Privacy Policy
The Therapy Company (UK) Ltd
Last Updated: 1st June 2026
This Privacy Policy explains how The Therapy Company (UK) Ltd collects, uses, stores and protects personal information when you visit our website, submit an enquiry, complete an online form, request a service or otherwise interact with us online.
We are committed to protecting your privacy and handling personal information fairly, lawfully and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and applicable healthcare confidentiality requirements.
By using this website, you acknowledge that you have read this Privacy Policy.
1. Data Controller
The Therapy Company (UK) Ltd is the Data Controller for personal data collected through this website.
For any questions regarding this Privacy Policy or your personal information, please contact:
The Therapy Company (UK) Ltd
2. Personal Data We Collect
Most areas of our website can be accessed without providing personal information.
We may collect personal information when you:
• Submit an enquiry
• Complete a contact form
• Request information about our services
• Submit an online form
• Submit a repeat prescription request
• Request an appointment
• Request an ADHD, autism, psychiatric or therapy assessment
• Contact us by email or through website forms
The information collected may include:
• Name
• Date of birth
• Address
• Telephone number
• Email address
• Consultant or clinician details
• Appointment information
• Medication information
• Pharmacy or delivery preferences
• Payment-related information
• GP details
• Any information you choose to include within your enquiry or submission
Certain information may constitute Special Category Data under UK GDPR, including:
• Physical health information
• Mental health information
• Medical history
• Medication details
• Assessment information
• Treatment information
• Care-related information
We request that only information relevant to your enquiry, care or request is provided.
3. How We Use Your Information
We use personal information to:
• Respond to enquiries
• Communicate with you regarding services
• Arrange appointments
• Manage referrals
• Review and process repeat prescription requests
• Verify patient identity
• Support clinical decision-making
• Contact you regarding your care
• Arrange follow-up appointments
• Process payments and administration
• Maintain clinical and administrative records
• Meet legal, regulatory and professional obligations
• Improve website functionality and user experience
• Protect patients, staff and others from harm where safeguarding concerns arise
We do not use enquiry information or clinical information for marketing purposes unless you have separately provided explicit consent.
4. Lawful Basis for Processing
Our lawful basis for processing personal information may include:
Legitimate Interests
To respond to enquiries, manage communications, maintain records and operate our website effectively.
Contract
Where processing is necessary to provide or administer services requested by you.
Consent
For non-essential cookies and analytics technologies. Consent may also be used where required for specific activities.
Legal Obligation
Where processing is necessary to comply with legal, regulatory, safeguarding, healthcare or professional obligations.
Special Category Health Data
Where we process health-related information, we rely upon Article 9(2)(h) UK GDPR, namely processing necessary for:
• Preventive healthcare
• Medical diagnosis
• Provision of healthcare services
• Treatment
• Health and social care management
• Healthcare administration
We may also process information where required for safeguarding purposes, public health reasons or the establishment, exercise or defence of legal claims.
5. Data Retention
We retain personal information only for as long as necessary for the purposes for which it was collected.
Healthcare-related information may be retained in accordance with:
• NHS Records Management Code of Practice
• Professional body guidance
• Regulatory requirements
• Insurance requirements
• Legal obligations
Website enquiries that do not result in treatment or services are retained only for as long as necessary to manage the enquiry and any related follow-up.
Information is securely deleted or anonymised when no longer required.
6. Data Sharing
We do not sell personal information.
We may share information where:
• Required by law
• Necessary to comply with court orders or regulatory requirements
• Necessary to safeguard an individual
• Necessary to protect the rights, safety or wellbeing of patients, staff or others
• Required for the provision of healthcare services
• Necessary for website hosting, technical support or administrative services
All third-party providers are required to maintain appropriate confidentiality, security and data protection standards.
Where required, Data Processing Agreements are in place.
7. Online Forms and Jotforms
Some forms available through our website are provided using Jotform.
These may include:
• Contact forms
• Assessment request forms
• Referral forms
• Repeat prescription request forms
• Other healthcare administration forms
Information submitted through these forms is processed through Jotform's platform and made available only to authorised members of The Therapy Company team who require access for clinical, administrative or operational purposes.
Access to submitted information is restricted using appropriate technical and organisational controls.
Users should only provide information relevant to the purpose of the form being completed.
8. International Transfers
Some service providers may process personal information outside the United Kingdom.
Where personal information is transferred internationally, we ensure that appropriate safeguards are implemented, including:
• UK adequacy regulations
• International Data Transfer Agreements
• Standard contractual protections
• Other safeguards recognised under UK GDPR
We take reasonable steps to ensure personal information receives an equivalent level of protection wherever it is processed.
9. Safeguarding and Risk Management
As a healthcare provider, we may review and share information where necessary to protect individuals from serious harm.
Where required, information may be disclosed to:
• Healthcare professionals
• GPs
• NHS services
• Safeguarding agencies
• Emergency services
• Regulatory bodies
• Law enforcement agencies
Such disclosures will only be made where there is a lawful basis to do so.
10. Children and Young People
We may receive information relating to children and young people where a parent, guardian or individual with parental responsibility submits an enquiry, referral or request on their behalf.
Such information is processed only for the purposes described within this Privacy Policy and in accordance with applicable data protection legislation.
11. Technical Information
We may automatically collect technical information including:
• Browser type
• Device type
• Operating system
• Website usage data
• IP address information
• Pages visited
This information is used to maintain website security, monitor performance and improve functionality.
Where possible, this information is aggregated or anonymised.
12. Cookies and Analytics
Our website uses cookies to support website functionality and improve user experience.
Types of Cookies
• Strictly Necessary Cookies
• Performance Cookies
• Functionality Cookies
• Analytics Cookies
• Advertising Cookies where applicable
Google Analytics
We use Google Analytics to understand how visitors use our website.
Google Analytics cookies are non-essential and will only be activated after consent has been provided through our cookie management system.
Users may withdraw consent at any time through cookie settings.
13. Data Security
We implement appropriate technical and organisational measures to protect personal information against accidental loss, unauthorised access, alteration, disclosure or destruction.
Measures may include:
• Access controls
• Password protection
• Encryption where appropriate
• Secure hosting environments
• Staff training
• Confidentiality obligations
• Audit and monitoring procedures
Access to personal information is restricted to authorised personnel who require access to perform their role.
Whilst we take reasonable precautions, no internet-based transmission can be guaranteed to be completely secure.
14. Your Rights
Under UK GDPR, you may have the right to:
• Access your personal information
• Request correction of inaccurate information
• Request deletion of personal information in certain circumstances
• Restrict processing
• Object to processing based on legitimate interests
• Request transfer of your information where applicable
• Withdraw consent where consent is relied upon
Requests should be submitted using the contact details below.
We may request proof of identity before responding to requests.
15. Complaints
If you are concerned about how we process your personal information, please contact us in the first instance.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Website: https://ico.org.uk
16. Emergency Situations
Website forms, online submissions and email communications are not monitored continuously and should not be used to report emergencies or urgent mental health concerns.
If you or another person is at immediate risk of harm:
• Call 999
• Attend your nearest Accident and Emergency Department
• Contact your local NHS Crisis Team
• Contact NHS 111 and select the mental health option where available
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
Any updates will be published on this page and will take effect immediately upon publication.
18. Contact Us
If you have any questions regarding this Privacy Policy or your personal information, please contact:
The Therapy Company (UK) Ltd