Privacy Policy
Welcome to the privacy notice for Rachel Ewan, trading under Mental Health & Wellbeing Training Ltd (registration number: 11534759).
This notice explains exactly what personal information we collect, why we need it, how we keep it safe, and what rights you have over it. We have written this using clear, simple words, which is especially important for our clients who are children or have neurodiverse needs. If anything is unclear, please ask us!
Last updated: October 2025
Who we are and how to contact us
We are the Data Controller. This means we are the person (or company) in charge of deciding how and why your information is handled.
Our Information
Data Controller: Rachel Ewan
Email: info@rachelewan.co.uk
Contact number: 07599 060973
ICO Registration: C1795212
What Information We Collect
We collect different types of information about two groups: The Client (the person receiving coaching) and The Payer/Carer (the person responsible for booking and payments).
Client’s information (The Coachee)
This includes highly sensitive data known as Special Category Data (Health Data) under UK law.
Type of data | What it is | Why we need it |
|---|---|---|
Identity data | Name, date of birth, age, gender. | To know who we are coaching and to communicate appropriately. |
Neurodiversity data (special category) | Details about your neurotype (e.g., diagnosis of ADHD, Autism, Dyslexia, etc.) and related mental or physical health information. | Essential for us to create a personalised, effective coaching plan for you. |
Session data | Notes we take during sessions, goals, progress reports. | To track your journey and ensure continuity of care. |
Carer/Payer’s information
This includes highly sensitive data known as Special Category Data (Health Data) under UK law.
Type of data | What it is | Why we need it |
|---|---|---|
Contact data | Name, address, phone number, email address. | To manage the booking and send reminders. |
Financial/transaction data | Payment card details (we usually don’t keep these, our payment processor does), and records of invoices paid. | To receive payment for the coaching services provided, and for tax records. |
How We Use Your Data and The Legal Rules
We must have a valid legal reason (called a Lawful Basis) for every way we use your information.
Lawful Basis for General Data (Article 6 UK GDPR)
What we use the data for | Our legal reason (Lawful Basis) |
|---|---|
To deliver the coaching service (including bookings, scheduling, and general communications) | Contract: It is necessary to fulfil the agreement (contract) we have with you for coaching. |
To manage payments and invoices | Contract and Legal Obligation: Necessary to fulfil our contract and meet UK tax and accounting laws (e.g., HMRC). |
To send you a newsletter (only if you tick a box to receive it) | Consent: You have actively given us clear permission. |
Lawful Basis for special category data (Article 9 UK GDPR)
Because we handle sensitive health data (neurodiversity information), we need a second, extra layer of legal permission.
- Our special condition: provision of health or social care.
- What this means: We process your specific neurodiversity and health data only because it is necessary for the professional provision of health or social care and treatment (coaching) and the proper management of that service. This is the most appropriate legal rule for therapeutic and health-related coaching in the UK.
How We Use Care Patron (Our Data Processor)
We use Care Patron to securely manage our entire practice, from scheduling to note-taking. Care Patron acts as our Data Processor, meaning they only handle your data according to our strict instructions.
Bookings and storage
- What Care Patron does: Care Patron stores all your contact details, session times, and our coaching notes in a secure, encrypted digital client file.
- Security and location: Care Patron is designed to meet UK GDPR requirements. Your data is protected by technical safeguards like encryption.
- Data location: Care Patron uses secure international servers which, for UK clients, are protected by strong European and UK privacy laws, for more information click: https://help.carepatron.com/en/articles/8216236-how-carepatron-helps-you-with-gdpr-compliance
AI Assistance and your sensitive data
Care Patron offers AI features to help us with administration, but we are always in charge.
AI feature | How we use it safely |
|---|---|
Transcription/summarisation | We may use AI to quickly turn a recorded session (only done with explicit consent) into a draft summary note. This saves us typing time. |
AI data protection | Care Patron’s AI features are private. They are legally forbidden from using the sensitive content of your specific client file to train their public AI models or other general AI systems. Your coaching information remains confidential and is only processed to create the final record for us. |
Sharing Your Information
We do not sell your personal data. We only share it when it is necessary for our service or when the law requires it.
Who we share data with | Why we share it |
|---|---|
Care Patron | To securely manage your appointments and records (as described above). |
Payment processors (e.g., Stripe) | To securely process payments for the services we provide. |
Professional advisors | Lawyers, accountants, or insurers, but only when required to run our business properly or if there is a legal challenge |
Legal authorities (Police, Social Services) | If we have a safeguarding concern (if we believe you or another person is at risk of harm) or if we are legally required to do so by a court order. |
How long we keep your data (Retention)
We only keep your information for as long as we need it.
- Coaching Records (Special Category Data): We keep your coaching notes for 7 years after our last session. This is to meet the requirements of our professional insurance and regulatory bodies, so we can access records if needed.
- Financial Records: We keep records of payments and invoices for 6 years plus the current financial year to comply with UK tax law (HMRC).
- Marketing Data: We keep this until you tell us you want to stop receiving our emails (withdraw consent).
Your Rights Over Your Data
You, as the data subject (the person the data is about), have powerful rights. If you are under 18 and we believe you understand these rights, you can exercise them yourself. If not, your parent/carer can do so on your behalf.
Your right | What it means |
|---|---|
Right to be informed | You have the right to know how we use your data (this notice explains it!). |
Right of access | You can ask for a copy of all the personal data we hold about you (called a Subject Access Request). |
Right to rectification | If we have information about you that is wrong or incomplete, you can ask us to correct it. |
Right to erasure | You can ask us to delete your data (this is often called the ‘right to be forgotten’). We can refuse this if we need to keep the data for a legal reason (like tax law or safeguarding records). |
Right to object | You can stop us from using your data for certain purposes, such as direct marketing. |
Right to withdraw consent | If we rely on your consent for something (like a newsletter), you can take that permission back at any time. |
How to exercise your rights
If you want to exercise any of these rights, please email us at info@rachelewan.co.uk and we will respond within one month.
Questions or Complaints
We aim to handle your information with the highest standards of security and transparency. If you are unhappy with how we have used your data:
- Contact us first: Please contact us using the details in Section 1 so we can try to resolve your concern directly.
- Contact the ICO: If you are still not happy, you have the right to make a complaint to the UK’s independent regulator, the Information Commissioner’s Office (ICO).
- ICO Website: https://www.ico.org.uk
- ICO Helpline: 0303 123 1113
Our Use of Care Patron for Practice Management
We use Care Patron as our secure, digital practice management system. This software is a key part of how we manage our coaching services efficiently and securely.
Our roles as defined by UK Data Law (UK GDPR)
When you book a session or share information with us via the platform:
We are the Data Controller:
- This means Rachel Ewan is responsible for deciding why and how your personal data, including your sensitive coaching data, is processed.
- Care Patron is our Data Processor: This means Care Patron processes (handles, stores, secures) your data only on our written instructions and to fulfil its function as a practice management tool.
How Care Patron manages booking and contact information
Data collected | Purpose of processing | Lawful Basis for processing (UK GDPR) |
|---|---|---|
Contact data (Name, email, phone) | To send appointment confirmations, reminders, and links to your sessions. | Contract: Necessary for us to perform the service contract (the booking) with you. |
Session details (Date, time, service type) | To manage our availability and record your upcoming and past appointments. | Contract: Necessary for fulfilling the scheduling aspect of the contract. |
Payment status/invoicing | To process payments and generate invoices for the services provided. | Contract and Legal Obligation (for tax records). |
Security and storage of your data
Care Patron provides a secure, digital environment that replaces paper records.
Security feature | How it protects your data |
|---|---|
Encryption | All your records and data are encrypted both in transit (when being sent to and from the platform) and at rest (when stored on Care Patron’s servers). |
Compliance | Care Patron is designed to meet strict international and UK data protection standards, including UK GDPR. |
Data location | We have configured our Care Patron account to ensure all client data is hosted on servers located within the UK/European Economic Area (EEA). This ensures your data benefits from the strong protection of UK and European data laws. |
Access control | Only your coach, Rachel Ewan will have secure, password-protected access to your client record within our Care Patron workspace. |
Use of AI assistance for client records and note-taking
Care Patron offers Artificial Intelligence (AI) features to assist us in clinical administration, which helps us save time and focus more on your coaching.
AI feature | How it works (and data safety) |
|---|---|
AI note transcription | If we record an audio/video session (only with your explicit verbal and written consent), the AI function may transcribe the recording into text. This saves us from manual typing. |
AI note summarisation | The AI may automatically generate a draft summary from the transcribed session notes. This is a draft that we review, edit, and finalise to create the clinical record. |
Important note on AI and your data:
- The AI does not make decisions about your coaching: The AI only generates a draft for us. We remain 100% responsible for the accuracy and content of your final session notes.
- AI Training is Limited: Care Patron is explicitly engaged as our Data Processor. This means they are legally bound not to use the sensitive content of your personal client records to train their general-purpose public AI models. Your individual, identifying coaching data remains confidential and controlled by us within the platform.
- Consent is Paramount: We will always seek your specific, informed consent before using any feature that involves recording or using AI to process a live session.