handled, please get in touch:

📩 breathe@b-r-e-a-t-h-e.com

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

🌐 ico.org.uk · 📞 0303 123 1113

bottom of page