Privacy Policy – Second Story

Last updated: February 2026

Your privacy, confidentiality, and trust are central to how this practice operates.
This Privacy Policy explains how your personal information is collected, used, stored,
and protected in accordance with the UK General Data Protection Regulation (UK GDPR).

Who I Am

I am Dr. Aaron Benjamin Wiener-Blotner, Clinical Psychologist and founder of Second Story.
The Health and Care Professionals Council (HCPC) regulates and informs my practice.
I am based in Israel and provide online psychological therapy services to clients in the
United Kingdom. I act as the Data Controller for the personal data you provide.

Contact email:Hello@secondstory.co.uk

Professional Registration

I am a qualified Clinical Psychologist practising in accordance with recognised
professional ethical standards. My clinical work follows established professional
guidelines regarding confidentiality, record-keeping, and data protection.

 

What Information I Collect

I may collect and store the following information:

  • Name, email address, phone number
  • GP details and emergency contact
  • Information shared in therapy sessions
  • Therapy notes and clinical records
  • Appointment and payment records
  • Website usage data (cookies)

This includes special category health data under UK GDPR.

Lawful Basis for Processing Your Data

Your personal data, including special category health data, is processed under the
following lawful bases:

  • Article 6(1)(b) – Contractual necessity
  • Article 6(1)(f) – Legitimate interests
  • Article 9(2)(h) – Provision of healthcare
  • Explicit consent where required

Where Your Data Is Stored

Your data may be securely stored using GDPR-compliant platforms, including:

  • Google Workspace
  • Zoom
  • Halaxy
  • Healthcode
  • Secure encrypted devices and backups

Some data may be stored in countries recognised by the UK as providing an adequate
level of data protection.

International Data Transfers

Where personal data is transferred outside the United Kingdom, this is done in
accordance with UK GDPR requirements through:

  • Storage in countries recognised by the UK as providing an adequate level of data protection, and/or
  • Use of GDPR-compliant service providers who implement appropriate contractual safeguards for international data transfers.

Data Security Measures

Your data is protected using appropriate safeguards including encrypted storage,
password-protected devices, two-factor authentication, and secure video platforms.

Clinical Record Keeping

Clinical notes are brief, factual, and stored securely for the purpose of providing
safe and effective therapy.

How Long I Keep Your Records

Records are kept for 7 years after the end of therapy for adults.

Confidentiality

All information shared in therapy is confidential except where there is a legal or
ethical obligation to disclose.

Third-Party Services (Data Processors)

I use GDPR-compliant services including Google Workspace, Zoom, Halaxy, and Healthcode.

Your Rights Under UK GDPR

You have the right to access, correct, delete, restrict, object, and request portability
of your data, and to lodge a complaint with the ICO
(https://ico.org.uk).

Data Breach Procedure

In the unlikely event of a data breach, you will be informed within 72 hours.

Cookies

This website uses basic cookies for functionality and analytics.

Updates to This Policy

This Privacy Policy may be updated periodically.

Contact

Dr. Aaron Wiener-Blotner
hello@secondstory.co.uk

Scroll to Top