Legal

Privacy Policy

How Richard Lee Therapy collects, uses, and protects your personal information. Last updated: June 2025.

1. Introduction

Richard Lee Therapy ("we", "our", "us") is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our website (richardleetherapy.co.uk) or engage with our therapy services.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the British Association for Counselling and Psychotherapy (BACP) Ethical Framework. As a BACP accredited therapist, I take your confidentiality and data rights seriously.

Data Controller: Richard Lee, 19 Nassau Street, Fitzrovia, London W1W 7AF. For data protection queries, email [email protected].

2. What Information We Collect

We may collect and process the following categories of personal data:

  • Identity & Contact Data: Your name, email address, phone number, and postal address when you complete our contact form, book a consultation, or become a client.
  • Health & Therapy Data: Information you share during therapy sessions, including mental health history, personal circumstances, and treatment records. This is special category data under GDPR and receives enhanced protection.
  • Website Usage Data: Technical information including your IP address, browser type, pages visited, and how you interact with our website, collected via cookies and analytics.
  • Communication Data: Records of emails, phone calls, and contact form submissions between you and Richard Lee Therapy.

3. How We Use Your Information

We process your data on the following lawful bases:

Purpose Lawful Basis
Responding to enquiries and booking consultations Legitimate interest / Pre-contractual steps
Providing therapy services and maintaining clinical records Contract performance / Explicit consent (health data)
Sending appointment reminders and invoices Contract performance
Improving our website and understanding usage Consent (cookies) / Legitimate interest

4. Confidentiality & Therapy Records

As a BACP accredited therapist, confidentiality is at the core of our work. Your therapy sessions and personal disclosures are treated with the strictest confidence. Clinical notes are stored securely and used solely to support your therapeutic journey.

Important: The only exceptions to confidentiality are where there is a serious risk of harm to yourself or others, or where we are legally required to disclose information (e.g., court order, safeguarding concerns, prevention of terrorism). Wherever possible, we would discuss this with you first.

5. Data Retention

We retain your personal data only for as long as necessary:

Clinical records: 7 years after your last session (in line with insurance requirements and BACP guidelines).
Enquiry data (non-clients): 12 months from last contact.
Website analytics: 26 months (Google Analytics default).

6. Cookies

Our website uses minimal cookies to function properly and understand how visitors use our site. We do not use advertising or tracking cookies.

  • Essential cookies: Required for the website to function (e.g., form submissions, navigation).
  • Analytics cookies: We use Google Analytics to understand site usage. IP addresses are anonymised.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of the data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete data.

Right to Erasure

Request deletion of your data (subject to legal retention requirements).

Right to Object

Object to processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Restrict Processing

Limit how we use your data while a concern is investigated.

To exercise any of these rights, email [email protected]. We'll respond within one month. You also have the right to complain to the Information Commissioner's Office (ICO).

8. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction:

All electronic records are password-protected and stored on encrypted devices.
Our website uses HTTPS/SSL encryption for all data transmission.
Physical records (if any) are stored in a locked filing cabinet in a secure location.
Email communication is transmitted via secure servers, though we advise against sharing sensitive clinical information by email.

9. Third-Party Services

We use the following third-party services who may process limited personal data on our behalf:

Service Purpose
Landingsite.ai Website hosting and contact form processing
Google Analytics Anonymous website usage analytics (IP anonymised)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

10. Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available on this page, and we'll note the date of the most recent update at the top. Significant changes will be communicated to active clients directly.

Questions About Your Data?

If you have any questions about this privacy policy or how your data is handled, please get in touch.

Email Us Contact Page