Privacy Policy

Last modified: 20.12.2025

PRIVACY POLICY

Studio Adorio

Last Updated: December 2025

1. INTRODUCTION

This Privacy Policy explains how Studio Adorio (“we,” “us,” “our,” or the “Practice”), operated by Kateryna Gudzenko, collects, uses, stores, and protects your personal data when you visit our website, make an enquiry about our services, or book and participate in psychotherapy and energy therapy sessions.

We are committed to protecting your privacy and ensuring you have a positive experience on our website and in our practice. This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this Privacy Policy carefully. If you have any questions about how we handle your data, please contact us using the details in Section 10 below.

2. WHO WE ARE AND HOW TO CONTACT US

Data Controller: Studio Adorio

Practitioner: Kateryna Gudzenko

Email: Studioadorio@studioadorio.com

WhatsApp: +44 746 969 0203

Phone: +44 746 969 0203

Location: Hammersmith & Fulham, W12, London, UK

Website: https://studioadorio.com

3. WHAT PERSONAL DATA WE COLLECT

We collect and process different types of personal data depending on how you interact with us.

3.1 Initial Contact and Enquiries

When you contact us with an enquiry about our services, we may collect:

  • Your name
  • Your email address
  • Your phone number
  • Your WhatsApp contact information
  • Details about the services you are interested in
  • Any health-related information you voluntarily share
3.2 When You Book a Session

When you book a session through our website, we collect:

  • Your full name
  • Your email address
  • Your phone number
  • Your preferred session time and location (in-person or online)
  • Your session date and booking confirmation
3.3 Payment Information

When you pay the session deposit and session fee, we collect:

  • Payment card details (processed securely via Stripe—we do not store full card numbers)
  • Transaction details and payment history
  • Billing address (if different from your contact address)
3.4 Health Screening and Medical Information

Before your session, you must provide:

  • Any mental health diagnoses you have been given
  • Any medications you are currently taking (including psychiatric medications)
  • Information about any ongoing mental health treatment or therapy
  • Any other health information relevant to your safety and wellbeing
  • Whether you are under the influence of recreational drugs or alcohol

This is sensitive personal data under UK GDPR. We treat this information with the strictest confidentiality.

3.5 Session Notes (Optional)

During sessions, we may make minimal handwritten notes about:

  • The general nature of the work you are doing
  • Any resolving techniques or approaches used
  • Your progress or response to the session

We do NOT automatically keep these notes. Session notes are optional and may be deleted immediately after the session. Notes are only retained if you are returning for future sessions and if we believe they will be helpful for your ongoing work with us. You can request deletion of your notes at any time.

3.6 Website and Analytics Data

Our website may collect:

  • Your IP address
  • Browser type and device information
  • Pages you visit and time spent on each page
  • Links you click
  • Referral sources

This data is collected through analytics tools (details in Section 3.7 below) to help us understand how our website is used and improve our services.

3.7 Analytics and Tracking

In the future, we may use analytics tools on our website to understand user behaviour and improve the user experience. These may include:

  • Google Analytics or similar analytics platforms
  • Heatmapping tools to see how users interact with our website
  • A/B testing tools to test different website versions

Consent for Analytics: If we implement analytics tools, we will obtain your explicit consent before tracking data is collected. You will have the option to opt-in or opt-out. This tracking is entirely optional and not required to use our services.

3.8 Cookies

Our website may use cookies in the future. Cookies are small files stored on your device that help websites remember your preferences.

Types of cookies we may use:

  • Essential cookies: Required for website functionality (e.g., security, language preferences). These do not require consent.
  • Analytics cookies: Track how you use our website to help us improve it. These require your consent.
  • Marketing cookies: Remember your preferences for marketing content. These require your consent.

If we use cookies, we will provide a cookie banner or notice asking for your consent. You can control cookies through your browser settings and can withdraw consent at any time.

4. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

4.1 To Provide Therapy Services
  • Processing your booking and session request
  • Confirming your appointment time and location
  • Sending you session reminders
  • Conducting your therapy sessions
  • Keeping minimal session notes (only with your understanding and approval)
  • Following up after your session if needed

Legal basis: Contract (to provide the services you have requested)

4.2 To Process Payments
  • Processing your £20 deposit and remaining session fee
  • Sending payment reminders and receipts
  • Maintaining payment records for accounting purposes
  • Complying with HMRC tax and accounting requirements

Legal basis: Contract (payment is required to deliver the service) and Legal Obligation (HMRC record-keeping)

4.3 To Communicate with You
  • Responding to enquiries about our services
  • Sending booking confirmations and payment links
  • Notifying you of changes to session times or cancellations
  • Providing session reminders

Legal basis: Contract and Legitimate Interest (to maintain communication about booked services)

4.4 To Meet Legal and Regulatory Obligations
  • Maintaining records for accounting and tax purposes
  • Responding to legal requests or court orders
  • Reporting suspected abuse of a child or vulnerable adult (if required by law)
  • Complying with safeguarding requirements

Legal basis: Legal Obligation

4.5 To Improve Our Services
  • Analysing website traffic and user behaviour (with your consent)
  • Understanding how clients use our website
  • Identifying technical issues or areas for improvement

Legal basis: Legitimate Interest (improving our services and website) and Consent (for analytics tracking)

5. WHEN WE SHARE YOUR DATA

We do not routinely share your personal data with third parties. However, we may share your data in the following limited circumstances:

5.1 Payment Processors

Your payment information is shared with Stripe, our payment processor, to process your £20 deposit and remaining session fees. Stripe processes payments securely and in compliance with UK GDPR. Stripe does not use your data for marketing purposes and will not contact you directly.

5.2 Referrals to Other Practitioners

If we recommend that you work with another therapist or practitioner, we may:

  • Provide your contact details (name, email, phone) to that practitioner with your explicit agreement
  • Share relevant information about the type of support you need, but not detailed session notes or mental health information

You will always be asked for permission before we share your information in this way.

5.3 Child Safeguarding and Vulnerable Adults

If we have concerns that a child or vulnerable adult is being abused or harmed, we are legally obligated to report this to relevant authorities (e.g., local council, police). We will share the minimum information necessary to protect the person from harm.

5.4 Legal Proceedings

If we receive a court order, legal demand, or law enforcement request, we may disclose your personal data as required by law. We will notify you of such requests unless prohibited by law from doing so.

5.5 Accountants and Tax Compliance

We may share anonymised payment records with our accountant or HMRC for tax and accounting purposes. This data will not identify you personally and will not include sensitive health information.

6. DATA RETENTION

6.1 Session Notes
  • Handwritten session notes: We do not routinely keep session notes. Notes are typically deleted immediately after the session. However, we may occasionally keep minimal handwritten notes if we believe they will be helpful for your future sessions with us (for example, if you book a follow-up session).
  • We do not maintain records of deletions. If notes are deleted, no record is kept of the deletion date.
  • You can request deletion of any retained session notes at any time by contacting us. Once deleted, they will not be retrievable.
6.2 Contact and Booking Information
  • Name, email, phone, booking details: Retained for the duration of our professional relationship and for one year after your last session (or if you do not attend a booked session, for one year after the booking date). After this period, all contact information will be securely deleted.
6.3 Payment Records
  • Invoices, receipts, transaction records: Retained for five years from the end of the tax year in which the payment was made, as required by HMRC for tax and accounting purposes.

Example: A payment received in February 2025 (tax year 2024/25) must be retained until 31 January 2031 (five years after the 31 January 2026 deadline). After this period, all payment records will be securely deleted.

7. YOUR DATA PROTECTION RIGHTS UNDER UK GDPR

Under UK GDPR, you have the following rights:

7.1 Right of Access (Subject Access Request)

You have the right to request a copy of the personal data we hold about you. This is called a Subject Access Request (SAR).

How to make a request:

  • Contact us via email: Studioadorio@studioadorio.com
  • Or WhatsApp: +44 746 969 0203

Our response:

  • We will respond to your request within one calendar month of receipt
  • We will provide your data in a clear, understandable format
  • There is no fee for this request
7.2 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

How to make a request:

  • Contact us with details of the information you wish to correct
  • We will make the correction and confirm it to you in writing
7.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data in certain circumstances, such as:

  • If the data is no longer necessary for the purpose it was collected
  • If you withdraw your consent to processing
  • If you object to processing and we have no legitimate reason to continue

Important limitations:

  • We cannot delete data that we are legally required to keep (e.g., payment records for HMRC)
  • We cannot delete data if deletion would interfere with ongoing legal obligations or safeguarding duties

How to make a request:

  • Contact us via email or WhatsApp with your deletion request
  • We will consider your request and respond within one month
7.4 Right to Restrict Processing

You have the right to request that we stop processing your personal data (while still retaining it) in certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to request that we transfer it to another organisation.

How to make a request:

  • Contact us and specify the format you require
  • We will provide your data in the requested format within one month
7.6 Right to Object

You have the right to object to the processing of your personal data for certain purposes (such as marketing or analytics).

How to make a request:

  • Contact us to withdraw consent or object to processing
  • We will stop processing your data for that purpose
7.7 Rights Related to Automated Decision-Making

We do not use your data for automated decision-making or profiling in relation to therapy services.

7.8 Withdrawing Consent

If we are processing your data based on your consent (e.g., for analytics), you can withdraw that consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing before you withdrew consent.

8. DATA SECURITY

We take the security of your personal data very seriously and implement appropriate technical and organisational measures to protect your data from:

  • Unauthorised access
  • Accidental loss or damage
  • Unlawful processing
8.1 How We Protect Your Data

Electronic Security:

  • Contact details and payment information are encrypted
  • Payment processing is handled securely through Stripe (PCI-DSS compliant)
  • We do not store full credit card numbers on our systems
  • All electronic communications are password-protected

Access Controls:

  • Only Kateryna Gudzenko has access to client data
  • Data is not shared with staff or third parties unless legally required
  • Computers and devices are password-protected
8.2 Data Breaches

If there is a security breach or your data is compromised, we will:

  • Investigate the breach immediately
  • Assess whether your rights and freedoms are at risk
  • Notify you as soon as possible if your data has been compromised
  • Report the breach to the Information Commissioner’s Office (ICO) if required by law (within 72 hours)

9. SPECIAL CONSIDERATIONS

9.1 Children and Young People

If you are under 18 years old, we require parental or guardian consent before collecting your personal data. However, individuals aged 13 and over may have the capacity to request access to their own data or make Subject Access Requests.

9.2 Health-Related Data

The information you share about your mental health, medications, and medical history is treated as sensitive personal data under UK GDPR and receives the highest level of protection. This data is:

  • Strictly confidential
  • Accessible only to Kateryna Gudzenko
  • Never used for marketing or secondary purposes
  • Mental health disclosures and medication information are retained as long as you continue to book or express interest in our services. Once you confirm you will not be returning, we will delete this information upon your request or within one year of your last session, whichever is sooner
9.3 Online Sessions

If you participate in online sessions via Zoom or WhatsApp:

  • You are responsible for ensuring your online environment is private and secure
  • We recommend using a private, password-protected WiFi connection
  • We recommend logging into secure apps rather than using web browsers when possible
  • Data transmitted during online sessions is encrypted by Zoom and WhatsApp

10. INTELLECTUAL PROPERTY

All content on our website, including text, images, therapeutic materials, and any materials provided during sessions, is owned by Studio Adorio or Kateryna Gudzenko and protected by copyright. You may not reproduce, distribute, modify, or use this content without our written permission.

11. CHANGES TO THIS PRIVACY POLICY

If you have any questions about this Privacy Policy, how we use your data, or if you wish to exercise any of your data protection rights, please contact us:

Email: Studioadorio@studioadorio.com

WhatsApp: +44 746 969 0203

Phone: +44 746 969 0203

Address: Hammersmith & Fulham, W12, London, UK

Website: https://studioadorio.com

12. INFORMATION COMMISSIONER’S OFFICE (ICO)

You have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe we have breached your data protection rights.

ICO Contact Details:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Email: casework@ico.org.uk

Phone: 0303 123 1113

Website: www.ico.org.uk

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this Policy
  • Notify you of significant changes by email or through our website
  • Ask for your consent if required by law

Your continued use of our services after updates constitutes your acceptance of the updated Privacy Policy.

14. GOVERNING LAW AND ICO REGISTRATION

This Privacy Policy is governed by English law and the UK GDPR. Any disputes relating to data protection will be subject to the jurisdiction of the courts of England and Wales.

ICO Registration:

Studio Adorio is registered with the Information Commissioner’s Office (ICO) under UK GDPR. We comply with all data protection obligations and have a valid ICO registration, which can be verified on the ICO’s public register at www.ico.org.uk.

By using our website and booking our services, you acknowledge that you have read and understood this Privacy Policy.

Scroll to Top