Privacy Policy


1. Introduction

North Downs Therapy receives your information through various methods. We hold your information, and therefore we are committed to keeping it safe and secure.

New regulations have come into force recently which requires us to explain why we need your data, what we do with it, how we store it and who we may share it with.

Being an open and transparent company, we have set out the following document in the hope that you are able to fully understand exactly what we do (and do not do!) with your information.

Should you still have a niggling query, please feel free to get in touch and we shall be happy to explain further.

2. What is the GDPR?

There is no doubt that you will now be familiar with the term ‘GDPR’ after receiving lots of emails about it from various companies between April and May 2018, but a lot of people still do not fully understand what it means.

GDPR stands for The General Data Protection Regulations and it came into force on 25th May 2018. It replaces the Data Protection Act 1998 and means that companies based in the EEA (European Economic Area) are subject to stricter rules about how your personal data is stored and processed. It gives you more control over your personal information, what companies do with it, how they manage it, and how you access it.

When the UK leaves the EEA, these rules will still apply. It also applies to any company outside of the EEA who has dealings with individuals inside the EEA.

For example, if you, (an individual in the EEA) buy a product from a company in China, that Chinese company must comply with GDPR Regulations.

3. What are the legal bases for data collection?

Any individuals’ data which is collected and processed by a company now must fall within one of six ‘legal bases’ (or categories if you prefer).

North Downs Therapy uses these bases:-

Contractual Obligations

Legal Compliance

Legitimate Interest


– Contractual Obligations

Processing is necessary for the performance of a contract with a client or to take steps to enter into a contract.

The data collected for the purposes of a contract will include:


Contact number

Email Address

Home Address

(Home address is also needed for ‘Legal Compliance’ – see below.)

– Legal Compliance

Processing is necessary for compliance with legal obligations.

– Legitimate Interest

We may collect and process personal information and data for our own legitimate interests, in ways which are reasonably expected and assist us in the running of our business.

– Consent

We may collect and process personal information if you give us permission to.

4. What personal data does North Downs Therapy collect and process?

Personal Data Collected will include:

Name, date of birth, address, contact number, email address, next of kin details and doctors’ details.

In addition to the above, there may be reason to collect what is known as ‘sensitive data’, which includes: race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health condition, sex life and criminality, alleged or proven.

How we use that Data Legally.

When booking directly, or via our website we collect the following: -

Your name

Your address

Email address

We use this information to complete your booking with us.

Legitimate Interest

When you complete our contact us form, we use these details to ensure we have correct details of who is applying for the counselling service and who the service is taken up by, for ongoing treatment.


We will ask for your specific consent for collecting data when services are engaged with North Downs Therapy by way of a Confidentiality and Data Protection Agreement which will require your dated name and signature.

When you visit our website, we monitor information such as:

Your location

The pages visited

Time of visit, and time spent on each page of our website

This data is anonymous, and we do not collect your personal details. This is monitored to make relevant improvements to our website.

5. How does North Downs Therapy store your data?

We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy and GDPR Regulations.

All information you provide to us is stored on secure systems, protected by numerous levels of password protection and encryption.

Once North Downs Therapy has received your information, we use strict procedures and security features to prevent any unauthorized access.

All data stored is backed up on a password protected cloud-based server.

6. How long do we keep your data?

When we collect or process your personal data we will only keep it for the duration of your treatment and for a period of one month after your treatment has ended. Your details will then be shredded. Session notes which are only identified by an Initial and company coding, will be kept for a period of 6 years, which is for legal purposes.

Online Enquiries.

When you make an enquiry through our website, we will keep any personal data you provide us whilst we deal with the enquiry. Once the enquiry has been dealt with, all personal information will be deleted if you do not take up services with North Downs Therapy.

7. Who do we share your data with?

Your data will not be shared with any other agency. Exceptions to this are if you or others are at risk or if a court subpoenas notes.

8. Your Rights

Under the new guidelines, you have the right to request a copy of any information North Downs Therapy currently holds about you, at any time and also to have that information corrected if it is inaccurate. To ask for your information please contact Data Protection,

North Downs Therapy, The Barn, Court Lodge Farm, Boxley, Maidstone, ME14 3DX.

To ask for your information to be updated please contact as above.

Right to withdraw consent

Whenever you have given us consent to process your personal data, you have the right to change your mind and withdraw that consent at any time.

Where we rely on our legitimate interest

In cases where we are processing your personal data for legitimate business interests, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your data.

Any Questions

We hope that this information has answered your questions regarding Data Privacy and GDPR, but should you have any remaining questions please do not hesitate to get in touch.