Privacy & Cookie Policy

Last updated: September 2025

Dr Hannah Odendaal & Associates LTD (company number: 14456690) understands that your privacy is important and takes confidentiality seriously. This privacy policy sets out how Dr Hannah Odendaal & Associates LTD, using the website https://www.drhannahodendaal.uk/, will store and use your information in compliance with General Data Protection Regulation (GDPR).

Dr Hannah Odendaal & Associates LTD is committed to guarding your privacy and personal data. Your personal data and data which identifies you will only be used in accordance with this Privacy Policy. Please note we may update this Privacy Policy as required for means of the business and/or to ensure any changes in legal requirements.

If you have any questions about this privacy policy please email: drhannah@drhannahodendaal.uk or admin@drhannahodendaal.uk.

By ticking boxes or clicking submit buttons on this website, you provide consent that you are agree that we can process the data provided through such interactions for the requirements of Dr Hannah Odendaal & Associates LTD and its website. Co-Company Directors and data controllers are Hannah Odendaal and Christian Odendaal.

Any associates working under will follow the company data policies and only record client information using approved methods to ensure data compliance and security.  Dr Hannah Odendaal & Associates website (https://www.drhannahodendaal.uk/) uses SSL (secure sockets layer) as a website security measure often seen as the ‘padlock’ on the browser address. That website experience is secured to high industry standards by Squarespace - more can be read about this here: https://support.squarespace.com/hc/en-us/articles/205815898-Understanding-SSL-certificates

What are your rights? 

Dr Hannah Odendaal & Associates LTD are committed to protecting your rights to privacy. Your rights include: 

  • Right to be informed about what happens to your personal data; 

  • Right to have a copy of all the personal information collected, with the exclusion of the practitioner’s personal process notes;

  • Right to rectification of any inaccurate data processed, and to add to the information held about you if it is incomplete; 

  • Right to be forgotten and your personal data destroyed; 

  • Right to restrict the processing of your personal data; 

  • Right to object to the processing carried out based on our legitimate interest. 

Why do we collect information about you? 

We process personal and sensitive personal data about our clients because we have a legitimate interest to do so. It is necessary when providing psychological assessment and therapy to clients. We are unable to offer you services unless you allow us to collect and keep data about you.

Your personal data may also be used to communicate with you, for billing purposes, to aid the prevention of serious harm of you and/or someone else or if there is a legal obligation.

Dr Hannah Odendaal is registered with the Health Care Professions Council (HCPC) and thus bound by these rules. The company is also registered with the Information Commissioners Office (ICO).

What information do we collect about you? 

Collecting and keeping clinical records is essential and important. We collect information about you that may include personal or sensitive information about you or a family member who is involved in the work. The types of data we may collect and store include:

Identity data (title, first and last name, gender, marital status, date of birth, address, GP details)

Contact data (delivery address, email address, billing address, telephone number)

Financial data (bank account and payment card details)

Transaction data (payments for services to the business)

Technical data (log in details, IP address, browser type and version, location, time zone setting, browser plug in type and version and any other technology on the devices you use to access the website)

Usage data (how you use the website and services)

Sensitive data (current and historic psychological/psychiatric difficulties, your health / any medical conditions, medication, and any other data that helps us deliver psychological therapy).

Please note that we do not collect any other ‘special categories of personal data’ about you (this may include details about your ethnicity, race, religious beliefs, sex life, political opinions or criminal convictions).

Prior to a first appointment, clients are required to complete and return our company Registration Form which also contains the company’s Terms and Conditions.

Data is collected in several ways. This may be submitting forms via the company website, completing forms emailed to you, by email or by telephone call. Data is also collected when you attend an appointment (in-person or remotely) or when you provide feedback about the company.

How do we store information about you? 

All personal information provided is stored in compliance with GDPR. For online appointments, brief electronic notes will be made during the appointment and stored in a securely on Cliniko, which is secure practice-management software. For in-person appointments, brief handwritten process notes will be made during the session. These notes are kept brief and does not include identifiable information. These notes are kept securely in a locked filing cabinet. The handwritten notes are then transferred onto your secure electronic file on Cliniko. Some clients also have an online file on Google Drive, which is also secure and GDPR compliant.

Some of the systems we use (such as Google Workspace and Cliniko) may store data on servers outside the UK. These providers comply with GDPR and use appropriate safeguards such as Standard Contractual Clauses to ensure your data remains protected.”

Cliniko and the email accounts are accessible to the Co-Directors of the company. More information regarding your right to security can be found through the ICO.

Your email address and correspondence will be stored in our email accounts (Google Workspace) by nature of you contacting us. It is your choice as to whether or not you share personal information over email.

Use of CCTV / security cameras

For the safety and security of clients, staff, and the premises, Dr Hannah Odendaal & Associates LTD operates external security cameras (doorbell, garage cameras). There is also one internal security camera located in the hallway only. Cameras are not used in therapy rooms.

  • Purpose: To maintain a safe environment, prevent crime, and protect property.

  • Location: Hallway only. This is video only. No audio recording is captured.

  • Access to footage: Restricted to the Co-Directors of the company. Footage will only be shared with law enforcement if legally required.

  • Retention: Recordings are stored for between 1-2 months unless required for investigation.

  • Confidentiality: These cameras are not used to monitor therapy sessions or private conversations, and recordings are never used for clinical or marketing purposes.

    How long do we keep your information?

We do not keep your data for longer than is necessary. By law, we have to keep clinical records for 7 years after treatment has finished. This is so that we have a record of treatment in the event you return to therapy or any questions arise as to what happened during treatment. At the end of this period, the clinical record will be destroyed.

With whom do we share your personal information? 

We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally or routinely share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties: 

If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates. 

In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

For the purposes of clinical supervision. As an HCPC accredited clinician, Dr Odendaal & any associate doctors working for the clinic are obliged to consult with other Clinical Psychologists to support treatment and develop/reflect on clinical skills. When discussing clients with Clinical Psychologists in this supervisory capacity, they will only refer to clients by an alias to minimise revealing other identifiable information. 

In exceptional circumstances, we might need to share personal information with relevant authorities: 

  • When consent is given by a client for us to contact a third party e.g. a school teacher. 

  • When there is need-to-know information for another health provider, such as your GP. 

  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order. 

  • When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will aim to discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else. 

How can you access your information and correct it, if necessary? 

Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. Within 30 days of receiving your request, we will then supply to you: 

  • A description of all data we hold about you 

  • Inform you how it was obtained (if not supplied by you) 

  • Inform you why, what purposes, we are holding it 

  • What categories of personal data is concerned 

  • Inform you who it could be disclosed to 

  • Inform you of the retention periods of the data 

  • Let you have a copy of the information in an intelligible electronic form unless otherwise requested. 

  • To make a request for any personal information we may hold you need to put the request in writing. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

Complaints

We try to meet the highest standards when collecting and using personal information. For this reason, we take seriously any complaints we receive about this. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. 

If you do have a complaint, please do contact Dr Odendaal who will investigate the matter on your behalf. If you are not satisfied with the response or believe we are not processing your personal data in accordance with the law, you have the right to raise your complaint with the Information Commissioner’s Office (ICO).

Contact information ICO: Website: https://ico.org.uk/concerns/ Email: casework@ico.org.uk Telephone: +44 (0) 303 123 1113 

The anonymous data processed & payment information handling

Dr Hannah Odendaal & Associates LTD, using the website https://www.drhannahodendaal.uk/ uses industry standard digital analytics platforms which may record user interactions with the stated website. These interactions are anonymised by design and are used for the legitimate business purposes such as:

  • Discovering broken pages on the website 

  • Discovering loading issues across different brands of web browser

  • Improving website user experience for every visitor

  • Ensuring the website loads correctly on a variety of screen sizes from mobile, PC and tablet.

  • Viewing general statistics of how my online users visit vs how many enquire

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the site, and information about how you interact with the site. We refer to this automatically-collected information as “Device Information.” We collect Device Information using the following technologies “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

Additionally when you make a purchase or attempt to make a purchase through the site, we collect certain information from you, including your name, billing address, payment information (including debit/credit card numbers), email address, and phone number. We refer to this information as “Order Information.”When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

How do we use payment information?

We use the appointment information that we collect generally to fulfil any appointments placed through the Site (including processing your payment information, and providing you with invoices and/or order confirmations). Additionally, we use this appointment information to:

  • Communicate with you;

  • Screen our orders for potential risk or fraud;

  • We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the site, and to assess the success of any advertising campaign.

More about data processing 

Certain data analytics which are anonymised by design are shared with third parties to help us improve the business. They do not, however, contain any identifying or sensitive client information.

For example, we use Squarespace to power our website - you can read more about how SquareSpace uses your processes information here: https://www.squarespace.com/privacy. We also use Google Analytics to help us understand how our website visitors and new potential clients use the site in an anonymous way -you can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/. You can opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout. You can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/

Dr Hannah Odendaal & Associates Ltd.

Last updated: September 2025