Resilience School
Last updated: 15th February 2026
1. Who I Am
Resilience School provides cognitive behavioural therapy (CBT) and anxiety support services for adults and young people, including online educational courses.
Resilience School is operated by Rhona Edwards as a sole trader business.
I am registered with the Information Commissioner’s Office (ICO) under registration number: ZB826384
For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), Resilience School is the Data Controller of your personal information.
Contact details:
Resilience School
66 Paul Street
London
EC2A 4NA
Email: rhona@resilienceschool.co.uk
2. The Information I Collect
A. Personal Data
I may collect:
• Name
• Email address
• Telephone number
• Postal address (where relevant)
• Date of birth
• Emergency contact details
• Parent or guardian details (for under-18 clients)
B. Information Collected for Online Courses
When purchasing or enrolling in an online course, I may collect:
• Purchaser (parent/guardian) name and email
• Young person’s name and email address (for Teen Edition courses)
• Confirmation of parental consent
• Course selection details
This information is collected via secure systems including Stripe and Microsoft Forms.
C. Special Category Data (Health Information)
As a mental health practitioner, I collect and process sensitive health data for therapy clients, including:
• Information relating to anxiety and emotional wellbeing
• Clinical history and background information
• Session notes and therapeutic records
This information is processed lawfully under Article 9(2)(h) UK GDPR (provision of health care).
Online course enrolment does not require submission of clinical information.
D. Website and Technical Data
When you use the website, I may collect:
• IP address
• Browser type
• Pages visited
• Cookie data
3. How Your Data Is Used
Your information may be used to:
• Respond to enquiries
• Provide therapy services
• Maintain clinical records
• Process course enrolments
• Assign course access via Quenza
• Manage appointments and communication
• Process payments
• Send newsletters (if you have opted in)
• Meet legal, regulatory, and safeguarding obligations
• Improve services and website functionality
Your information is never sold or shared for third-party marketing purposes.
4. Lawful Bases for Processing
Under UK GDPR, I rely on the following lawful bases:
• Contract – to deliver agreed therapy or digital course services
• Consent – for marketing communications and certain uses of information
• Legal obligation – where required by law
• Legitimate interests – for responsible business administration
• Provision of health care – for processing special category health data (therapy clients only)
You may withdraw consent for marketing communications at any time.
5. Email Marketing
If you subscribe to newsletters or updates, your name and email address will be stored securely for this purpose.
You can unsubscribe at any time by:
• Clicking the unsubscribe link in any email, or
• Contacting me directly.
6. Payment Processing
Payments for online courses are processed securely via Stripe.
Resilience School does not store full debit or credit card details.
Please refer to Stripe’s privacy policy for details of how they process payment data.
7. Use of Third-Party Systems
To provide services securely and effectively, I use GDPR-compliant third-party providers, including:
• WriteUpp – for secure storage of clinical notes
• Quenza – for delivery of therapeutic exercises, online course content, and (where applicable) structured written feedback as part of optional asynchronous clinician support
• Stripe – for payment processing
• Microsoft Forms – for course enrolment and parental confirmation
• Website and email hosting providers
These organisations act as Data Processors and are required to protect personal information in accordance with UK GDPR.
8. Confidentiality and Safeguarding
Therapy sessions and clinical records are confidential.
However, confidentiality may be broken if:
• There is a risk of serious harm to you or someone else
• There are safeguarding concerns
• Disclosure is required by law or court order
Online courses are educational in nature and do not provide crisis or emergency monitoring.
Where appropriate and safe, concerns would be discussed with you first.
9. Data Retention
Clinical records are retained in line with professional and legal standards.
Online course enrolment information is retained only as long as necessary to provide course access and for reasonable business administration purposes.
When data is no longer required, it will be securely deleted or destroyed.
10. Data Security
Appropriate technical and organisational measures are in place to protect personal data against unauthorised access, misuse, loss, or disclosure.
11. Your Rights
Under UK GDPR, you have the right to:
• Access your personal data
• Request correction of inaccurate data
• Request erasure (where legally permissible)
• Restrict processing
• Object to processing
• Request data portability
To exercise these rights, please contact: Rhona@resilienceschool.co.uk
If you are dissatisfied with how your data is handled, you may lodge a complaint with:
Information Commissioner’s Office
https://www.ico.org.uk
12. Cookies
This website may use cookies to enhance user experience and analyse site performance. You can control cookie settings via your browser.