top of page


Last updated: 22nd February 2021


The data controller is Katherine Warburton

Contact Details: 
Email –
Phone – 07713 958259

Katherine Warburton CBT (‘we’, ‘us’ and ‘our’) collect, use and are responsible for storing certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation (GDPR), which apply across the European Union (including the United Kingdom) and we are responsible as a ‘controller’ of that information for the purposes of those laws. We are registered with the Information Commissioner’s Office (ICO) under the Data Protection Register. 

We take your privacy very seriously and will handle this information respectfully and responsibly. In this privacy policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. 

Please take some time to read this carefully. If you read and fully understand this Privacy Policy, and remain opposed to our practices, you must immediately leave and discontinue all use of any of our Services. 

This privacy policy applies to all information collected through our website ( and/or any related services, sales, marketing or events (we refer to these collectively in this privacy policy as the ‘Services’). 

We process data on the basis of consent, which we allow you to withdraw.

Personal Data is collected in the following ways:

-    Filling in forms on our website e.g., contact us form.

-    Filling in the therapy agreement once Services have been agreed and relevant forms such as questionnaires used to aid the therapy process.

-    Data created by Katherine Warburton may include, but not be limited to, assessment findings, communications and observation notes, written reports (where required) and electronic communication.

-    Communicating with us by phone, videocall, text or email.

-    Providing feedback to us on our services.

-    Automatically collected technical data about your equipment, browsing actions and usage patterns. This is collected by using cookies, server logs and similar technologies.


Personal information you disclose to us
The personal information we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use.

The personal information we collect can include the following:

We collect personal Information that you voluntarily provide to us by:

-    expressing an interest in obtaining information about us or our products and services.

-    when participating in and using our services

-    when otherwise contacting us. 

The personal information we collect can include the following:

-    First and last name

-    Contact information (phone numbers, email address, postal address)

-    Personal information necessary to support the legitimate interest of our business to provide the service to you.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

Information automatically collected.

We automatically collect certain information when you visit, use or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Online Identifiers. 
We collect cookie identifiers, or others such as the ones used for analytics and marketing; devices; tools and protocols, such as IP (Internet Protocol) addresses; device's geolocation; and other similar data.

Cookies are small pieces of information sent by a web server to a web browser, which allows the server to uniquely identify when the browser visits each page. Unless you adjust your browser settings to refuse cookies, we will send cookies to your browser when you interact with Katherine Warburton CBT. These can be ‘session cookies’, meaning they delete themselves when you leave the site or ‘persistent’ cookies which do not delete themselves and help us to recognise you when you return so we can provide a tailored service and optimise our website.

You can block cookies by activating a setting on your browser allowing you to refuse the setting of cookies. You can also delete cookies through your browser settings. If you use your browser settings to disable, reject or block cookies, including essential cookies, then certain parts of our website will not function fully or in some cases may not be accessible at all. Please note that where third parties use cookies, we have no control over how those third parties use those cookies.

To learn more about cookies and how to manage them, visit:

The following links explain how to access cookie settings in various browsers:

•    Cookie settings in Firefox
•    Cookie settings in Internet Explorer
•    Cookie settings in Google Chrome
•    Cookie settings in Safari (OS X)
•    Cookie settings in Safari (iOS)
•    Cookie settings in Android

To opt out of being tracked by Google Analytics across all websites, visit this link:

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


We use personal information collected via our Services for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds, which we rely on next to each purpose listed below. 

We use the information we collect or receive: 

To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services. 

To deliver services to the user. We may use your information to provide you with the requested service. 

To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies. 

To post testimonials. We post testimonials on our Services that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. These can also remain anonymous. If you wish to update, or delete your testimonial, please contact us at and be sure to include your name, testimonial location, and contact information. 

Request Feedback. We may use your information to request feedback and to contact you about your use of our Services. 

To protect our Services. We may use your information as part of our efforts to keep our Services safe and secure (for example, for fraud monitoring and prevention). 

For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent.

We want to provide the best possible user experience and we use data to allow us to offer you information, products and services that most likely to interest you.

The data privacy law allow this as part of our legitimate interest in understanding our customers and delivering the best possible service.


We know how much Data security matters to all our customers. We will treat your Data with the utmost care and have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our website interaction with customers is secured using ‘https’ technology.

Sensitive information is stored electronically and protected through additional security measures such as encryption and password protected online files, known only by Katherine.

Katherine Warburton CBT is hosted on the platform. provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by and used by Katherine Warburton CBT adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for 7 years after they cease being customers for tax purposes. Once the retention period expires, Personal Data shall be deleted.


We may process or share data based on the following legal basis: 

•    Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.

•    Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.

•    Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.

•    Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).

•    Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved. 

More specifically, we may need to process your data or share your personal information in the following situations: 

•    Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Services, which will enable them to collect data about how you interact with the Services over time. This information may be used to, among other things, analyse and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes. 

•    Third-Party Advertisers. We may use third-party advertising companies to serve ads when you visit the Services. These companies may use information about your visits to our Website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you. 


We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at


Users may exercise certain rights regarding the processing of Personal Data by the Owner.

Right to withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.

Right to object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.

Right to access their Data. Users have the right to learn if Data is being processed by the Owner and obtain a copy of the Data being processed.

Right to verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

Right to restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.

Right to have their Personal Data deleted. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.

Right to receive their Data and have it transferred to another controller. Users have the right to receive their Data and, if technically feasible, to have it transmitted to another controller without any hindrance.

Right to object. Users have the right to bring a claim before their competent data protection authority.


Where Personal Data is processed for the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.


Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be free of charge and will be addressed by the Owner within one month.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

bottom of page