Data and Privacy

Man attentively discussing with colleagues in a meeting.

Privacy

Privacy Notice


Your privacy is important to me. I am committed to protecting your personal information and handling it lawfully, fairly and transparently. This privacy notice explains how I collect, use and store your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and professional ethical standards.


Who I am


I am Rachael Todd, a sole trader operating as Room2Think. I am the data controller responsible for your personal information.


Contact details:

Email: help@room2think.co.uk

Phone: 0208 191 3690

Address: Jasmin Court, Woodyates Road, London, SE12 9HP

ICO Registration Number: [pending]


What information I collect


Depending on your interaction with me, I may collect and process the following personal data:


Your name and contact details (email address, phone number, address)

Basic personal information (such as date of birth and GP details where relevant)

Information you share during therapy, including sensitive “special category” data (e.g. mental health information)

Records of sessions and brief clinical notes

Payment and administrative records

Website usage data (such as IP address, browser type, and analytics data, where applicable)


How I use your information


Initial contact


If you contact me with an enquiry, I use your information to respond and provide details about my services. If you do not proceed, your data will be deleted within one month unless you request otherwise.


During therapy


If you engage in therapy, I use your information to:


Provide counselling services

Maintain appropriate clinical records

Manage appointments and communication

All information shared in therapy is treated as confidential. Confidentiality may only be broken where required by law or where there is a risk of serious harm to you or others, in line with professional obligations.


After therapy ends


I retain your records for seven years after the end of therapy, after which they are securely deleted or destroyed.


Lawful basis for processing


Under UK GDPR, I rely on the following lawful bases:


Article 6(1)(b) – Contract: processing necessary to provide therapy services

Article 6(1)(f) – Legitimate interests: maintaining records and running my practice safely and effectively

Article 6(1)(c) – Legal obligation: where disclosure is required by law

For special category data (e.g. health information), I rely on:


Article 9(2)(h): processing necessary for the provision of health or social care

Article 9(2)(f): processing necessary for the establishment, exercise or defence of legal claims (where applicable)



Data storage and security


I take appropriate technical and organisational measures to protect your data, including:


Password-protected and encrypted devices

Secure storage of paper records

Restricted access (only I have access to your data)



Sharing your information


I do not share your personal data with third parties unless:


Required by law

Necessary to prevent serious harm to you or others

You have given explicit consent

It is necessary for essential service providers (e.g. secure email, IT systems, accounting services)

All third-party providers are carefully selected and are required to comply with data protection law. They act as data processors and only process your data on my instructions.


International data transfers


I do not routinely transfer your data outside the UK.

If I use service providers based outside the UK, I ensure appropriate safeguards are in place (such as UK adequacy regulations or standard contractual clauses).


Website use and cookies


When you visit my website, limited data may be collected automatically (such as IP address and browsing behaviour) to help improve the site.


Where cookies are used:


Essential cookies enable the website to function

Non-essential cookies (e.g. analytics) will only be used with your consent

If you submit a contact form, your information is transmitted securely and retained only as necessary.


Your rights


Under data protection law, you have the right to:


Access the personal data I hold about you

Request correction of inaccurate or incomplete data

Request erasure of your data (where applicable)

Restrict or object to processing

Request data portability

To exercise your rights, contact me using the details above.


You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office.


Data retention


Enquiry data: up to one month if no contract is formed

Therapy records: seven years after the end of therapy

Financial records: six years (HMRC requirement)



Changes to this privacy notice


I may update this privacy notice from time to time. The most current version will always be available on my website.





Privacy Policy

  • Privacy Policy

Room2Think

Copyright © 2026 Room2Think - All Rights Reserved.

Powered by GoDaddy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept