Lumina Care Therapy | Culturally Aware Online Therapy Platform UK

1. Who We Are (Data Controller)

Lumina Care Therapy acts as Data Controller under the UK GDPR in respect of platform account data, platform operations, billing, customer support, and safety-related platform functions.

2. Therapist Controller Status

Independent therapists act as separate Data Controllers in respect of clinical decision-making and therapy records, even where such records are stored within the Platform.

3. Special Category Data

We process health-related information which constitutes Special Category Data under Article 9 UK GDPR.

4. Lawful Basis (Article 6)

We rely on:

Article 6(1)(b) (performance of a contract) where processing is necessary to provide the Platform and booked services; and/or
Article 6(1)(f) (legitimate interests) where processing is necessary to operate, secure, and improve the Platform.

5. Special Category Condition (Article 9)

Where we process health-related data, we rely on Article 9(2)(a) (explicit consent) unless an alternative lawful condition clearly applies to the specific processing activity.

7. Access to Clinical Notes

Clinical notes stored within the Platform are accessible only to the relevant patient and therapist. Lumina personnel do not access clinical notes unless the patient explicitly shares content for reporting/disputes or access is required for safeguarding, legal compliance, or security investigation, and only to the minimum extent necessary.

8. Security Measures

We implement appropriate technical and organisational measures including encryption in transit (TLS), role-based access control, authentication safeguards, and audit logging.

9. Data Retention

We retain personal data only for as long as necessary for contractual delivery, safeguarding, dispute resolution, and legal/regulatory obligations. Retention periods may vary by data type.

10. Your Rights

You have the right to request access, rectification, erasure, restriction, portability, and to object to certain processing, subject to legal limitations.

11. ICO

You have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Website: ico.org.uk

12. DPIA Statement

Lumina has conducted a Data Protection Impact Assessment in relation to the processing of health-related data and telehealth functionality.

13. Diversity & Matching Data

To facilitate informed therapist matching, the Platform collects certain diversity and preference data from both patients and therapists. This includes gender, cultural background, faith tradition, and LGBTQ+/trans affirming status.

This data constitutes Special Category Data where it relates to health, sexual orientation, or religious belief under Article 9 UK GDPR. We rely on Article 9(2)(a) (explicit consent) as our lawful condition for processing this data.

For therapists, this information is displayed on their public profile to help patients make informed choices. For patients, preferences are used solely for matching purposes and are not shared beyond what is necessary to facilitate a booking.

You may update or remove this information at any time via your account settings. Removal may affect the quality of match recommendations.

14. AI Tools (Lumi)

The Platform includes Lumi, an AI-powered conversational tool designed to provide emotional support, self-assessment guidance, and therapist matching assistance. Lumi is not a therapist and does not provide clinical advice or diagnosis.

Conversations with Lumi may be processed by third-party AI providers (currently OpenAI) to generate responses. We do not use Lumi conversations to train AI models. Lumi conversations are subject to a daily usage limit per user.

Lumi conversations are not shared with your therapist unless you explicitly choose to do so. They are not part of your clinical record.

Privacy Policy