The Eaves Counselling and Psychology Ltd are committed to protecting your privacy and ensuring that your personal data is handled safely, securely, and transparently. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with us or use our website www.theeaves.org.uk.
For the purposes of the UK General Data Protection Regulation (UK GDPR), The Eaves Counselling and Psychology Ltd are the Data Controller.
If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details below.
The Eaves Counselling and Psychology Ltd
Email: info@theeaves.org.uk
Address:
2 Maritime Home
The Hart
Farnham
Surrey
GU9 7HW
We aim to keep your personal data accurate and up to date. Please let us know if any of your details change.
This Privacy Policy explains:
– What personal data we collect
– Why we collect it
– The lawful bases we rely on
– How we store and protect your data
– Your rights under data protection law
This Privacy Policy should be read alongside our Cookie Policy.
By providing your personal data to us, you confirm that you are 13 years of age or older.
We only collect personal data that is necessary for the purpose for which it is provided.
a) Enquiry Data
This includes information you provide when contacting us (for example via email or website forms). Purpose: To respond to your enquiry and communicate with you. Lawful basis: Legitimate interests
b) Client and Service Data
This includes personal information required to provide counselling, psychotherapy, or psychological services. Purpose: To deliver services, manage appointments, and meet professional obligations. Lawful basis: Performance of a contract and provision of health or social care
c) Special Category (Health) Data
As a counselling and psychology practice, we process special category data, including information about your mental and emotional health. Purpose: To provide therapeutic services safely and appropriately. Lawful basis: Explicit consent, and/or – Provision of health or social care under UK GDPR Article 9(2)(h)
Access to this data is strictly limited to authorised professionals and is handled in accordance with professional confidentiality and ethical standards.
d) User-Generated Data
This includes content you voluntarily submit to our website (such as blog comments or reviews). Purpose: To operate and manage our website. Lawful basis: Legitimate interests
e) Technical Data (Including IP Addresses)
We may collect IP addresses and related technical data. Purpose: Website security, fraud prevention, and protection against malicious activity. Lawful basis: Legitimate interests
We may process personal data without your knowledge or consent where required or permitted by law.
We may also collect anonymised, non-personal data such as: Preference data to ensure the website functions correctly – Statistical data to understand website usage and improve our services.
This data cannot be used to identify you.
We aim to ensure that any marketing communications we send are relevant and proportionate.
Email Marketing
We may send you marketing communications if: You have made an enquiry about our services, but only if you have explicitly opted in to receive marketing communications
Every marketing email includes an option to opt out at any time.
Where required by law, we rely on your consent. In other cases, we rely on legitimate interests to grow our business. We do not use confidential therapy or health information for marketing purposes.
Display Advertising
We may use limited data to deliver relevant advertisements (for example via Meta platforms) and to measure advertising effectiveness. – Lawful basis: Legitimate interests
6. Sharing Your Data with Third Parties
We may share your personal data with trusted third parties where necessary, including:
– Affiliate practitioners (counsellors, psychotherapists, psychologists) working with The Eaves
– Confidential service providers (such as secure IT systems, practice management software, or payment processors)
– Professional advisers (lawyers, accountants, auditors, insurers)
– Government or regulatory bodies where legally required.
All third parties are required to respect the security and confidentiality of your personal data and to process it in accordance with data protection law.
7. Data Retention
We retain personal data only for as long as necessary:
– Enquiry data is retained for a 30-day period for administrative purposes
– Client records are retained in line with professional, ethical, and legal requirements
– Financial records are retained for statutory periods
– Marketing data is retained until you withdraw consent or opt out.
8. Your Data Protection Rights
Under UK GDPR, you have the right to:
– Access your personal data
– Request correction of inaccurate data
– Request erasure of your data
– Restrict processing of your data
– Object to processing
– Request data portability
– Withdraw consent at any time (where consent is the lawful basis)
To exercise any of these rights, please contact us using the details above.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.
9. Cookies
Please see our Cookie Policy for details about how we use cookies and how you can control them.
10. Updates to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on our website and will take effect immediately upon posting.
If you have any questions about this Privacy Policy or how your personal data is handled, please contact us at info@theeaves.org.uk.