Privacy Policy

Policy version: May 2026

www.masumarahim.com (our website) is provided by Atlas Psychological Consulting Ltd, a company incorporated in England and Wales with registered number 09186135, whose registered office is at 3rd Floor, 86-90 Paul Street, London, EC2A 4NE (“we”, “our” or “us”).

We are the controller of personal data obtained via our website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

When we collect and use your personal data we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This privacy policy is divided into the following sections:

What this policy applies to
Personal data we collect about you
How your personal data is collected
How and why we use your personal data
Marketing
Who we share your personal data with
How long your personal data will be kept
Transferring your personal data out of the UK
Cookies and other tracking technologies
Your rights
Keeping your personal data secure
How to complain
Changes to this privacy policy
How to contact us

What This Policy Applies To

This privacy policy relates to your use of our website only. It does not govern any personal data processed in connection with services you may separately engage us to provide; those services are subject to their own confidentiality and data protection terms.

Throughout our website we link to third-party websites and services (including social media platforms). Those third parties may gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third parties, please consult their policies as appropriate.

Personal Data We Collect About You

When you use our website we may collect the following personal data about you:

Contact information — your name and email address, submitted when you complete the contact form on our website.
Message content — the content of the message you send us via the contact form.
Technical data — your IP address, browser type and version, device type, and the pages you visit on our website. This data is collected automatically by our hosting infrastructure and by Cloudflare (see Cookies and other tracking technologies below).

We do not collect special category personal data (such as data about your health, ethnicity, religion or criminal record) through this website. If you volunteer such information in a message to us we will treat it with the utmost care and will not use or retain it beyond what is necessary to respond to your enquiry.

We do not knowingly collect the personal data of children under 13 years old. If you are aware that a child under 13 has submitted personal data to us via this website, please contact us so that we can delete it.

How Your Personal Data Is Collected

We collect personal data from you:

Directly, when you submit information to us via the contact form on our website (including your name, email address and message).
Automatically, via server logs and the Cloudflare Turnstile bot-protection service embedded in our contact form, which collects technical data about your device and interaction with the page. For further information see Cookies and other tracking technologies below.

How and Why We Use Your Personal Data

Under data protection law, we can only use your personal data if we have a proper legal reason for doing so, including:

where you have given consent;
to comply with our legal and regulatory obligations;
for the performance of a contract with you or to take steps at your request before entering into a contract; or
for our legitimate interests or those of a third party (provided these are not overridden by your own rights and interests).

The table below explains what we use your personal data for and our legal basis for doing so.

Purpose	Legal basis
Responding to enquiries submitted via the contact form	Our legitimate interests, i.e. communicating with people who contact us; and your consent, given by submitting the form
Spam and bot protection via Cloudflare Turnstile embedded in the contact form	Our legitimate interests, i.e. protecting the integrity of our website and preventing misuse
Maintaining the security and operation of our website and IT systems	Our legitimate interests, i.e. ensuring our website and systems are secure and operational; and to comply with our legal and regulatory obligations
Complying with legal obligations (e.g. responding to lawful requests from courts or regulators)	To comply with our legal and regulatory obligations
Enforcing our legal rights or defending legal proceedings	Our legitimate interests, i.e. protecting our business, interests and rights

Marketing

We do not use personal data collected through this website to send you marketing communications. We will never sell your personal data to third parties or share it with third parties for their own marketing purposes.

Who We Share Your Personal Data With

We may share your personal data with the following categories of third parties where necessary to operate our website and respond to your enquiries:

Senha Ltd — the company that built and operates this website on our behalf. As our website operator, Senha Ltd may access personal data submitted through or processed by this website in the course of providing technical support, maintenance and operational services. They act as a data processor and are contractually required to process your personal data only on our instructions and in accordance with applicable data protection law.
Website hosting and infrastructure provider — who stores and serves our website on our behalf. They will only process your personal data in accordance with our instructions.
Email service provider — through whom contact form submissions are delivered to us. They process your name, email address and message content solely to deliver the communication.
Cloudflare, Inc. — which provides the Turnstile bot-protection service embedded in our contact form, and provides network and security services for our website. Cloudflare processes technical data (including your IP address and browser characteristics) to detect and prevent spam and malicious activity.

We only permit those organisations to handle your personal data where we are satisfied they take appropriate measures to protect it, and we impose contractual obligations on them to ensure they use your personal data solely to provide services to us.

We may also share personal data with:

our professional advisors (such as lawyers), where they are bound by confidentiality obligations;
law enforcement agencies, courts, tribunals and regulatory bodies, where required to comply with our legal and regulatory obligations; and
other parties that acquire control or ownership of our business in connection with a significant corporate transaction (such as a merger or acquisition), in which case information will be anonymised where possible.

We will not share your personal data with any other third party without telling you first.

How Long Your Personal Data Will Be Kept

We will not keep your personal data for longer than we need it for the purpose for which it is used.

Personal data submitted via the contact form (your name, email address and message) is retained only for as long as is necessary to respond to and resolve your enquiry. Once your enquiry has been resolved, this data will be securely deleted or anonymised, typically within 12 months of our last communication with you.

Technical data collected automatically (such as server logs) is retained for a shorter period consistent with normal hosting and security operations, typically up to 30 days.

Transferring Your Personal Data Out of the UK

Some of the third parties with whom we share your personal data are located or operate infrastructure outside the UK. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data.

In particular, Cloudflare, Inc. is a company headquartered in the United States. Personal data processed by Cloudflare in the United States is transferred on the basis of legally approved standard data protection clauses recognised further to Article 46(2) of UK GDPR, or such other appropriate safeguard as applies from time to time.

If you would like further information about data transferred outside the UK, or to obtain a copy of the relevant transfer mechanism, please contact us (see How to contact us below).

Cookies and Other Tracking Technologies

A cookie is a small text file placed onto your device (computer, smartphone or other electronic device) when you use our website. Our website uses cookies and similar technologies as described below.

Essential cookies set by this website

We set a single session cookie to provide the CSRF (cross-site request forgery) protection that secures the contact form. This cookie is strictly necessary for the contact form to function securely and expires at the end of your browser session. It does not track you across visits or third-party websites.

Third-party services that may process data when you visit

Our website loads resources from the following third-party services. These may set their own cookies or process data about your device and connection when the relevant resource loads:

Service	Provider	Purpose	Further information
Cloudflare Turnstile	Cloudflare, Inc. (USA)	Bot and spam protection on the contact form. Analyses device and browser characteristics to distinguish human visitors from automated bots.	Cloudflare Privacy Policy
Google Fonts	Google LLC (USA)	Loads typefaces used in the website design. Google may log your IP address when serving font files.	Google Privacy Policy
jsDelivr CDN (Bootstrap Icons)	Prospect One (EU)	Delivers icon font files used in the website design.	jsDelivr Privacy Policy

Most browsers allow you to refuse cookies or to delete cookies that have already been set. The methods for doing so vary from browser to browser; please refer to your browser’s help documentation. Please note that refusing or deleting cookies may affect your ability to use certain features of our website, including the contact form.

Your Rights

You generally have the following rights in relation to your personal data, which you can usually exercise free of charge:

Right	Description
Access	The right to be provided with a copy of your personal data.
Correction (rectification)	The right to require us to correct any mistakes in your personal data.
Erasure	The right to require us to delete your personal data in certain situations.
Restriction of use	The right to require us to restrict use of your personal data in certain circumstances, for example if you contest the accuracy of the data.
Data portability	The right to receive the personal data you provided to us in a structured, commonly used and machine-readable format and/or transmit that data to a third party, in certain situations.
Object to use	The right to object to our use of your personal data for direct marketing, and in certain other situations to our continued use of your personal data where we rely on legitimate interests.
Withdraw consent	Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of our use of your personal data before the withdrawal.
Not to be subject to automated decisions	The right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not make any such decisions based on personal data collected through this website.

For further information on each of these rights, including when they apply, you may refer to the guidance from the UK’s Information Commissioner at ico.org.uk.

To exercise any of these rights, please email, telephone or write to us using the contact details set out in How to contact us below. Please provide enough information to identify yourself and let us know which right(s) you wish to exercise and what your request relates to. We may request additional identity verification where reasonably necessary.

Keeping Your Personal Data Secure

We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it. Our website is served over HTTPS to encrypt data in transit.

We also have procedures in place to deal with any suspected personal data security breach. We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How to Complain

Please contact us if you have any queries or concerns about our use of your personal data (see How to contact us below). We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. The ICO may be contacted at ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

Changes to This Privacy Policy

We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example by including a prominent notice on our website. The current version of this policy will always be available on this page.

How to Contact Us

You can contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law, or to make a complaint.

Atlas Psychological Consulting Ltd
3rd Floor, 86-90 Paul Street
London, EC2A 4NE
[email protected]

Last updated: May 2026. Data controller: Atlas Psychological Consulting Ltd, company number 09186135, registered in England and Wales.