top of page

Privacy Policy – Inner Revolution

Last updated: 1st December 2025

Inner Revolution (“I”, “me”, or “my”) is committed to protecting and respecting your privacy. This policy explains how I collect, use, store, and protect your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to visitors of my website and current, former, and prospective clients. 

By using my site or services you confirm you are 18 or over and you have read this Policy.

1. Who I am

Inner Revolution is a private therapy practice operated by a sole trader:

Name: Emma Sharp-Lau
Practice Name: Inner Revolution
Email: emma@innerrevolution.co.uk
Phone: 07506 969 054
Registered Address: 101B The Studios, Mansell Road, Wellington, Telford, Shropshire TF1 1QQ

I am the Data Controller for all personal data collected through this website and during the course of therapy.

2. The personal data I collect

I may collect and process the following data:

a) Through the website:

  • Your name

  • Email address

  • Phone number

  • Any information you share in contact forms or emails

b) When you become a client:

  • Date of birth

  • Emergency contact details

  • GP details

  • Relevant medical/mental health history

  • Session notes (therapy records)

  • Appointment and payment information

I only collect information that is relevant and necessary for providing therapy services.

3. How I use your personal data

Your data is used to:

  • Respond to enquiries

  • Arrange and manage appointments

  • Provide therapy services

  • Keep session records

  • Process payments

  • Meet legal and professional obligations

  • Communicate important information about your therapy

Your data will never be sold or used for marketing purposes.

4. Lawful basis for processing

Under UK GDPR, I use the following legal bases:

  • Consent – When you contact me or agree to begin therapy

  • Contract – To deliver therapy services

  • Legal obligation – For tax and professional requirements

  • Vital interests – If there is serious risk of harm

  • Legitimate interests – To run my practice safely and effectively

For sensitive health information, I rely on explicit consent.

5. How your data is stored

I store data securely in the following ways:

  • Electronic records are password-protected and encrypted

  • Paper notes are stored in a locked cabinet

  • Devices are protected by antivirus software and secure passwords

I only keep your data for as long as required by law and professional guidance:

Therapy records: 7 years after our last session (or until age 25 for minors)
Enquiries: Up to 12 months if they do not progress to therapy

After this time, your data will be securely deleted or destroyed.

6. Confidentiality and disclosure

Everything you share is treated as strictly confidential. However, confidentiality may be broken if:

  • You are at serious risk of harm to yourself or others

  • A child or vulnerable adult is at risk

  • I am required by law to disclose information (e.g. court order)

Wherever possible, I will try to discuss any disclosure with you first.

7. Sharing your data

Your data may be shared with:​

  • A clinical supervisor (anonymously)

  • GP or other professionals (only with your consent)

  • Emergency services (if necessary for safety)

  • HMRC for tax purposes (financial records only)

I only share the minimum necessary information.

8. Cookies & website data

My website may use essential cookies to improve functionality and performance.

You may see a cookie banner allowing you to accept or manage preferences. You can also disable cookies through your browser settings.

9. Your rights under UK GDPR

You have the right to:

  • Access your personal data

  • Request corrections

  • Request deletion (where legally possible)

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent at any time

To exercise your rights, please contact: emma@innerrevolution.co.uk

If you are unhappy with how your data is handled, you may complain to:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk

10. Third-party services (if used)

If applicable, I may use secure third-party platforms such as:

  • Online video platforms (e.g. Zoom, Google Meet)

  • Payment processors (e.g. Stripe, PayPal)

  • Online booking systems

These providers are UK GDPR compliant and only process data necessary for their function.

11. Changes to this policy

I may update this policy from time to time. The latest version will always be displayed on my website.

bottom of page