BWRT Surrey logo

Privacy Policy

This policy explains how we collect, use and protect personal data.

Last updated: 13 January 2026

1. Who we are

This website is operated by Kim Barden Therapies (“we”, “us”, “our”). The data controller is Kim Barden.

Contact details can be found on the Contact page.

2. What data we collect

Depending on how you use the site, we may collect:

  • Contact details (name, email address, phone number)
  • Enquiry information (what you choose to share in the contact form)
  • Booking request details (preferred date/time, service interest)
  • Technical data (IP address and basic request info for security and rate limiting)

3. How we use your data

We use personal data to:

  • Respond to enquiries and communicate with you
  • Arrange sessions and manage booking requests
  • Keep appropriate records for business administration and professional practice
  • Protect the website (security, abuse prevention, troubleshooting)

4. Lawful bases (UK GDPR)

We process personal data under one or more lawful bases, depending on the situation:

  • Consent — when you submit information via our forms
  • Contract — where processing is necessary to provide services you request or to take steps before providing them
  • Legitimate interests — to run and protect the website/business (e.g., security and preventing abuse)
  • Legal obligation — where we must retain certain records

5. Sensitive information

If you share health-related or highly personal information in an enquiry, it may be treated as special category data. If you prefer, keep your first message brief. We’ll only request information that is necessary and we handle it with care.

6. How we store and protect your data

We take reasonable technical and organisational measures to protect data from loss, misuse, unauthorised access or disclosure. Access to data is restricted and stored securely.

No method of transmission or storage is completely secure. We use best practices to reduce risk.

7. How long we keep your data

We keep data only for as long as needed for the purpose it was collected:

  • Enquiries: kept for a reasonable period for follow-up and administration
  • Bookings/clients: kept in line with professional practice and legal requirements
  • Website/security records: kept short-term for security and troubleshooting

8. Sharing your data

We do not sell your data. We may share limited information with trusted providers where needed to operate the site or deliver services (for example: website hosting and email providers), under appropriate safeguards.

We may also disclose information if required by law, or where necessary to protect rights, safety, and security.

9. Cookies

This website may use essential cookies for basic functionality and security (for example, form protection). If we add analytics or third-party tools in future, we will update this policy.

10. Your rights

Under UK GDPR, you have rights including:

  • Access to your data
  • Correction of inaccurate data
  • Erasure (in certain circumstances)
  • Restriction of processing
  • Data portability (where applicable)
  • Objecting to processing (where applicable)
  • Withdrawing consent (where consent is the basis)

To exercise your rights, contact us via the Contact page.

11. Complaints

If you’re unhappy with how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

We may update this policy occasionally. Please check this page for the latest version.