Privacy Policy — Soulwell Therapies

Last updated: December 1, 2025

Soulwell Therapies (“Soulwell”, “we”, “us”) is committed to protecting the privacy and personal information of our adult clients in Pretoria, South Africa. This policy explains how we collect, use, disclose, store, and secure your personal and health information in compliance with South Africa’s Protection of Personal Information Act (POPIA), the Constitution’s right to privacy, and the ethical guidelines of the Health Professions Council of South Africa (HPCSA). By engaging with our services or using our website, you consent to this policy and the practices described herein.

Information We Collect

• Contact and identity details: first and last name, title, date of birth, gender, address, phone number, email, and emergency contacts.
• Demographic and background information: occupation, marital status, and other details relevant to your care.
• Medical and psychological history: information about your physical and mental health, previous diagnoses, treatments, medications, and therapy records.
• Session records and consent forms: clinical notes, treatment plans, progress notes, consent forms, intake questionnaires, and any voice recordings (if used for record-keeping).
• Communications and feedback: emails, text messages, or correspondence between you and Soulwell, including any concerns or feedback you provide.
• Website usage data: when you visit our website, we collect technical information via cookies and analytics (see below).

All such information is sensitive personal information under POPIA (especially health data). We collect it only for legitimate therapy purposes and only with your consent. We do not use your data for marketing or advertising.

How We Collect Information

• Directly from you: intake interviews, questionnaires, consent forms, and therapy sessions.
• Referral sources: with your permission, from referring doctors or other healthcare providers.
• Online interactions: when you use our website or telehealth platform, we collect technical data (e.g., IP address, browser type, device information) via cookies and Google Analytics (see “Cookies and Google Analytics”).
• Third‑party services: reputable practice management or telehealth platforms that handle data on our behalf under strict confidentiality agreements.

Every collection is logged in our records in accordance with POPIA’s Accountability and Processing Limitation conditions. We will inform you of the specific purpose when collecting data and only request information reasonably required for therapy.

How We Use Your Information

• Therapy and care: to diagnose, treat, and support you during psychotherapy (including treatment planning, scheduling, and monitoring progress).
• Legal and ethical compliance: to keep records as required by law and professional guidelines (e.g., HPCSA retention periods and health regulations; billing or insurance with your consent).
• Communication: to send appointment reminders, invoices/receipts, and respond to inquiries.
• Quality improvement: to assess and improve services using anonymized, aggregated data.
• Legal obligations: to comply with lawful requests, court orders, or mandatory reporting.

We will never use your personal or health information for marketing or advertising, nor do we sell or rent your data. Processing is lawful, fair, and transparent, with informed consent for any sensitive data.

Telehealth and Online Sessions

• Informed consent: telehealth requires informed consent, including understanding risks and any recording (only with your permission).
• Secure platforms: encrypted tools are used; participate from a private space to protect confidentiality.
• Patient confidentiality: confidentiality applies exactly as for in‑person sessions.
• Data retention: tele‑session records (if any) are stored with your medical record for required retention periods.

Cookies and Google Analytics

Our website uses cookies and Google Analytics to improve user experience and analyze traffic. Cookies may track pages visited, duration, and usage patterns. We do not link analytics data to your therapy records. Google Analytics may collect IP and device information and transfer it to servers outside South Africa. We rely on Google’s compliance measures and standard contractual clauses for adequate protection. You can manage or disable cookies in your browser at any time.

Sharing and Disclosure of Information

• Within your care team: limited to what’s necessary for treatment and with your consent.
• Consent‑based disclosures: to any person/agency you authorize in writing.
• Legal requirements: minimum necessary disclosure when required by law or court order (e.g., serious risk, statutory reporting).
• Professional obligations: de‑identified case consultation/supervision under confidentiality.
• Service providers: contracted IT, cloud, billing or similar vendors operating under confidentiality and POPIA‑compliant safeguards, including cross‑border transfer conditions where applicable.

Data Storage and Security

• Secure storage: encrypted, password‑protected devices and cloud services (access restricted).
• Website security: SSL encryption; current firewalls/security software.
• Regular reviews: periodic updates to access controls, backups, and protections.
• Retention and disposal: adult client records retained for at least 6 years after last treatment (HPCSA). Secure deletion/shredding thereafter.
• Staff training: confidentiality training and agreements for anyone handling personal data.

Despite safeguards, no security can be 100% guaranteed. In the unlikely event of a data breach, we will investigate promptly and notify you and relevant authorities as required.

Your Rights as a Client

• Right to be informed about processing purposes and practices.
• Right to access a copy/summary of your information on written request.
• Right to correction of inaccurate or incomplete information.
• Right to deletion/erasure where information is no longer required or legally mandated to be retained.
• Right to object to processing for incompatible purposes.
• Right to withdraw consent at any time (without affecting prior lawful processing).
• Right to complain to the Information Regulator or the HPCSA if concerns are unresolved.

Compliance with Professional and Legal Standards

• POPIA: adherence to lawful processing, transparency, security, and data subject rights.
• Constitution — Bill of Rights: upholding the right to privacy as fundamental to our practice.
• HPCSA Ethical Guidelines: confidentiality maintained; disclosure only with informed consent or legal obligation.
• Patient Records: accurate and secure record‑keeping; retention for the legally required period.
• Telehealth Guidelines: same quality and confidentiality online as in person.

Changes to This Policy

We may amend this Privacy Policy to reflect changes in law, regulations, or our practices. If we make material changes, we will notify clients (for example, via email or website announcement). Your continued use of our services after updates constitutes your acceptance of the revised policy.

Contact Information

If you have any questions, concerns, or requests related to your privacy or this policy, please contact us:

• Email: privacy@kiarabramley.com
• Phone: +27 (012) 345-6789 (Pretoria office)

This page is provided for transparency and does not replace individualized consent or treatment agreements.