The Therapy Rooms (TTR) aims to respect your privacy, keep your personal information safe and secure, and aims not to infringe upon your human rights and freedoms. However, additional legislation on data protection has come into force from Friday 25th May 2018 called the GDPR (General Data Protection Regulation). The GDPR is legislation that exists to give you greater transparency and control over how your personal information (data) is held. This policy aims to clarify our commitment to maintaining your privacy in line with GDPR legislation. Please find below information The Therapy Room privacy policies which clarifyies the collection, usage, storage and other matters relevant to your personal data.
The Therapie Rooms is a therapy room hire service based at Room 322, Hamilton House, Mabledon Place, London, WC1H 9BB.
TTR collects your data through its website www.thetherapierooms.co.uk, its email address email@example.com, and telephone number 07714 028837, via anything you submit in an email enquiry, telephone calls, answer-machine messages, texts and any hard copy information.
TTR does not collect, use or retain any data or manage any element of any psychotherapy, counselling or similar enquiries that are made by therapy clients via the TTR website. Any queries about psychotherapy, counselling, coaching or any similar talk therapy delivered by practitioners at TTR are dealt with between the counselling client and the therapists directly.
So how do you store my data?
Your information is stored, primarily electronically, in a secure, password-protected place, only accessible by 1-2 staff who need to access this, to perform room hire duties. Minimal information is held in hard copy form such as professional indemnity insurance; copies of qualifications verifying your profession; full name for payment reference; website and email addresses; up-to-date registration, and; some personal contact data is retained in a lockable storage cabinet only accessible by 1-2 staff who’d need to see it in the performance of room hire duties only.
Your data is used only in maintaining our relationship with you should you decide to sign a license agreement with TTR. If you make an enquiry and then decide not to use the service, this data is destroyed within one month. If you are a licensee and then decide to leave, we retain your data for 6 months after you leave before destroying it. This is unless you make a specific ‘right to be forgotten’ request.
You can request for all information about you to be erased at any time. This is called ‘the right to be forgotten’. Should you make a request, TRR will respond to confirm receipt of your request and then consider the grounds for your request and decide as to whether to comply or whether the law permits TTR to refuse.
You are permitted to object to your data being processed. However, where this causes conflict with insurance or legislative requirements, this may mean room hire cannot continue.
How do you use my information?
This data is only used for the purposes of your room hire agreement enquiry only. TTR does not disclose your data to any third party for any purpose unless TTR is legally required to share personal data, which may include yours, for the purposes of legal proceedings and to comply with any requests made by a court of law, or under a court order issued by a government authority. Should your data by required in these circumstances, steps will be taken to ensure that your data is handled safely and securely, in accordance with your rights and freedoms and TTR’s data protection obligations.
Your full name, company name and contact telephone number may be shared with reception staff. This is for the purpose of assisting practitioners and their clients.
Information can also be found about specific practitioners who hire the room(s) on the website under the relevant listings tab. This information is submitted to the site at the request of the therapists themselves, with practitioner consent, and for the sole purpose of giving information to clients who may be seeking their services.
How can I access my personal data?
You can make a request for your data at any time. This is called a subject access request. Should you wish to make a subject access request, please specify that you are requesting your personal data or making a subject access request. This can be done either in writing to Belinda Wilson at firstname.lastname@example.org, or you can submit this verbally if you’d prefer.
TTR will respond first by confirming that your subject access request has been received, that your request will be processed and that you will receive access requested within one calendar month. This is free of charge. If the request is complex, or TTR have received several requests from you, TTR will let you know within one calendar month that an extension is necessary and will extend by no more than a further two calendar months. TTR may request identification of the person making the request in proportion to the request being made.
TTR will give the information in electronic format unless you request otherwise. For formats that are not electronic a ‘reasonable fee’ may be charged for administrative purposes. A reasonable fee may also be charged for extra copies of data.
In some instances, TTR may refuse to comply with a subject access request. This is only where the request is ‘manifestly unfounded or excessive’. If this is the case TTR may request a ‘reasonable’ fee or refuse the request. If a reasonable fee is charged, the request will not be responded to until the reasonable fee is paid.
Should your request need to be refused, TTR will explain why within one calendar month of the receipt of your request, and you will be able to make a complaint to the ICO should you wish to, by going to the (Information Commissioners Office) which is an independent authority that aims to uphold information rights. You may also complain through other supervisory authorities or via judicial means.
Should you find data to be factually incorrect, you are able to request that this be amended e.g. wrong date on an invoice sent, etc.
Should your data content potentially breach a third party’s confidentiality, this will be removed prior to being sent.
A personal data breach is defined by the ICO (Information Commissioners Office) as
‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data’.
The ICO goes on to explain that personal data breaches include:
- ‘access by an unauthorised third party;
- deliberate or accidental action (or inaction) by a controller or processor;
- sending personal data to an incorrect recipient;
- computing devices containing personal data being lost or stolen;
- alteration of personal data without permission; and
- loss of availability of personal data’.
'A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed’.
Should an incident occur, TTR will promptly evaluate and establish if a data breach has occurred and assess the severity of the incident. If there is not risk that your rights or freedoms have been placed at risk TTR is not required to report this to the ICO. However, TTR must report to the ICO if it’s likely that there will be a risk. In the instance where TTR does not report, TTR will need to justify this decision and document it accordingly.
Should a data breach occur where there will be a risk, TTR will inform you promptly either verbally or in written form within 72 hours.
It matters to TTR that you are clear on and comfortable with how your data is dealt with, so, please read this information carefully and do let us know if you have any questions of concerns at any time. TTR is happy to talk this through with you.
There’s also lots of information available online at the .
There may be some changes to this policy from time to time to ensure it’s in line with any legislative changes that might happen. TTR encourage licensees to check this page periodically to keep up to date.
Therapy Work Disclaimer
Please note that The Therapie Rooms (TTR) accepts no responsibility for any claims made by practitioners working from TTR both on the TTR website or in relations to any claims made elsewhere about their work. TTR does not vouch for any psychotherapy approach or style used by practitioners, nor does TTR have any involovement whatsoever in collating data on clients experience of therapies, coaching or similar talking therapies.
Any clients wishing to check the qualifications and credentials of practitioners before commencing sessions may do so directly by having a full discussion with the practitioner directly and/or their registering body such as the UKCP, BACP or HCPC.
TTR is not able to respond to any client therapy enquiries.
Last updated 25 June 2018.