Your privacy is important

Your privacy is important to me

As a registered Data Controller with the Information Commissioner’s Office (ICO), I take your privacy seriously and follow strict guidance on how personal information is collected, stored, used, and protected.

This page explains what information I may collect, why I collect it, how it is used, and the choices and rights available to you.

Important Information

Please read this privacy notice carefully.

It is important that you read this privacy notice together with any other privacy notice, client agreement, consent form, or fair processing notice that I may provide on specific occasions when I am collecting or processing personal information about you. This helps ensure that you are fully aware of how and why your information is being used.

This privacy notice supplements any other notices that may be provided and is not intended to override them.

This website is not intended for children under 18 years of age, and I do not knowingly collect personal information from children through this website.

My services are intended for adults aged 18 and over unless otherwise agreed.

If I become aware that personal information has been collected from a child without appropriate consent or legal basis, I will take reasonable steps to remove that information.

I may update this privacy notice from time to time to reflect changes in legal requirements, professional guidance, technology, or the way my practice operates.

Any changes will be published on this page. Please check this page occasionally to ensure that you remain informed about how your information is collected, used, and protected.

This privacy notice was last updated on: 3rd June 2026.

Please keep me informed if your personal information changes during your relationship with us. It is important that the personal data I hold about you is accurate and current. 

In some circumstances, I may not agree with your request to change your personal information and will instead append an alternative text to the record in question, but I will notify you and explain the reasons when needed if this is the case.

Who Is Responsible for Your Information?

I Am Kemi Oluwatosin Ltd is the Data Controller responsible for the personal information you share with me.

If you have any questions about how your information is handled, you can contact me at:

  • Email: connect@iamkemioluwatosin.com
  • Address: 20 Wenlock Road, London, England, N1 7GU

I am registered with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). ICO Registration Number: ZA763973

What I Collect (and why)
To support our work together safely and effectively, I may ask for:

Basic Details
– Your name, date of birth, and age.
This helps me understand who I am working with and keep accurate records.

Contact Information
Your address, email address, and telephone number.
This allows me to communicate with you about appointments, administration, and matters relating to our work together. I usually contact clients by WhatsApp, although email may be used where appropriate.

Safety Information
Next of Kin and/or GP details (where appropriate)
Next of Kin and/or GP details (where appropriate).

These details form part of safeguarding and safety planning. If I believe there is a serious concern about your wellbeing and need to contact someone, I will discuss this with you whenever possible.

Health and Wellbeing Information
Physical health, mental health, medication
During our work together, you may choose to share information relating to your physical health, mental health, medication, relationships, sexuality, personal history, or other matters relevant to therapy.

I only collect information that is reasonably necessary to support safe and effective therapeutic work.

Medication Information
Where relevant, I may ask whether you take any medication. This information may help support safe therapy planning and may be useful in the event of a medical emergency.

Session Notes
I keep brief session notes to support continuity in our work together.

I aim to keep records that are accurate, relevant, and proportionate to the work we undertake together.
Notes are factual, brief, and maintained in accordance with professional and insurance requirements.

My Lawful Basis for Processing Your Information
UK GDPR requires me to explain the legal reasons I collect and hold personal information.
These include:

* Contract

To provide therapy services, manage appointments, and communicate with you about our work together.

* Legitimate Interests

To maintain professional records, ensure safe clinical practice, and manage my practice effectively.

* Legal Obligations

To meet legal, regulatory, safeguarding, insurance, accounting, and professional body requirements.

* Special Category Data

Health information is classed as special category data under UK GDPR.

Where relevant, I process this information for the provision of health and therapeutic services in accordance with Article 9(2)(h) UK GDPR.

Sharing Your Information
Your privacy matters deeply.

There are a small number of situations where I may be legally or ethically required to share information, including:

  • If ordered by a court
  • If there is serious concern about harm to yourself or another person
  • If there is a legal safeguarding obligation

If disclosure becomes necessary, I will share only the information required and only in line with legal, ethical, and professional obligations.

Third-Party Services
To run my practice safely and efficiently, I use carefully selected third-party service providers.

These may include providers for:

  • Appointment booking and practice management
  • Online video sessions
  • Payment processing
  • Accounting and bookkeeping
  • Email and communication services
  • Website hosting and maintenance

These providers only process information where necessary to provide their services and are expected to maintain appropriate security and data protection standards.

International Transfers
Some of the systems I use may store or process information outside the United Kingdom.

Where this occurs, I take reasonable steps to ensure appropriate safeguards are in place and that information remains protected in accordance with UK GDPR requirements.

How Your Information Is Stored
I operate a paperless practice.

Information is stored using secure, password-protected systems with restricted access. Appropriate technical and organisational measures are used to help protect information against loss, misuse, unauthorised access, disclosure, or alteration.

How long I keep your information
I retain records for up to six years after therapy ends unless a longer retention period is required by law, insurance requirements, or professional guidance.

This may include:

  • Signed agreements and consent formsBrief session notes
  • Client record sheets
  • Relevant clinical correspondence
  • Contact details

At the end of the retention period, information is securely deleted or destroyed.

Data Breaches
In the unlikely event of a personal data breach, I will follow ICO reporting requirements and take appropriate action to protect affected individuals where required by law.

Your Rights
Under UK data protection law, you have the right to:

  • Request access to your personal information
  • Request correction of inaccurate information
  • Request deletion of information where appropriate
  • Restrict or object to certain types of processing
  • Request a copy of information you have provided
  • Make a complaint about how your information has been handled

Most requests will be responded to within one calendar month.

Website Cookies
My website may use essential cookies that help the website function properly and provide a smooth browsing experience.

I do not currently use advertising cookies or behavioural tracking technologies.

If this changes in the future, this privacy notice will be updated accordingly.

WhatsApp and Electronic Communication
WhatsApp uses end-to-end encryption. However, no electronic communication system can ever be guaranteed completely secure.

By choosing to communicate using WhatsApp or email, you acknowledge these limitations.

Artificial Intelligence (AI)
Client information is not uploaded to generative AI systems for therapeutic purposes without appropriate safeguards and legal justification.

Protecting client confidentiality remains a core professional responsibility.

Questions or Concerns
If you have any questions about how your information is handled, you are always welcome to ask 🙂