Skip to content

HelloSelf (UK) Limited – Privacy Notice for website

Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we use personal data we are regulated by the Information Commissioner under UK GDPR and the UK Data Protection Act 2018. We also meet the regulations of the EU General Data Protection Regulation (GDPR) which applies across the European Union. We are accountable as Controller of that personal data for the purposes of Data Protection legislation.

Key terms

It would be helpful to start by explaining some key terms used in this policy:

We, us, ourHelloSelf (UK) Limited, Company Number 11492566, ICO Reg number ZA657910 Address: International House, 6 Canterbury Crescent, London, SW9 7QD.
HelloSelf DPOOur Data Protection Officer is Louise Marshall CIPP/E at Dragon Argent, she can be contacted at
Personal dataAny information relating to an identified or identifiable natural person
Special category personal dataPersonal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership Genetic and biometric data Data concerning health, sex life or sexual orientation

Personal data we collect

The table below sets out the personal data we will or may collect in the course of your interaction with us and your use of our private psychological and other services:

Personal data we collect depending on your engagement with us and use of our services
  • When you browse our website:Browser metadata such as Google click ID and your IP Address
    Data submitted through forms such as when you make a self referral referral form
  • If you have expressed interest in and/or attended one of our events:
    Name and email address
  • When you register:Full name, email address, photograph
  • If you use our internal messaging service:Chat messages
  • If you choose to answer questions and/or want to measure items yourself we may collect information such as:Psychometric test results, goals and any associated measurements you may choose to track
  • If you have a Session with one of our Experts: Your address and telephone number
    Details of your GP
    Details of your psychiatrist or other specialist (if applicable)
    An emergency contact
    Insurance details
    Notes taken by the Expert relating to the session
    And, if requested:
    • Video and voice recordings
    • Session summary notes and transcript of the recording

This personal data is required to enable us to provide our services. If we are not provided with the personal data we ask for, it may delay or prevent us from providing the services which you are requesting.

We store all data you enter on the platform in order to best safeguard (even deleted data). For safeguarding purposes, senior members of the clinical and safeguarding team can access clinical notes when needed.

How personal data is collected

We collect all of this information directly from you, when you use our website, when you express interest and/or attend one of our events, portal or apps for example when you register and then any time your personal data is updated. If you engage in sessions with our Experts, they may upload information after the session.

How and why we use personal data

Under Data Protection legislation, we can only use personal data if we have a legal basis for doing so. These are mandated by the legislation and include:

  • where we have been given consent by the data subject;
  • for the performance of our contract with a Member or to take steps at a Member’s request before entering into a contract;
  • to comply with our legal and regulatory obligations; or
  • for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by the data subject’s own rights and freedoms.

The table below explains what we use (process) personal data for (our purpose) and our legal basis for doing so:

Our purposeOur legal basis
To enable us to provide our personalised, online psychological therapy and other services to you through our portal and apps.For the performance of our contract with Members or to take steps at a Member’s request before entering into a contract
Operational reasons, such as understanding how users/Members engage with our servicesFor our legitimate interests or those of a third party, e.g. to identify and remedy problems with site usage
Ensuring the confidentiality of Members’ sensitive informationFor our legitimate interests or those of a third party, e.g. to prevent data breaches which could be damaging for Members
To comply with our legal and regulatory obligations
Updating and enhancing Members’, Partners’ and/or Experts recordsTo comply with our legal and regulatory obligations
Marketing our servicesFor our legitimate interests or those of a third party, e.g. to promote our business to existing and potential future Members, Partners and/or Experts

The above table does not apply to special category personal data, which we will only process on the basis of article 9(2)(h) of the UK GDPR, specifically for the purposes of the provision of health or social care under the supervision of a health professional.

From time to time we may use special category personal data for the purpose of statistical analysis or research in order to improve the services we provide to you. This data will be minimised and anonymised or pseudonymised where possible and will only be processed in accordance with our strict safeguards. This data is never shared with third parties.

Promotional communications

We may use personal data to send existing and potential future Members, Partners or Experts updates about our services, including exclusive offers, promotions or new services.

We have a legitimate interest in processing personal data for promotional purposes (see above ‘How and why we use personal data’). This means we do not usually need consent to send promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat personal data with the utmost respect and never sell it to other organisations for marketing purposes.

Existing and future Members, Partners or Experts always have the right to opt out of receiving promotional communications at any time by contacting us by email, by clicking on the Unsubscribe link included in every communication or updating your Contact preferences in your HelloSelf account settings

Who we share personal data with

We only share personal data with our expert clinical psychologists all of whom are bound by professional codes of confidentiality.

We only allow our external third parties to handle personal data if we are satisfied they take appropriate measures to protect all personal data.

We may very occasionally disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Where personal data is held

Personal data is kept in an encrypted form on secure servers primarily inside the UK or European Economic Area (EEA). For more information, including on how we safeguard personal data when data is stored outside of the UK or EEA see below ‘Transferring personal data out of the UK or EEA’.
In exceptional circumstances, for example when information needs to be communicated by a referrer who cannot receive encrypted email we may send some personal data in a password protected pdf document.

Keeping personal data secure


The privacy and the security of your personal data is our utmost priority. We recognise that you trust us to keep it secure and private. We have in place appropriate security measures to prevent your personal data from being accidentally lost, or used or accessed unlawfully. We protect your personal data at all times within the HelloSelf platform with strong encryption. We limit access to personal data to those who have a genuine business need to access it and are subject to strict obligations of confidence.

Protecting your data

All your personal data is encrypted using strong encryption both in transit and at rest. We have strict procedures and systems in place to prevent unauthorised access to data. Card Payments are processed via a third party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards.

Securing your data

We monitor and test our servers and work with third parties to ensure our security controls are industry standard. Our Experts are required to use two factor authentication and we use technology to block unauthorised or suspicious attempts to access data. We work with industry-leading hosting and service providers to ensure that infrastructure is protected.

Data Storage

Personal data and special category personal data is primarily stored on our secure servers inside the EEA. It is occasionally necessary for us to store some elements of personal data outside the EEA, such as Click ID, browser meta data and IP addresses. These transfers are subject to special rules under European and UK data protection law. For more information regarding these rules, please contact

To help us to keep your data protected, please:
Make sure you have a strong password
Change your password frequently
Keep your password safe.

How long personal data will be kept

We follow the best practice guidelines of the British Psychological Society regarding the retention of personal data contained in (amongst other sources) patient notes and clinical records and we retain personal data for a period of 7 years following the cessation by data subjects of engagement with us.

When it is no longer necessary to retain personal data, we will delete or anonymise it.

Transferring personal data out of the UK or EEA

It is sometimes necessary for us to store some elements of personal data outside the UK or the European Economic Area (EEA).

These transfers are subject to special rules under European and UK data protection law. For more information regarding these rules, please contact


Data subjects have the following rights, which can be exercised free of charge:

AccessThe right to be provided with a copy of personal data held on a data subject
RectificationThe right to require us to correct any mistakes in a data subject’s personal data
To be forgottenThe right to require us to delete personal data—in certain situations
Restriction of processingThe right to require us to restrict processing of certain personal data—in certain circumstances, e.g. if the accuracy of the data is contested
Data portabilityThe right to receive the personal data provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To objectThe right to object:
—at any time to personal data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-makingThe right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject
ConsentThe right to withdraw consent at any time

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation

To exercise any of those rights, please contact us —see below: ‘How to contact us’.

How to complain

We hope that we can resolve any query or concern raised about our use of personal information.

The UK GDPR also gives the right to lodge a complaint with the UK Information Commissioner who may be contacted at or telephone: 0303 123 1113.

Changes to this privacy policy

We may change this privacy policy from time to time, when we do we will inform clients via email.

How to contact us

We can be contacted by post, email or telephone.
For all data subject rights, please contact
Our contact details are shown below:

Our contact details
Data Protection Officer
International House
6 Canterbury Crescent
Or by email at:
Telephone: 020 3936 8384

Last updated: September 2022