Privacy Policy

Effective Date: 28th April 2025

The Tunbridge Wells Psychologist (A trading name of Thriving Minds Collective Ltd, Company No. 16358249)

1. Introduction

This policy explains how we, Thriving Minds Collective Ltd (trading as The Tunbridge Wells Psychologist), collect, use, and protect your personal information in the course of providing psychological therapy services.

We aim to keep this policy clear, accessible, and legally compliant while ensuring you understand how your personal data is handled.

2. Who is the Data Controller?

Thriving Minds Collective Ltd (trading as The Tunbridge Wells Psychologist, Company No. 16358249) is the data controller for the services provided through the clinic. Dr Rachel Whatmough, Director, is responsible for overseeing data protection compliance.

The Tunbridge Wells Psychologist (TWP) operates an associate model, where each therapist is an independent practitioner and sole trader.

When you engage with an associate therapist, your therapist — not Thriving Minds Collective Ltd or TWP — is the data controller for your personal data. Each therapist is individually responsible for the data they collect and process and is separately registered with the Information Commissioner's Office (ICO).

Thriving Minds Collective Ltd provides administrative and practice management support but does not act as the central data controller for the clinical services delivered by associate therapists. Clinical records created and maintained by associate therapists are their own professional responsibility.

Shared Access to Client Records

• All therapists securely store client information in Halaxy, a GDPR-compliant practice management system used for session notes, appointment scheduling, and record-keeping.

• While individual therapists cannot access each other's client records, the practice owner (Dr Rachel Whatmough) has limited administrative access to client records, used only for essential security and operational purposes.

Alternative Practice Management Systems

• Some therapists may use additional systems, such as Heidi Health. If a therapist chooses to use an alternative system:

  • They will inform you and seek your consent before storing your data there.

  • They are responsible for ensuring the system complies with UK GDPR and confidentiality regulations.

If you have questions about how your personal data is stored, please contact your therapist directly. If you're unsure how to reach them, email us at info@thetunbridgewellspsychologist.co.uk and we'll direct your request accordingly.

3. Information We Collect

We may collect and process the following types of personal data:

A. Personal Data

• Name, address, phone number, email address

• Date of birth

• GP contact details (if provided)

B. Sensitive Personal Data (Special Category Data)

• Health information relevant to therapy

• Therapy session notes and assessments

• Referral details and treatment history

Structured Data Collection & Questionnaires

As part of our assessment and therapy process, we may ask clients (or parents, if the client is a child) to complete questionnaires and forms that help us understand their experiences, difficulties, and background. These may include:

• For adults: Mood and wellbeing questionnaires.

• For children and young people: Age-appropriate questionnaires about their mood and wellbeing.

• For parents of child clients: Questionnaires about their child’s emotional, behavioural, and developmental history.

• Background information relevant to the presenting problem, such as family relationships, early childhood development, education, and family history.

• Details about the mental and physical health of family members, including previous mental health support (e.g., from GPs, counsellors, or hospitals) and any relevant medications.

We collect this data only with explicit consent and store it securely within Halaxy or another GDPR-compliant system used by your therapist.

C. Website, Analytics & Payment Data

• Website Enquiry Forms: If you complete a web-based enquiry form, we may collect your name, email, and any information you provide.

• Payments: Payment for therapy sessions is typically made via online bank transfer directly to your therapist or to Thriving Minds Collective Ltd. Some therapists or services may also offer the option to pay by card through a secure third-party payment processor (e.g., Stripe). We do not store your debit or credit card details.

  All online transactions are processed securely by the third-party provider, and your card information is handled according to their data security standards.

• Website Analytics: We use Google Analytics and Squarespace analytics to monitor website traffic; this data is anonymised and does not track identifiable users.

Independent Therapists and Data Responsibility

Some therapists delivering services through The Tunbridge Wells Psychologist operate as independent sole traders. These therapists are individually responsible for ensuring the security and confidentiality of client information they manage, in compliance with GDPR.

4. Lawful Basis for Processing Your Data

Under UK GDPR, we must have a lawful basis to process your personal data. The lawful bases relevant to our work include:

• Consent: When you provide consent for us to process your data for therapy.

• Contractual Necessity: Processing your data to provide therapy services.

• Legal Obligation: When required by law (e.g., safeguarding concerns).

• Legitimate Interests: Processing necessary to manage the practice and ensure high-quality services.

5. How We Use Your Information

We use your data to:

• Provide therapy and maintain appropriate clinical records.

• Manage appointments and communicate with you.

• Where relevant, process payments securely via Stripe.

• Comply with legal and ethical obligations (e.g., safeguarding concerns).

We never sell or share your data for marketing purposes without consent.

6. Data Sharing and Confidentiality

We take confidentiality seriously. However, in some cases, we may need to share information:

• With Your Consent: If you ask us to share information with another professional (e.g., GP, psychiatrist).

• Legal or Safeguarding Obligations: If there is a risk of harm to you or others, or when legally required to disclose information.

• Practice Management: Your records are stored within Halaxy, where administrative access is required for security and operational reasons.

• Client Referrals to Associates: If you consent to being referred to one of our associates, we will share your contact details (name, phone number, and email) with them. Additionally, we will share relevant information discussed over email, phone, and during the triage process, as well as details of any appointments booked, unless you have stated otherwise.

• Schools & Referrals: We work with schools and other educational settings to provide psychological support. If a school refers a child for therapy, we will obtain parental consent where required. Any information shared between therapists and schools will be discussed with the child and/or their parents beforehand, except in safeguarding situations. Schools do not have access to therapy session notes unless explicitly agreed upon.

• Obtaining Data from Other Agencies: With your explicit consent, we may also obtain data from other agencies involved in your or your child’s care, such as GPs, previous mental health workers, or teachers, if this is considered appropriate and useful for your treatment.

7. Data Security and Storage

We use Halaxy, a secure GDPR-compliant system, to store client records electronically. Halaxy provides:

• Encrypted storage of clinical records.

• Role-based access (your therapist controls access to your data).

• Secure communication channels for appointment management.

We also use Google Workspace (Gmail) for professional communication. While we take all reasonable steps to secure emails, clients should be aware that email is not a fully secure method of communication for sensitive information.

Data Retention

Therapy records are retained for 7 years after the last session for adults and until age 25 (or 7 years after therapy ends) for children, whichever is longer. After this period, records are securely deleted.

Online Therapy Platforms

We offer online therapy using Zoom or Microsoft Teams, depending on the therapist. Both platforms provide encrypted communication and comply with GDPR standards for secure video conferencing.

• Therapists do not record sessions and ensure they are conducted in a private and secure setting.

• You can review Zoom’s privacy policy here: Zoom Privacy Statement

• You can review Microsoft Teams' privacy policy here: Microsoft Privacy Statement

8. Cookies and Website Tracking

Our website uses cookies to enhance user experience, analyse website traffic, and support marketing efforts. By using our website, you consent to the use of cookies as outlined in this policy.

Types of Cookies We Use

• Essential Cookies: Required for website functionality and security.

• Analytics Cookies: We use Google Analytics and Squarespace analytics to track how visitors use our site. These help us improve functionality and user experience. Data collected is anonymised where possible.

• Marketing & Tracking Cookies: We use tracking cookies for advertising and marketing purposes, including Google Ads and social media advertising pixels. These cookies help us measure the effectiveness of our campaigns and serve relevant ads to users.

Managing Your Cookie Preferences

• When you first visit our website, you will be asked to accept or decline cookies.

• You can change your cookie preferences at any time via your browser settings.

• You can opt-out of targeted advertising cookies through third-party opt-out tools, such as Google’s Ad Settings and the Network Advertising Initiative.

Please note that restricting cookies may affect website functionality.

Your web browser allows you to delete or restrict cookies at any time. However, some website features may not function properly if cookies are disabled.

9. Third-Party Websites, Plug-Ins, and Services

Our website may contain links to third-party websites, plug-ins, and services (e.g., social media login plug-ins). If you choose to use these, you may disclose your information to those third parties. Please note:

• Responsibility: We are not responsible for the content or practices of these third parties.

• Third-Party Privacy Policies: The collection, use, and disclosure of your personal data by these third parties are governed by their respective privacy policies, not ours. We recommend reviewing their privacy and security policies before engaging with them.

10. Use by Children

Our website and online services are not specifically targeted at individuals under the age of 16, and we do not knowingly collect personal data from children through the website without parental consent. However, we do provide therapy to children and young people, with appropriate consent from a parent or legal guardian where required.

Minors must obtain express consent from a parent or legal guardian before providing any personal data through our website or engaging in therapy where parental consent is legally required. If we become aware that a child under 16 has provided personal data through our website without parental consent, we will delete that information promptly.

11. Contact Us

If you have any concerns or questions about this Privacy Policy, you can contact us:

• Email: info@thetunbridgewellspsychologist.co.uk

• Phone: 01892 710222

If you are unhappy with how we process your data, you also have the right to complain to the ICO (www.ico.org.uk).

12. Changes to This Policy

We may update this policy periodically. The latest version will always be available on our website. This version was updated 28th April 2025.