Privacy Notice

Please read this Privacy Notice carefully to understand how your personal data is collected, stored, used, and protected.

1. Practice Details

Data Controller:

by word of mind Ltd. Company registered in England and Wales: 15805792
Registered Office: c/o 70B Mountgrove Road, London N5 2LT
Email: contact@bywordofmind.org
ICO Registration Number: ZB652651

This Privacy Notice was last updated on 1 November 2025. Future updates will be posted on this page.

2. Commitment

by word of mind Ltd:

• provides psychotherapy services for adults

• is committed to protecting your privacy and safeguarding your personal data

• will never sell your data to third parties

• processes your data lawfully, fairly, and transparently

• complies with the Data Protection Act (2018), UK GDPR, and UKCP ethical requirements

• maintains appropriate technical and organisational security measures

• will provide the full Data Protection Policy on request

3. Types of Personal Data Collected

To provide psychotherapy services, the practice may collect:

Basic Contact Information

• your name

• date of birth

• email address

• telephone number

• postal address

• GP or emergency contact details

Special Category Data (Health Information)

• therapy notes

• information you disclose in sessions

• referral information

• health-related information relevant to therapy

Website and Technical Data

• IP address

• browser type

• pages visited

• cookie and analytics information (via Google Analytics)

4. Lawful Bases for Processing (UK GDPR)

Your personal data is processed under the following lawful bases:

Article 6 (Lawful Basis for General Data)

• Contract: To provide the psychotherapy services you request.

• Legitimate Interests: To maintain clinical records, manage appointments, and ensure safe and effective service provision.

• Legal Obligation: In circumstances involving safeguarding, crime prevention, or regulatory requirements.

Article 9 (Special Category Data — Health Information)

• Provision of Health or Social Care: Processing is necessary for the delivery of psychotherapy services.

• Substantial Public Interest: For safeguarding concerns where required.

• Explicit Consent: For any optional processing (e.g., contacting your GP at your request).

5. How Personal Data Is Collected

Data may be collected:

• through the website contact form

• by email, phone, or text

• verbally in sessions

• in referral information from a third party (only with your consent)

You choose how much information you provide prior to beginning therapy.

6. How Your Data Is Used

Your data is used to:

• communicate with you about appointments and therapy arrangements

• provide psychotherapy services

• maintain clinical notes

• manage invoicing

• meet professional and legal obligations

• ensure safety and safeguarding where required

Your data will not be used for marketing.

7. Data Sharing

Your personal data will not be shared with third parties except:

• with your explicit permission, e.g., contacting your GP if you request it

• where required by law, such as:

  • risk of serious harm to self or others

  • safeguarding adults or children

  • disclosures relating to terrorism, money laundering, or specific criminal activity

  • a court order

Third-Party Service Providers

Certain trusted service providers may process your data solely to support service delivery:

• Email provider (e.g., Gmail/Outlook)

• Website hosting provider

• Google Analytics (website statistics)

These organisations act only as data processors and cannot use your data for any other purpose.

8. International Data Transfers

Some services (such as email, website hosting, or Google Analytics) may transfer data outside the UK.
Where this occurs, the practice ensures appropriate safeguards are in place, including:

• UK Government-approved adequacy decisions

• Standard Contractual Clauses (SCCs)

• Additional security measures where required

9. Data Security and Storage

• Therapy notes are stored securely with no directly identifiable information.

• Identifying information is stored separately from clinical notes.

• Digital data is stored on encrypted devices or secure cloud systems.

• Access is restricted to the Data Controller only.

• No client information is stored on portable USB drives or unencrypted devices.

10. Retention Periods

Your personal data is kept only as long as necessary:

• Clinical notes: up to 7 years after therapy ends (professional indemnity and legal requirements).

• Communication records, scheduling, and invoicing data: 7 years.

• Website analytics data: standard Google Analytics retention settings.

After this period, data is securely destroyed or anonymised.

11. Your Rights

You have the right to:

• be informed about how your data is used

• access your personal data

• request rectification of inaccurate or incomplete data

• request erasure of your data (in some circumstances)

• restrict processing under certain conditions

• object to processing where legally applicable

• data portability (where applicable)

To exercise any of these rights, email: contact@bywordofmind.org

12. Website Cookies and Analytics

This website uses cookies to understand how visitors use the site and to improve user experience.
The site uses Google Analytics, which collects:

• device information

• browser type

• IP address (anonymised when possible)

You can manage or disable cookies through your browser settings.
For more information, see: Cookies — advice for the public (ICO).

13. How to Complain

If you have concerns about how your data has been handled, please contact:

contact@bywordofmind.org

If the issue is not resolved, you may contact:

• UKCP (professional regulatory body)

• Information Commissioner’s Office (ICO): www.ico.org.uk