Privacy Policy
Last updated: January 2026
1. Who We Are
Willow Grace is a private therapy practice operated by Dr. Sarah Mitchell, Licensed Marriage and Family Therapist. Our registered address is London, United Kingdom.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Dr. Sarah Mitchell is the data controller responsible for your personal information.
If you have any questions about this policy or how we handle your data, you can contact us at hello@willowgrace.com
2. What Information We Collect
We may collect and process the following personal information:
Name and contact details including email address and phone number when you submit an enquiry or book a session.
Sensitive personal information including details about your relationship, mental health, and personal circumstances that you share during the course of therapy.
Technical data including your IP address, browser type, and pages visited when you use our website, collected automatically via cookies and analytics tools.
Payment information processed securely through our third party payment provider. We do not store your full card details.
3. How We Use Your Information
We use your personal information to respond to your enquiries and provide the therapy services you have requested. To manage appointments, process payments, and send session reminders. To comply with our legal and professional obligations as a licensed therapist. To improve our website and understand how visitors use it.
We will never sell your personal information to third parties. We will never use your information for marketing purposes without your explicit consent.
4. The Legal Basis for Processing Your Data
Under UK GDPR we process your personal data on the following legal grounds.
Contract — to fulfil our therapeutic agreement with you. Legal obligation — to comply with our professional and regulatory requirements. Legitimate interests — to manage and improve our practice and website. Explicit consent — for any sensitive personal data shared during therapy and for any optional marketing communications.
5. Confidentiality and Sensitive Information
Everything shared within our therapeutic relationship is treated with the strictest confidentiality. As a licensed therapist Dr. Sarah Mitchell is bound by professional ethical codes that protect the privacy of all clients.
There are limited circumstances in which confidentiality may need to be broken. These include situations where there is a serious risk of harm to you or to others, where we are required to do so by law, or where we are ordered to disclose information by a court. These exceptions will always be explained to you at the start of our work together.
6. How Long We Keep Your Data
We retain client records for a minimum of seven years following the end of our therapeutic relationship, in line with professional guidelines and legal requirements. Website enquiry data is retained for no longer than twelve months. You may request deletion of your data at any time subject to our legal and professional obligations.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data.
The right to access the personal information we hold about you. The right to request correction of inaccurate information. The right to request erasure of your data where there is no legal reason to retain it. The right to restrict or object to processing of your data. The right to data portability. The right to withdraw consent at any time where processing is based on consent.
To exercise any of these rights please contact us at hello@willowgrace.com. We will respond within 30 days.
8. Cookies and Website Analytics
Our website uses cookies to understand how visitors interact with our content and to improve your experience. You can control cookie preferences through your browser settings at any time. We use Google Analytics to collect anonymised data about website usage. No personally identifiable information is collected through this tool.
9. Third Party Services
We use a small number of trusted third party services to operate our practice including a secure video platform for telehealth sessions, a booking and scheduling tool, and a payment processor. Each of these providers is carefully selected and contractually required to protect your data in accordance with UK GDPR.
10. Data Security
We take the security of your personal information seriously. All data is stored securely and access is strictly limited to Dr. Sarah Mitchell. All electronic communications containing sensitive information are encrypted. Our website uses SSL encryption to protect data transmitted through contact forms.
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practice or legal requirements. The most current version will always be available on this page. We encourage you to review it periodically.
12. How to Make a Complaint
If you are unhappy with how we have handled your personal data you have the right to lodge a complaint with the Information Commissioner's Office, the UK's independent data protection authority.
Information Commissioner's Office Website: ico.org.uk Helpline: 0303 123 1113