GDPR & Privacy Policy

Last updated: 17 March 2026

Who we are

Rabab Sehr, trading as ‘Rabab Speech Therapy’ is the Data Controller responsible for your personal data.

Contact: rabab.slt@outlook.com

Registered with the Information Commissioner’s Office (ICO). Registration number: ZC129779

Purpose of this policy

This policy explains what information we collect, why we collect it, how we use it, and your rights. This policy is designed in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This policy applies to all clients receiving services from Rabab Speech Therapy.

What information we collect

We may collect personal details (name, contact details, date of birth), clinical information (speech, language, developmental and medical history), educational information, administrative records, and financial information.

Where we get your information

Information is provided by you, your child’s parent/guardian, and relevant professionals (with consent).

How we use your information

We use your data to assess and deliver therapy, communicate with you and relevant professionals, and manage appointments and billing.

Legal basis

We process personal data under the following lawful bases:

• Provision of healthcare (Article 9(2)(h)) – to assess and deliver speech and language therapy

• Legitimate interests – for managing appointments, communication, and service delivery

• Consent – where required, for example when sharing information with other professionals

Sharing information

Information may be shared with relevant professionals (such as GPs, schools, or other therapists) where appropriate and with your consent.

Information may also be shared without consent where required by law, including safeguarding concerns.

Data retention

Clinical records are retained until the client reaches 25 years of age (or 26 if treatment continues at age 17), in line with professional guidelines.

Financial records are retained for 6 years in accordance with legal requirements.

How we keep your data safe

We use secure systems, including encrypted and password-protected storage, with access restricted to authorised individuals only.

Reasonable steps are taken to protect personal data from loss, misuse, or unauthorised access.

Your rights

Under data protection law, you have the right to:

• Access the personal data we hold about you

• Request correction of inaccurate data

• Request erasure of your data (where applicable)

• Restrict or object to processing

• Withdraw consent at any time (where consent is relied upon)

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

Consent

You will be provided with this policy and a consent form before services begin.

Safeguarding

Information may be shared without consent if required for safeguarding or legal reasons.

Updates

This policy may be updated periodically.