Privacy Policy

Your trust is the foundation of this work. This explains, plainly, what information I hold, why, how it's protected, and the rights you have over it.

Last updated: 22-06-26 · Applies to innerstrengththerapies.com and to client and enquiry data held by the practice.

1. Who I am

This website and practice are run by Marian Maguire, trading as Inner Strength Therapies - a BACP-registered and qualified psychotherapist and ADHD coach providing online therapy and coaching to clients across Ireland and the United Kingdom. (BACP registration held under the name Marian Hartnett).

For the purposes of data-protection law (the EU GDPR and, for UK clients, the UK GDPR and Data Protection Act 2018), I am the data controller. You can contact me about anything in this policy at marian@innerstrengththerapies.com.

2. What information I collect

Information you give me

  • Enquiry and booking details - your name, email address, and any context you choose to share when you book a consultation, email, or complete a contact form.

  • Newsletter sign-up - your name and email address, if you subscribe.

  • Resource downloads - your email address, if you request a downloadable guide.

Information collected if you become a client

  • Client records - contact and next-of-kin details, an intake/assessment record, brief session notes, and any correspondence relating to your care. Kept to the minimum needed for safe, ethical practice.

  • Special category (sensitive) data - because this is therapeutic work, records will include information about your health, mental health, and sometimes other sensitive matters. This is treated with the highest level of care (see section 4).

Information collected automatically

  • Website analytics - standard, largely anonymised data such as pages viewed, approximate location, and device/browser type, via the website platform's built-in analytics. No payment information passes through this website; bookings and payments are handled by dedicated, GDPR-compliant platforms.

3. Why I use your information, and the lawful basis

  • To respond to enquiries and arrange consultations - lawful basis: taking steps at your request before entering a contract, and my legitimate interest in responding to you.

  • To provide therapy or coaching - lawful basis: performance of our contract. For the health and other special category data within client records, the additional condition relied on is Article 9(2)(h) - the provision of health/social care and treatment - supported by my professional duty of confidentiality.

  • To send newsletters or resources you asked for - lawful basis: your consent, which you can withdraw at any time via the unsubscribe link or by emailing me.

  • To meet legal, ethical, and insurance obligations - lawful basis: legal obligation and legitimate interest (for example, retaining records as required by my professional body and indemnity insurer).

  • To keep the website secure and working - lawful basis: legitimate interest.

4. How your information is protected

Client records are held securely and confidentially, in line with BACP standards and data-protection law. Practical safeguards include encrypted, password-protected storage; data minimisation (I collect only what's needed); restricted access (only I, as your therapist, access your records); and secure handling of any paper notes. Sessions take place over a secure video platform. I don't share session content with anyone without your explicit consent, except in the narrow circumstances set out in section 5.

5. Confidentiality and its limits

What you share in therapy is confidential. There are a small number of legally and ethically defined exceptions where I may need to break confidentiality, ordinarily after discussing it with you first wherever it's safe to do so:

  • where there's a serious and imminent risk to your life or someone else's;

  • where there's a risk of serious harm to a child or vulnerable adult;

  • where disclosure is required by law or court order;

  • certain matters I'm legally obliged to report (for example, specific terrorism or money-laundering legislation).

I discuss confidentiality and its limits with every client at the start of our work.

6. Who else processes your data

I use a small number of trusted, GDPR-compliant providers to run the practice. Each acts as a data processor under its own privacy policy and only handles data as needed to provide its service:

  • Website hosting & analytics - Squarespace;

  • Booking & video sessions - Zoom (used for both scheduling consultations and delivering sessions and I do not video or audio record sessions);

  • Payments - Revolut (card and payment details are handled directly by the payment provider; I don't see or store full card numbers);

  • Email & newsletter - MailerLite and Gmail;

  • Typography - Google Fonts.

Each provider maintains its own Data Processing Agreement and, where it processes data outside the EU/UK, relies on safeguards such as Standard Contractual Clauses (see section 7).

I don't sell your data, and I never share it for third-party marketing.

7. International transfers

Some providers process data outside Ireland/the UK (for example, in the United States). Where they do, they rely on safeguards recognised under data-protection law - such as Standard Contractual Clauses or an applicable adequacy framework - to keep your data protected to the same standard.

8. How long I keep your information

  • Enquiries that don't become client work - kept for a short period, then deleted.

  • Client records (adults) - retained for 7 years from the date of our last session, in line with BACP guidance, after which they are securely destroyed. This period allows me to meet professional, insurance, and legal obligations.

  • Client records (under-18s) - retained until the client's 25th birthday (or 26th, if they were 17 at the end of therapy), then securely destroyed.

  • Newsletter data - kept until you unsubscribe.

9. Your rights

Under data-protection law you have the right to: be informed about how your data is used; access the personal data I hold about you; have inaccurate data corrected; request erasure (subject to my legal and professional retention duties); restrict or object to certain processing; data portability; and to withdraw consent at any time where consent is the basis for processing. To exercise any of these, email marian@innerstrengththerapies.com. I'll respond within one month.

10. Cookies

The website uses a small number of cookies - essential ones that make the site function, and optional analytics cookies that help me understand how the site is used. You can manage or refuse cookies through your browser settings or any cookie banner shown on the site.

11. Complaints

If you have a concern about how your data is handled, please contact me first - most things are resolved quickly and directly. You also have the right to complain to the relevant supervisory authority:

  • Ireland — Data Protection Commission, 6 Pembroke Row, Dublin 2, D02 X963 · dataprotection.ie · info@dataprotection.ie

  • United Kingdom — Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow SK9 5AF · ico.org.uk · 0303 123 1113

12. Changes to this policy

I may update this policy from time to time. The current version, with its date, will always be available on this page.