Last Updated: 13/07/2026
This privacy notice provides you with details of how we collect and process your personal data through your use of our website.
By providing us with your data, you confirm that you are over 13 years of age.
Mark Condon CBT is the data controller and is responsible for your personal data. “We”, “us” and “our” in this privacy notice refer to Mark Condon CBT.
Business name: Mark Condon CBT
Contact email: mark@markcondoncbt.com
It is important that the information we hold about you is accurate and up to date. Please let us know if your personal information changes by emailing mark@markcondoncbt.com.
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process the following categories of personal data:
This includes any communication you send to us through our website’s contact form, email, text message or telephone.
We process this data to:
Our lawful basis for this processing is our legitimate interest in responding to communications and maintaining accurate records.
This includes information relating to services you have purchased or requested, such as your:
We process this data to provide the therapy services you have requested and to maintain financial records.
Our lawful basis for this processing is the performance of a contract between you and us.
This includes information about how you use our website, such as your:
Our lawful basis for this processing is our legitimate interest in properly administering and securing our website.
As a Cognitive Behavioural Therapy (CBT) practice, we collect and process Special Category Data concerning your health and mental wellbeing. This enables us to provide safe, ethical and effective psychological treatment.
Our lawful basis for processing health data under UK GDPR is Article 9(2)(h): the provision of health or social care or treatment.
We do not collect information about criminal convictions or offences unless it is directly relevant to a clinical risk assessment.
We may collect personal data directly from you when you:
We may also automatically collect certain technical data when you use our website through cookies and similar technologies.
Our lawful basis for sending you marketing communications is either your explicit consent or our legitimate interest in growing our practice.
We will never share your personal data with a third party for its own marketing purposes.
You can opt out of marketing communications at any time by emailing mark@markcondoncbt.com.
Everything discussed during therapy sessions remains strictly confidential. However, we may need to share general personal or contact data with:
We use secure, GDPR-compliant systems.
If a technical service provider stores data outside the UK or European Economic Area, such as through a US-based secure platform, we ensure that appropriate safeguards are in place. These may include standard contractual clauses or equivalent legal frameworks approved by the UK Government.
We have implemented appropriate security measures to prevent your personal and clinical data from being accidentally lost, used, altered, disclosed or accessed without authorisation.
These measures include password-protected and encrypted devices and secure practice-management software.
We retain personal and clinical data only for as long as necessary to fulfil the purposes for which it was collected.
Under data-protection law, you have rights concerning your personal data. These include the right to request:
You also have the right to make a formal complaint if you believe your personal data has been mishandled.
If you are unhappy with how your personal or clinical data has been collected, stored or used, please contact us so that we can try to resolve the issue.
Email: mark@markcondoncbt.com
Please explain the nature of your concern. You do not need to use formal legal language.
We will handle your complaint as follows:
If you remain dissatisfied with our response or how your complaint was handled, you have the right to escalate the matter to the UK supervisory authority, the Information Commissioner’s Office (ICO).
Visit the Information Commissioner’s Office website or read the ICO’s guidance on individual data-protection rights.