Privacy Policy — Kiara Bramley Psychology

Last updated: June 1, 2026

Kiara Bramley Psychology (“we”, “us”, “the Practice”) is committed to protecting the privacy and personal information of our clients. The Practice is a sole proprietorship operated by Kiara Bramley, a psychologist registered with the Health Professions Council of South Africa (HPCSA Registration PS0165379; Practice Number 0970832), practising at 300 Kruger Avenue, Lyttelton Manor, Centurion, 0157. The Practice is the “responsible party” for your personal information under POPIA.

This policy explains how we collect, use, disclose, store, and secure your personal and health information in compliance with South Africa’s Protection of Personal Information Act, 2013 (POPIA), the Constitution’s right to privacy, and the ethical guidelines of the Health Professions Council of South Africa (HPCSA).

Our lawful basis for processing. We process your personal information where it is necessary to provide the services you have requested, to comply with a legal or professional obligation, to protect a legitimate interest (such as your safety), or on the basis of your consent. Because health information is “special personal information”, we rely on your explicit consent — given through your intake and treatment consent forms — and on the authorisation in POPIA for the processing of health information by a health professional. Using this website signifies that you have read and understood this policy; it does not by itself constitute consent to clinical processing, which we obtain separately.

Information Officer

In terms of POPIA, the Information Officer of the Practice is Kiara Bramley. The Information Officer is responsible for ensuring the Practice’s compliance with POPIA and for handling requests relating to your personal information, including access, correction, objection and deletion requests, as well as requests for access to records under the Promotion of Access to Information Act, 2000 (PAIA).

Information Officer: Kiara Bramley
Email: privacy@kiarabramley.com
Phone: 064 954 1812
Postal/physical address: 300 Kruger Avenue, Lyttelton Manor, Centurion, 0157

Information We Collect

Contact and identity details: first and last name, title, date of birth, gender, identity number, home and postal address, phone number, email, employer details, and emergency/next-of-kin contacts.
Medical aid and billing details: medical aid scheme, plan, membership and dependant details, and payment information needed to invoice you or submit claims.
Medical and psychological history: information about your physical and mental health, previous diagnoses, treatments, medications, hospital/facility admissions, and therapy records.
Session records and consent forms: clinical notes, treatment plans, progress notes, assessment reports, consent forms, intake questionnaires, digital signatures, and any voice recordings (only if used for record-keeping and with your permission).
Communications and feedback: emails, text messages, or correspondence between you and us, including any concerns or feedback you provide.
Website and enquiry data: details you submit through our contact form (name, email, message), and technical information collected via cookies and analytics (see “Cookies, Analytics and Advertising”). When you submit our online intake form we also record technical metadata such as your IP address, browser/device information and approximate location (city/region) for security and record-keeping.

Health information is “special personal information” under POPIA. We collect it only for legitimate therapy and care purposes, and only with your consent or where the law otherwise permits the processing of health information by a health professional.

Children’s Personal Information

We provide therapy and assessment services to children and adolescents (including children’s play therapy). The personal information of a child is afforded special protection under POPIA. Where our client is a minor (under 18):

We process the child’s personal information only with the consent of a “competent person” — normally a parent or legal guardian — or where processing is otherwise permitted by law (for example, to protect the child’s legitimate interests or to comply with a legal obligation).
The parent or guardian who provides consent may exercise the child’s rights under this policy on the child’s behalf, including the rights of access, correction and objection.
We collect only the information reasonably necessary for the child’s care, and we apply the same confidentiality and security safeguards as for adult clients. Disclosure of a child’s information is handled in line with HPCSA ethical guidelines and the child’s best interests.

How We Collect Information

Directly from you (or, for a minor, from a parent/guardian): intake interviews, questionnaires, consent forms, our online forms, and therapy sessions.
Referral sources: with your permission, from referring doctors or other healthcare providers.
Online interactions: when you use our website, we collect technical data (e.g., IP address, browser type, device information) via cookies and Google Analytics (see “Cookies, Analytics and Advertising”).
Service providers: reputable practice-management, scheduling, communication and hosting platforms that process data on our behalf under confidentiality and data-protection obligations.

We will inform you of the specific purpose when collecting data and only request information reasonably required for your care, in accordance with POPIA’s Accountability and Processing Limitation conditions.

How We Use Your Information

Therapy and care: to assess, diagnose, treat, and support you (including treatment planning, scheduling, and monitoring progress).
Billing and medical aid: to invoice you, process payments, and — with your consent — submit claims to your medical aid.
Communication: to send appointment reminders, invoices/receipts, and respond to enquiries.
Legal and ethical compliance: to keep records as required by law and professional guidelines (e.g., HPCSA retention periods, tax legislation), and to comply with lawful requests, court orders, or mandatory reporting.
Quality improvement and website measurement: to assess and improve our services and website using anonymised, aggregated data and analytics.

We do not sell or rent your personal information, and we never use your clinical or health information for marketing or advertising. We do measure the effectiveness of our website and online advertising using cookie-based analytics and advertising tools (see below) — this involves website-visitor data, not your therapy records, and the two are kept separate. Should we ever wish to send you electronic marketing communications (such as a newsletter), we will do so only with your separate, opt-in consent, and you may unsubscribe or withdraw that consent at any time, in line with section 69 of POPIA.

Telehealth and Online Sessions

Informed consent: telehealth requires informed consent, including understanding the risks and any recording (only with your permission).
Secure platforms: encrypted tools are used; please participate from a private space to protect confidentiality.
Patient confidentiality: confidentiality applies exactly as for in-person sessions.
Data retention: tele-session records (if any) are stored with your medical record for the required retention periods.

Cookies, Analytics and Advertising

Our website uses essential cookies for security and functionality, and analytics/advertising cookies (Google Analytics and Google Ads) to understand how visitors find and use the site and to measure the effectiveness of our advertising. These tools collect de-identified (where possible) usage data, IP and device information, and may transfer it to Google servers outside South Africa. We do not link this website-analytics data to your therapy records. You can manage or disable cookies in your browser at any time. For more detail, see our Cookie Policy.

Sharing and Disclosure of Information

Within your care team: limited to what’s necessary for treatment and with your consent.
Medical aids: where you choose to claim, we share the clinical and billing information required to process the claim. Once shared, the medical aid processes that information under its own terms.
Consent-based disclosures: to any person or agency you authorise in writing.
Legal requirements: the minimum necessary disclosure when required by law or court order (e.g., serious risk of harm, statutory reporting).
Professional obligations: de-identified case consultation/supervision under confidentiality.
Operators (service providers): contracted IT, hosting, scheduling, communication and email providers that process data on our behalf under confidentiality and POPIA-compliant safeguards. Some of these providers (for example, cloud hosting, email delivery and calendar/scheduling services) may store or process data outside South Africa; where this happens, we rely on lawful cross-border transfer mechanisms such as comparable data-protection laws or contractual safeguards, as required by POPIA section 72.
Scheduling and AI-assisted tools: we use third-party scheduling and AI-assisted tools to manage appointments. Any AI-assisted tools we use are enterprise-grade services: your information is not used to train AI models, is processed only to provide the service to us, is not retained by the provider beyond what is necessary, and is protected under confidentiality and data-protection terms.

Data Storage and Security

Secure storage: encrypted, access-restricted devices and cloud services.
Website security: SSL/TLS encryption and current security controls.
Regular reviews: periodic updates to access controls, backups, and protections.
Retention and disposal: clinical records are retained for at least 6 years after the last consultation, in line with HPCSA requirements (and longer for minors, where applicable), after which they are securely deleted or destroyed. Website enquiry data is kept only as long as needed to respond to and account for the enquiry.
Confidentiality: confidentiality obligations apply to anyone handling personal data.

Despite these safeguards, no security measure can be guaranteed to be completely secure. In the event of a data breach involving your personal information, we will investigate promptly and notify you and the Information Regulator as required by POPIA.

Your Rights as a Data Subject

Right to be informed about the processing of your personal information.
Right to access a copy or summary of your information on written request (subject to PAIA).
Right to correction of inaccurate or incomplete information.
Right to deletion/destruction where information is no longer required or legally mandated to be retained.
Right to object to processing in certain circumstances.
Right to withdraw consent at any time (without affecting prior lawful processing).
Right to complain to the Information Regulator (details below) or the HPCSA if your concerns are unresolved.

To exercise any of these rights, or to request access to a record, contact our Information Officer using the details above. Access to records is handled in terms of our PAIA Manual.

The Information Regulator

You have the right to lodge a complaint with the Information Regulator (South Africa):

Information Regulator (South Africa)
Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191
Tel: 010 023 5200 • Toll-free: 0800 017 160
General enquiries: enquiries@inforegulator.org.za
POPIA complaints: POPIAComplaints@inforegulator.org.za
PAIA complaints: PAIAComplaints@inforegulator.org.za
Website: https://inforegulator.org.za

Changes to This Policy

We may amend this Privacy Policy to reflect changes in law, regulations, or our practices. If we make material changes, we will notify clients (for example, via email or a website announcement). Your continued use of our services after updates constitutes acceptance of the revised policy.

Contact Information

Email: privacy@kiarabramley.com
Phone: 064 954 1812
Address: 300 Kruger Avenue, Lyttelton Manor, Centurion, 0157

This page is provided for transparency and does not replace individualised consent or treatment agreements.