Therapy Centre Services
Data Protection & Privacy Policy
Introduction
Therapy Centre Services ("TCS", "we", "our", or "us") is committed to protecting the privacy and personal data of our clients, counsellors, and staff. This policy explains how we collect, store, and use your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy was updated in May 2025 to reflect the current UK GDPR and Data Protection Act 2018 requirements.
TCS acts as the data controller for the personal data you provide to us. This policy applies to all data collected by TCS through any means — verbal, written, digital, or through our website.
If you have any questions or concerns about this policy or how we handle your data, please contact a member of the Board of Directors at info@therapycentreservices.com.
Consent
When you engage with Therapy Centre Services — whether as a client, staff member, or volunteer — you may be asked to confirm your informed consent for the processing of your personal data under this policy.
We process your personal data under one or more of the following lawful bases:
1. Consent – where you have given explicit consent
2. Contractual necessity – to fulfil our obligations to staff, clients or Counsellors
3. Legal Obligation – to comply with applicable laws (e.g. safeguarding, HMRC requirements)
What data we collect Depending on your relationship with us, we may collect the following personal data:
Clients – Name, address, contact information; availability and preferences; sensitive data relating to health, wellbeing, personal background, and presenting issues.
Initial Assessments – Medical history, mental health background, personal and social context; family circumstances and current challenges.
Counsellors – Contact details, qualifications, experience, professional memberships; referees and emergency contacts.
Employees – CV and employment history; contact information and references; right to work and safeguarding checks.
Donors – Name, address, email, phone number; donation amounts and Gift Aid status.
Website Users – Anonymised user data via Google Analytics (subject to Google’s own privacy policy).
Form Submissions – Any data you provide via forms, including name, email, phone number, and messages. Changes to this policy We may edit this policy from time to time. If we make any substantial changes we will notify you by posting a prominent announcement on our website.
How We Use Your Information
• To provide and manage counselling services
• To assess suitability and match clients to Counsellors
• To administer appointments, feedback, and service improvements
• To support and manage staff and our team of counsellors
• To meet legal and contractual obligations
• To conduct internal analysis using anonymised data
• To respond to enquiries or complaints
• To share updates or opportunities where consent has been given
What We Share — and When
We only share your data when necessary and under appropriate safeguards;
• With your consent – e.g., contacting a GP or referrer
• To prevent serious harm – where risk to yourself or others is identified
• To meet legal obligations – (court orders, safeguarding authorities)
• With service providers under data processing agreements (e.g. payroll / IT providers)
How We Keep Your Data Safe
We implement a range of security measures to protect your data:
• Digital-first, remote operations: All records are stored securely in encrypted password protected systems. No paper records are used.
• Encrypted communications: secure digital platforms are used in compliance with UK GDPR
• Separate storage: Session notes are kept separately from identifying information
While we aim to secure methods, internet based communication (e.g. email) may not be 100% secure. We use secure platforms when possible.
Data Retention
• Client notes: Deleted 3 years after counselling ends
• Gift Aid declarations: Retained for 7 years for HMRC compliance
• Contact details: Retained for up to 10 years
• Employment data: retained as per statutory requirements
Your Rights
• Access your data (Subject Access Request)
• Correct inaccuracies
• Request erasure of data (in specific cases)
• Restrict or object to processing
• Withdraw consent at any time
Please note: withdrawing consent while receiving counselling will result in termination of services, as we cannot provide support without holding certain necessary information.
To make a request regarding your data, please email: info@therapycentreservices.com. Your request will be reviewed and responded to by a member of the Board of Directors.
Cookies and Tracking
Our website uses Cookies and analytic tools (such as Google Analytics). Please refer to our Cookie policy for more information and control options.
Data Breaches
In the event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours if required, and inform affected individuals when there is a high risk to their rights or freedoms.
Updates to this policy
We may update this policy occasionally. Substantial changes will be announced prominently on our website. The current version is always available at www.therapycentreservices.com