⚘ Privacy Policy

Hebe Dickins — Somatic Coach & Nervous System Specialist

Last updated: May 2026

1. Introduction

This privacy policy explains how Hebe Dickins ("I", "me", "my") collects, uses, and protects your personal data in connection with my website (hebedickins.co.uk) and my somatic coaching and Somatic Experiencing practice.

I am committed to handling your personal information with care, discretion, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

As a sole practitioner, I am the data controller for all personal data processed in connection with my practice. If you have any questions about this policy, please contact me directly.

2. What Personal Data I Collect

Depending on how you interact with me, I may collect the following categories of personal data:

Contact and booking information:

•       Your name

•       Email address

•       Phone number

•       Preferred contact method and session format (online or in person)

Health and session information:

•       Information you share about your physical or mental health, history, or presenting concerns

•       Session notes and records of our work together

•       Any documents or materials you share with me in the context of sessions

Payment information:

•       Payment records and transaction history

•       Note: payment card details are processed securely by my payment processor and are not stored by me

3. How I Collect Your Data

I collect personal data through the following means:

•       Via contact and booking forms on my website

•       Through direct email or telephone communication

•       Through your booking/scheduling platform account

•       During discovery calls and sessions (including notes I take)

•       Through my payment processor when you make a payment

4. How I Use Your Data

I use your personal data for the following purposes:

•       To respond to enquiries and schedule sessions

•       To deliver somatic coaching and Somatic Experiencing sessions, whether online or in person

•       To maintain session notes and records of our therapeutic work

•       To process payments for sessions

•       To send booking confirmations, reminders, and relevant administrative communications

•       To comply with any applicable legal or professional obligations

Legal basis for processing:

My legal basis for processing your data is primarily the performance of a contract (our working agreement) and, for health-related information, your explicit consent. Where I have a legal obligation to retain data, I rely on that as my lawful basis.

5. Health and Special Category Data

Information relating to your physical or mental health is classified as "special category" data under UK GDPR and is afforded a higher level of protection. I collect and process this information only where you have given your explicit consent, and I handle it with the utmost care and confidentiality.

Session notes are stored securely and are not shared with third parties except in exceptional circumstances — for example, where I have a legal or safeguarding obligation to do so. In such rare cases, I will inform you unless doing so would put you or others at risk.

6. Third-Party Services

In order to run my practice, I use the following third-party platforms and services. Each operates under its own privacy policy:

  • Zoom — for conducting online sessions. Zoom may process your name and email address when you join a call. I do not record sessions without your explicit consent.

  • Calendly — to manage appointment bookings. This platform processes your name, email address, and phone number.

  • Stripe — to process session payments securely. Your payment card details are handled entirely by Stripe and are not accessible to me.

  • Email marketing platform (e.g. Mailchimp) — only if you have subscribed to receive communications from me. You can unsubscribe at any time.

I only use services that I am satisfied provide an adequate level of data protection, and I do not sell your data to any third party.

7. In-Person Sessions

Where we meet in person, sessions take place at a location agreed between us. I do not operate from a fixed business address. Any personal data relating to in-person arrangements (such as your location or contact details) is handled with the same care as all other personal data.

8. How Long I Keep Your Data

I retain personal data only for as long as necessary for the purposes for which it was collected. In general:

  • Contact and booking information is retained for the duration of our working relationship and for a reasonable period afterwards, in case of queries.

  • Session notes and health-related records are retained for a minimum of 7 years following our last session, in line with professional practice guidance. For clients who were under 18 at the time of sessions, records are retained until the person's 25th birthday, or for 8 years after the last session, whichever is longer.

  • Payment records are retained for 6 years in accordance with HMRC requirements.

When data is no longer required, I delete or securely destroy it.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the personal data I hold about you.

  • Right to rectification — you can ask me to correct inaccurate or incomplete data.

  • Right to erasure — in certain circumstances, you can ask me to delete your data.

  • Right to restrict processing — you can ask me to limit how I use your data.

  • Right to data portability — you can ask for your data in a portable format.

  • Right to object — you can object to certain types of processing.

  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact me using the details below. I will respond within one month.

10. Data Security

I take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. Session notes and client records are stored securely, and I use password-protected devices and encrypted storage where appropriate.

While I take every reasonable precaution, no method of transmission or storage is entirely secure. If you have concerns about how your data is held, please get in touch.

11. Cookies and Website Data

My website may use cookies or similar tracking technologies to understand how visitors use the site and to improve the user experience. You can control cookie settings through your browser. For more information, please refer to the cookie notice on my website.

12. Contact and Complaints

If you have any questions about this privacy policy or how I handle your data, please contact me at:

Hebe Dickins

Email: hebedickins@outlook.com

If you are unhappy with how I have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

•       Website: ico.org.uk

•       Telephone: 0303 123 1113

This policy may be updated from time to time. The current version will always be available on my website. Please check back periodically for any changes.