Privacy & Cookie Policy

Last updated: 26 May 2025

At Bluestone Management Limited, trading as The Holistic Psychiatry Clinic, we are committed to protecting your personal information and upholding your rights under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

This Privacy and Cookie Policy outlines how we collect, use, and safeguard your personal data when you visit our website or use our services. Our website is accessible worldwide, but we are a UK-based company and operate in compliance with UK data protection laws.

1. Who We Are

  • Legal name: Bluestone Management Limited
  • Trading name: The Holistic Psychiatry Clinic
  • Registered address: Suite B First Floor, Tourism House, Pynes Hill, Exeter, England, EX2 5WS
  • Contact email: admin@holisticpsychiatryclinic.com

2. Data We Collect

We may collect the following personal information:

  • Name
  • Email address
  • Phone number
  • Postal address
  • Date of birth
  • Health and medical history (where provided)
  • IP address and browser/device details
  • Website usage data (via cookies and analytics tools)
  • Any other data you voluntarily provide through forms or communication

3. How We Collect Your Data

We collect your data through the following channels:

1. Website contact forms
2. Appointment booking and enquiry processes
3. Newsletter sign-ups and lead magnets (e.g. downloadable resources and quizzes)
4. Cookies and analytics tools
5. Third-party platforms, including:

  • Stripe (payments)
  • Xero (accounting)
  • Google Analytics
  • Google Fonts
  • Cloudflare (website performance and security)
  • Kit (email service)
  • Google Workspace (email and storage)

4. Why We Collect Your Data

We use your personal data for the following purposes:

  • To provide psychiatric and coaching services
  • To communicate with you regarding your enquiries or appointments
  • To deliver newsletters and relevant marketing communications (where consent has been given)
  • To analyse website usage and improve user experience
  • To fulfil legal, financial, and regulatory obligations

5. Legal Bases for Processing

We process personal data under one or more of the following lawful bases:

  • Consent (e.g. newsletter sign-up, cookies)
  • Contractual necessity (e.g. booking and delivering services)
  • Legal obligation
  • Legitimate interests, provided these do not override your rights

6. Sharing of Your Data

We may share your data with trusted third-party processors, including:

  • Stripe (payment processor)
  • Xero (invoicing and accounting)
  • Google Workspace (cloud email and document storage)
  • Google Analytics (website usage tracking)
  • Google Fonts (for website design consistency)
  • Cloudflare (security and content delivery network)
  • Kit (email marketing)
  • Semble (our secure client management system for medical record-keeping and communication)
  • Heidi AI (a GDPR-compliant AI-powered medical scribe used for secure medical transcription and documentation)

All third-party services are selected based on their compliance with data protection regulations and their ability to provide appropriate technical and organisational safeguards. Some may store or process data outside the UK. In such cases, we ensure adequate protection is provided, including standard contractual clauses or equivalent safeguards.

7. Data Retention

We retain confidential client records in accordance with best practice and regulatory guidelines:

  • Medical/psychiatric records are stored securely for a minimum of 8 years after the last contact or as required by medical insurers or professional bodies.
  • Coaching and non-clinical records are typically retained for up to 7 years for professional, legal, and financial compliance.

We review data retention regularly and securely delete records when they are no longer necessary.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • SSL encryption for all website traffic
  • Secure servers with restricted access
  • Data minimisation and regular reviews
  • Security and performance services via Cloudflare

9. Your Rights

Under the UK GDPR, you have the right to:

  • Access your personal data
  • Request correction or deletion of your data
  • Object to or restrict processing
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO)

To exercise your rights, contact us at admin@holisticpsychiatryclinic.com.

10. Cookies and Tracking Technologies

We use cookies to:

  • Ensure basic functionality of the website
  • Analyse traffic and performance (Google Analytics)
  • Improve site security (Cloudflare)
  • Personalise user experience

Upon visiting our site, you will see a cookie banner where you can accept or customise your cookie preferences. You can update or withdraw consent at any time.

Types of Cookies We Use:

  • Strictly Necessary Cookies – Required for site operation (e.g., security, session management)
  • Performance Cookies – Help us understand how the site is used (e.g., via Google Analytics)
  • Functionality Cookies – Enhance your experience (e.g., language preferences)

11. International Users

Our website is accessible globally. If you access our services from outside the UK, be aware that your data will be processed and stored in accordance with UK data protection laws.

12. Changes to This Policy

We may update this policy periodically. Please refer to this page for the most current version. The “last updated” date at the top reflects the latest revision.