Privacy Policy & Notice


Brighton Therapy Centre (BTC) understands that privacy is important to our clients, service providers, and all other stakeholders. Following the changes to EU regulations effective from 25th May 2018, we are updating our policies and procedures to develop the way in which we collect, process, store and safeguard information, classified as personal data and client records.

For further information regarding General Data Protection Regulations (GDPR) please visit below pages:

If you wish to learn more about what this means for you as our service users and public, please visit


  • Who we are:

BTC is a registered charity organisation, (Reg no: 1150032) offering a variety of talking therapy and psychoeducation, accessible to all parts of community. We are based on 23A New Road, Brighton, East Sussex, BN1 1UG. All our practitioners, director, staff and managers are aware of the privacy regulations and responsible for the safeguarding of all data collected.

Our web-site, is owned and maintained by Brighton Therapy Centre. Privacy Notice is published and made accessible to all who visit our web-site as of 25th May 2018.

Our marketing tool, Mailchimp is also managed and maintained by BTC. We respect the consent of our stakeholders and we have obtained consent from all stakeholders on our mailing list as per guidance given by GDPR.

BTC is registered and committed to Information Commissioner’s Office (ICO) and does appropriately get guidance or report to ICO where and when it is needed.


  • Data we collect and why we collect it:

As a part of our day to day activity, and to be able to offer the best service possible, we obtain, process and retain below data from our service users:

Personal Data:

Name & Surname, Date of Birth, Address, Telephone Numbers, E-mail address

GP Details


Financial Details

Current issues leading to seeking counselling services

Ethnic Origin, Gender and Sexual Orientation

Medical and Psychiatric Conditions

Therapy History

Emotional and psychological issues

Relationships: parents, siblings, children, partners

Employment Income, Household Income, Benefit Income, Savings and Investment Details if applying for a bursary.

We have to collect this data for processing to protect the vital interest of our service users, service providers and staff; and with legitimate interest to ensure we offer the best possible counselling service possible.


  • Data Retention:

All personal and confidential data is stored, maintained and retained in accordance with the principles of the Data Protection Act 1998 and the new EU regulation changes. We only keep data for as long as we need and then 7 years after last contact, in order to offer you best performance of your contract, as long as we have your consent.

Data is treated strictly confidentially and is stored within the premises of Brighton Therapy Centre.

We take diligent steps to keep your data secure: our client records are electronically stored, coded with numeric and alphabetical codes, encrypted and password protected. Relatively, our Wi-Fi access and Network Drive is password protected and not accessible to public or third parties. Our passwords are changed on a yearly basis.


  • Data sharing:

BTC will need to share data we process with appropriate practitioner to be able to offer the service users counselling services, if we have your consent to do so. Consent is obtained in writing and retained with your personal data. Age restriction for personal consent is 16 in the UK. Parental/Guardian consent will be taken if an individual is below the age of 16. Your data will always be kept strictly confidential and will not be shared with third parties.

In case of not being given consent to do so, BTC reserves the right to reject offering counselling services.

Due to the official authority vested in BTC if there is a risk of harm to one’s self or others, information regarding money laundering and terrorism, Brighton Therapy Centre is obliged to contact relevant authority (e.g. Adult Social Care, GP, etc) and share information without consent from the service user.


  • Rights of the Subject: (Clients, Practitioners, Staff, Stakeholders)

The new regulations include provisions for the following areas. Below is how Brighton Therapy Centre (BTC) will enable these provisions:

  1. The right to be informed: BTC will publish a privacy notice on the web-site, in addition to explaining transparently to all service users and providers how they use this personal data. Please see Section II.
  2. The right of access: Individuals have the right to demand details of any of their data that BTC may hold. This is called a Subject Access Request. This information must be requested in writing and provided within one month of request with no charge to the individual.
  3. The right to rectification: If a person’s data is incorrect or incomplete, they have the right to have it corrected. If BTC holds the information and has passed any of that information to third parties, BTC must inform the third party of the correction and inform the person which third parties have their personal data.
  4. The right to erasure: A person may request the removal of their personal data in specific circumstances. BTC reserves the right to reject these requests if there is lawful basis to retain this data.
  5. The right to restrict processing: Under certain circumstances, an individual can block the processing of their personal data.
  6. The right to data portability: A person can access their data for their own use anywhere they prefer.
  7. The right to object: A person can object to the use of their personal data for most purposes.
  8. The right not to be subject to automated decision-making including profiling.

There are lawful exemptions within the Act which may allow an organisation to refuse to comply with the subject access request, right to rectification and right to erasure where appropriate.


  • Data breaches and breach reporting:

GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals. Breaches that are likely to result in risk to the rights and freedoms of individuals-if for example it would result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage, any witness holds the right to report this breach to ICO. In case of high risk, individuals concerned directly must also be informed.

Brighton Therapy Centre have the right procedures in place to detect, investigate and report personal data breaches. Any type of risk identified above must be reported to the DPO immediately for an investigation. Failing to report risk will result in liability.