Your privacy is important. Richmond Psychotherapy takes the collection and usage of personal data seriously. This notice is intended to outline the data that is collected when using this website and when making contact with Richmond Psychotherapy.

Please read this notice carefully and please contact Richmond Psychotherapy by email, telephone or post if you have any concerns or questions about our privacy practices.


Who we are?

The Data Controller and owner is:

Stuart Lee at Richmond Psychotherapy, 164 Sheen Road, Richmond, Surrey, TW9 1XD

Telephone: 020 8408 2827



What information do we collect?

  • Among the types of persona data that this website collects automatically, by itself or through third parties, are: Cookies and Usage Data.
  • When contacting Richmond Psychotherapy via email, your email address will be collected electronically.
  • When entering into a therapeutic relationship with Richmond Psychotherapy, the following Personal Data will be collected: Full name, Gender, Marital Status, Birth Date, Home Address, Home and Mobile Telephone Numbers and Email Address. This information will be taken at the preliminary consultation or first session when you will be asked to complete a paper registration form. A paper record of sessions attended, invoicing and payment is also kept.


How do we use personal information?

  • This website uses Cookies (tiny files downloaded to your computer) to improve your experience while using the website. Cookies help provide a consistent experience while using the website and track how long you use the website and which pages you view. This provides Richmond Psychotherapy with anonymous Usage Data to help monitor and audit the web experience.
  • When you email Richmond Psychotherapy, your email address will be available to Richmond Psychotherapy. The email address will be used to respond to your enquiry.
  • When entering into a therapeutic relationship with Richmond Psychotherapy, certain information is necessary for the exercise of the work we have contracted to do and the Duty of Care that Richmond Psychotherapy has towards patients. This will be collected on the Registration Form.


What legal basis do we have for processing your personal data?

Richmond Psychotherapy claims that there are relevant conditions for processing the personal data outlined above. These are:

  • Accessing the website, initiating email contact or attending a preliminary consultation or first session is understood as consent to process the data required for such an action.
  • Information collected on the Registration Form is the beginning of the therapeutic contract of work and is considered consent to proceed with the work.
  • The collection of the information on the Registration Form enables Richmond Psychotherapy to exercise an appropriate Duty of Care towards patients and is therefore considered to be a ‘legitimate interest’.

Consent to hold the above information may be withdrawn at any time with an email or other written request. As this may affect the ability of Richmond Psychotherapy to provide psychotherapeutic services, this should be discussed with your psychotherapist first.


When do we share personal data?

All data is treated confidentially and there are only very limited circumstances under which any of your personal data would be shared. In general, this would be discussed with you before any data is shared.

  • Your name and telephone number are held by two colleague psychotherapists (‘clinical executors’) from the commencement of your work with Richmond Psychotherapy. These details are held by them on paper, in a locked metal cabinet. If your psychotherapist were to fall ill, become unavailable or uncontactable the clinical executors would contact you to let you know and offer you an opportunity to speak about what has happened. The clinical professionals with whom this information is shared are bound by their own codes of ethics and privacy procedures.


Where do we store and process personal data?

  • All data is stored in the UK.
  • Data recorded on paper is kept in a locked metal box at the data controller’s premises indicated at the beginning of this document.
  • Emails are kept on an encrypted web-server to which only the data controller has password-protected access.
  • The clinical executors keep their paper record of names and telephone numbers in a locked metal cabinet.


How do we secure personal data?

Richmond Psychotherapy takes seriously the need to keep data secure and protect your personal information.

  • To protect against accidental loss or disclosure, paper data is stored in a locked metal box and never removed from the data controller’s premises or accessed in the presence of other people. No-one, apart from the data controller, has access to the paper records.
  • Emails, which are kept on an encrypted web-server to which only the data controller has password-protected access, are deleted once a particular exchange has been completed.
  • Paper data held by clinical executors is kept in locked metal cabinets and is accessed by no-one but them.
  • Richmond Psychotherapy undertakes regular privacy impact assessments in the light of changing data protection regulations and following advice from the United Kingdom Council for Psychotherapy and Balens Insurance.


How long do we keep your personal data for?

  • Emails are deleted at the end of a particular exchange.
  • Paper records held at the data controller’s premises are kept for 7 years as required by Balens Insurance. At the end of this period they will be shredded.
  • Data held by clinical executors is destroyed when your therapy has come to an end.


Your rights in relation to personal data

Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.