Each website you visit can send its own cookie to your browser if your browser’s preferences allow it. To protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.
You may restrict or block the cookies which are set by our website, or any other website, through your browser settings. You can also ask your browser to alert you when a cookie is issued.
For more information about cookies and how to manage them is available at www.aboutcookies.org
We use Google Analytics to understand how visitors engage with our website. It collects information anonymously and reports website trends without identifying individual visitors. For more information visit Google Analytics privacy and security information.
The UK Council for Psychotherapy (UKCP) is the leading organisation for the education, training, accreditation and regulation of psychotherapists and psychotherapeutic counsellors in the UK. We exist to promote and maintain high standards of the practice of psychotherapy and psychotherapeutic counselling for the benefit of the public throughout the United Kingdom. UKCP is a charity registered in England and Wales (charity no. 1058545, company no. 3258939).
UKCP is registered as a data controller with the Information Commissioner’s Office (ICO). Registration number Z500659X.
If you have any questions regarding this policy, please contact our Data Protection Lead, using the following details:
Data Protection Lead
UK Council for Psychotherapy (UKCP) America House, 2 America Square, London, EC3N 2LU
UKCP is a membership organisation, a professional association and a regulator and we only collect the personal data required to carry out these functions
This policy applies to information we collect about:
When someone visits our website, we collect standard internet log information and details of visitor behaviour patterns, we do this to find out things such as the number of visitors to the various parts of our site. We collect this information in a way that does not identify anyone. The exception to this is logging into the member’s area, where there is a need to identify our members.
We may use your personal information to monitor and improve our website. By using our website, you agree to the collection and use of information in accordance with this policy.
The UKCP website comprises http://www.psychotherapy.org.uk and any other subdomains required for delivery of additional content or services to members. These subdomains include, but are not limited to, http://www.ukcp.org.uk and https://psychotherapy.force.com, the latter of which provides access to the UKCP National Register, the List of Trainee Therapists and the Member Area of the website.
While using our website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Any personally identifiable information may include but is not limited to your name and internet protocol (IP) address. This can be when you are booking something or submitting an enquiry through our website for example.
Search queries and results are logged anonymously to help us improve our website and search functionality, no user-specific data is collected by either UKCP or any other third party.
People who use UKCP online services
UKCP offer various services to its members, volunteers and the public, including:
Most of the services we provide are run in their entirety by UKCP. Exceptions would be surveys or bookings which may partly be hosted with third parties for example, Eventbrite or Survey Monkey.
Where possible, we do not request personal identifiable information unless it is necessary for the functionality of the service being provided. We will not request more information than necessary to supply the service. We will only use details to provide the service the person has requested and for other closely related purposes. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.
When financial transactions take place online, personal details such as name and address are stored on the UKCP servers. Where a third-party processor has been used, we will have agreements with them to protect your information so that it is stored securely and in line with GDPR.
For events we sometimes use speakers’ names and photos to promote events – this is usually done with their approval but on occasions we take information from their website and use that. If this happens then we contact the speakers prior to using the information and inform them of this. This information is kept afterwards for reference only to evaluate the effectiveness of different promotional tools.
When we receive a call from or about a UKCP member, we may record the details of the call in the ‘activity history’ section of the member’s database record, to allow us to administer your membership.
We also store phone numbers and timings of the call. On occasion we may record phone calls for training or monitoring purposes; if we do this we will tell you before the call is recorded.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Your emails will be stored by the relevant departments in accordance to the UKCP retention policy. When we receive an email from or about a UKCP member, we may record the details of the email in the ‘activity history’ section of the member’s database record”, to allow us to administer your membership.
We may use your personal information to contact you with newsletters, marketing or promotional material.
We may also gather content in the form of film, photography and case study stories for use in our PR and marketing activity. Our process for this involves informed consent. At events we put up a notice informing people of our activities, with a contact person for people to make themselves known to crew if they do not wish to be filmed.
If we are gathering case studies, we discuss the potential use of those case studies, images etc. in terms of where and how the case studies and images may be used.
We have different levels of consent, will usually require a consent form to be signed and the terms and conditions of the image use to be agreed.
The form we use has contact details on it, so if someone prefers for their image not to be used within the two-year time frame stated, or if they wish to ‘disappear’, we can delete the image from our library.
All complaints about UKCP are treated seriously and we will only use the personal information we collect to process the complaint and to check on the level of service we provide.
UKCP has a strict complaints and conduct process. In order to process a complaint, it is necessary to obtain certain details, which will usually include some personal information. This may include special categories of personal data such as health information. We need to process this information as part of our regulatory role and may need to keep and use the information even if the complaint is subsequently withdrawn, for example, if UKCP considers an investigation is necessary as part of its role in protecting the public. We usually have to disclose the complainant’s identity to the members concerned. However, there are occasions when we can take anonymous complaints. We will always notify the complainant of our intention to disclose their identity to the member. If they object, we will consider whether we may need to disclose the information in any event, in fairness to the member being investigated. We will keep personal information in a safe place and access is restricted according to the ‘need to know principle’.
We never publish the names of complainants but we do publish certain details of members in accordance to our Publication of Decisions policy if a complaint has been upheld. Members are aware before registration that they are subject to our complaints and conduct process, and its related policies.
To avoid duplicate complaints being made to different regulatory bodies, we may also provide information about complaints including but not limited to the British Association of Counselling and Psychotherapy (BACP) and the British Psychoanalytic Council (BPC). A link to our Hearings and Decisions page is sent to the other bodies, this page details the name of the registrant and the Adjudication Panel’s decision. The decision paper is written in accordance with our Publication of Decisions Policy. On occasion the other bodies may request further information, and this will be shared provided the request is in relation to their regulatory function.
As part of the membership process we ask all of our members to provide certain types of information so that we are able to process their application and create a record on our database. This includes:
As part of the membership process we send out annual membership renewal notices. For us to process a member’s renewal, we process bank details. These are shared with a third-party to process the card payments and direct debit payments we receive from our members.
We may also use your information to contact your organisational member to confirm that you are still a member and if the contact details we have for you are still correct.
As our function as a regulator we have a duty to ensure that our registrants aremeeting our standards. We conduct an annual audit of a random 3% selection of our full clinical members. We ask our registrants to provide the following information:
This information is processed in accordance with our Registrant Sample Audit policy. The results are recorded on the registrant’s record on our database and any hard copy or electronic copy is destroyed within one year of the audit report completion.
We collect this data and run these processes in order to carry out our membership and regulatory functions
We may use the personal information we collect from you in any of the following ways:
For any of our organisational members we list the organisation’s name and contact details on our website. This information is obtained when an organisation makes an application and is updated via the five yearly reviews. The information is also updated when an organisational member informs us of a change. This information is used for the purposes of:
Please see our separate HR privacy notice and the employee handbook, or you can request a copy by emailing firstname.lastname@example.org.
When individuals take up a position at UKCP, we will only use the information they supply to us to process their appointment.
Personal information about unsuccessful candidates will be held for 6-12 months after the appointments process has been completed. It will then be destroyed or deleted. We may use information about candidates to help inform our future recruitment activities.
We may collect, store, and use the following categories of personal information:
We share bank details, pension information and HMRC information with a third party who processes salary payments and expenses.
We may also collect, store and use the following 'special categories' of more sensitive personal information:
Note that in some cases we may process “special categories” of personal data, and information about criminal convictions and offences. For example:
The Equality Act 2010 says public authorities must comply with the public sector equality duty. This extends to organisations that carry out public functions, which includes UKCP – as a charity and a regulator that works in the public interest.
The duty aims to make sure such organisations think about things such as discrimination and the needs of people who are disadvantaged or suffer inequality, when they make decisions about how they provide their services and implement policies.
We take particular care of this information, using appropriate security measures, including limiting who has access to such information and always working to a 'need to know' principle.
UKCP will only process your personal data in accordance with one of the conditions for lawful processing set out in the GDPR. The main ways in which we process data are as follows:
Consent – When new members register with UKCP, they are asked if they would like to receive information about courses, events, publications and other goods and services offered by UKCP, its member organisations, and other professional and commercial organisations. You can withdraw your consent at any time by updating your mailing preferences in the member area.
Contract – In order to perform our obligations to our members, we need to process their personal data (for example, information about their qualifications to check they are eligible for membership or notifying them of an upcoming Chair election). Similarly, where members of the public sign up to paid events, we need to process their personal details in order to administer the booking.
Legitimate interests – Where it is necessary to process personal data for our purposes as an organisation (our “legitimate interests”), we may do so provided that this does not override the rights and freedoms of the person whose data we are processing. UKCP exercises some functions where it is necessary to process personal data (including that of non-members) for the performance its regulatory and public protection functions (such as the processing of complaints). In these cases, UKCP may rely on its legitimate interests as a body set out to promote and maintain high standards in the profession. In some cases, there will be some prejudice to the rights and freedoms of members who are subject to complaints, as they may be subject to an adverse decision. However, any such prejudice will be outweighed by UKCP’s legitimate interests in maintaining high standards in the profession and protection of the public
Where it is necessary to use personal data to provide services (see People who use UKCP online services) and explicit consent has not been provided, we will rely on our legitimate interests in providing the services to further our organisation’s aims, provided they are not outweighed by the rights and freedoms of those using the services.
In some cases, we may send information about courses or events we think individuals may be interested in. This is in our legitimate interest because it is promoting our charitable objects, by promoting the profession, and is normally unlikely to cause any prejudice to those receiving the materials. However, it is always possible to change your preferences about receiving these materials by contacting us using the details above and/or updating them via the Members’ Area
UKCP may occasionally transfer your personal data outside of the EEA. For example, the information contained on our cloud-based servers is backed up and this back up information is held outside the EEA. We also use some service providers (for example, to produce surveys or invitations to events) who are based outside of the EEA. This can involve the transfer of personal data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Information about how long we keep the personal data of members is set out in our retention policy, available on request by contacting us.
For non-members, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. You can read our Document Retention Policy here, it outlines the duration in which we keep data relating to complaint work.
In addition to bodies mentioned in this policy, we may occasionally need to transfer personal data to other organisations, including but not limited to:
We will ensure we have a legal basis for any such transfers before doing so.
We will respect your confidentiality and will keep the information about you confidential. We store it securely and control who has access to it.
We will only share such information as necessary, and where we are satisfied that a third party is entitled to receive it and they will keep your information confidential and secure.
The security of your Personal Information is important to us but remember that no method of transmission over the internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
If you transfer to another website from a link within the UKCP website, this privacy notice does not apply. We recommend you examine all privacy statements for all third-party websites to understand their privacy procedures.
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to this privacy notice
We aim to keep this notice under review to reflect changes to law or practice.
Document Created June 2018
Updated: July 2023