Skip Content

Privacy

Cookies
General privacy information
What information do we collect and what we use it for?
Lawful processing of personal data
Retention of data 
Recipients of personal data
Security
Your rights

Cookies

Like many websites, we use cookies. A cookie is a small amount of data that is sent to your computer or mobile phone browser from a website’s computer and is stored on your device’s hard drive.

Cookies record information about your online preferences. They help us understand how visitors engage with our site so that we can improve your online experience with us. We do not use cookies to collect personally identifiable information about you.

Each website you visit can send its own cookie to your browser if your browser’s preferences allow it. To protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.

How to control and delete cookies

You may restrict or block the cookies which are set by our website, or any other website, through your browser settings. You can also ask your browser to alert you when a cookie is issued.

For more information about cookies and how to manage them is available at www.aboutcookies.org

We use Google Analytics to understand how visitors engage with our website. It collects information anonymously and reports website trends without identifying individual visitors. For more information visit Google Analytics privacy and security information.

UKCP Privacy notice

General

The UK Council for Psychotherapy (UKCP) is the leading organisation for the education, training, accreditation and regulation of psychotherapists and psychotherapeutic counsellors in the UK. We exist to promote and maintain high standards of the practice of psychotherapy and psychotherapeutic counselling for the benefit of the public throughout the United Kingdom.  UKCP is a charity registered in England and Wales (charity no. 1058545, company no. 3258939).

UKCP is registered as a data controller with the Information Commissioner’s Office (ICO). Registration number Z500659X.

If you have any questions regarding this policy, please contact our Data Protection Lead, using the following details:

Data Protection Lead

UK Council for Psychotherapy (UKCP) America House, 2 America Square, London, EC3N 2LU

Email: dataprotection@ukcp.org.uk

UKCP operates https://www.psychotherapy.org.uk/ and takes privacy and confidentiality very seriously.  This policy informs you how we collect personal information. Personal information is held strictly in accordance with the Data Protection Act 2018. UKCP may at times modify, alter and update this Privacy Policy. We will notify you of any changes to this Privacy policy by posting the amended version on our website.

UKCP is a membership organisation, a professional association and a regulator and we only collect the personal data required to carry out these functions

This policy applies to information we collect about:

  • Visitors to our websites
  • People who use our services, for example to enquire about the services of our members
  • Our members (individuals and organisations)
  • Job applicants and our current and at times former employees
  • Volunteers
  • Any other information that you may choose to send to us
  • UKCP employees
  • Third party suppliers

Information we collect and what we use it for

Visitors to our websites

When someone visits our Site, we collect standard internet log information and details of visitor behaviour patterns, we do this to find out things such as the number of visitors to the various parts of our site. We collect this information in a way that does not identify anyone.  The exception to this is logging into the member’s area, where there is a need to identify our members.

We may use your personal information to monitor and improve our website site. By using our website, you agree to the collection and use of information in accordance with this policy.

The UKCP website comprises http://www.psychotherapy.org.uk and any other subdomains required for delivery of additional content or services to members. These subdomains include, but are not limited to, http://www.ukcp.org.uk and https://psychotherapy.force.com, the latter of which provides access to the UKCP National Register, the List of Trainee Therapists and the Member Area of the website.

While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Any personally identifiable information may include but is not limited to your name and IP address (“Personal Information”). This can be when you are booking something or submitting an enquiry through our website for example.

Use of cookies by UKCP

Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

Search engine

Search queries and results are logged anonymously to help us improve our website and search functionality, no user-specific data is collected by either UKCP or any other third party.

People who use UKCP online services

UKCP offer various services to its members, volunteers and the public, including:

Public

  • Find a therapist: practitioner search via the website and also via telephone enquiry
  • Public surveys
  • Public online promotions
  • Event booking
  • UKCP presence on social media platforms such as Facebook, Twitter, LinkedIn and Googleplus

Members

  • Members area of the website
  • Forum
  • Member surveys
  • Members online promotions
  • Event booking

Most of the services we provide are run in their entirety by UKCP. Exceptions would be surveys or bookings which may partly be hosted with third parties for example, EventBrite or Survey Monkey.

Where possible, we do not request personal identifiable information unless it is necessary for the functionality of the service being provided. We will not request more information than necessary to supply the service.  We will only use details to provide the service the person has requested and for other closely related purposes. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.

When financial transactions take place online, personal details such as name and address are stored on the UKCP servers. Where a third-party processor has been used, we will have agreements with them to protect your information so that it is stored securely and in line with GDPR.

Online Promotions

For events we sometimes use speakers’ names and photos to promote events – this is usually done with their approval but on occasions we take information from their website and use that. If this happens then we contact the speakers prior to using the information and inform them of this.  This information is kept afterwards for reference only to evaluate the effectiveness of different promotional tools.

People who telephone us

When we receive a call from or about a UKCP member, we may record the details of the call in the ‘activity history’ section of the member’s database record, to allow us to administer your membership.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Your emails will be stored by the relevant departments in accordance to the UKCP retention policy. When we receive an email from or about a UKCP member, we may record the details of the email in the ‘activity history’ section of the member’s database record”, to allow us to administer your membership. 

Communications

We may use your personal information to contact you with newsletters, marketing or promotional material.

We may also gather content in the form of film, photography and case study stories for use in our PR and marketing activity.  Our process for this involves informed consent. At events we put up a notice informing people of our activities, with a contact person for people to make themselves known to crew if they do not wish to be filmed.

If we are gathering case studies, we discuss the potential use of those case studies, images etc. in terms of where and how the case studies and images may be used.

We have different levels of consent, will usually require a consent form to be signed and the terms and conditions of the image use to be agreed.

The form we use has contact details on it, so if someone prefers for their image not to be used within the two-year time frame stated, or if they wish to ‘disappear’, we can delete the image from our library.

Complaints about UKCP

All complaints about UKCP are treated seriously and we will only use the personal information we collect to process the complaint and to check on the level of service we provide.

Complaints about our members

UKCP has a strict complaints and conduct process. In order to process a complaint, it is necessary to obtain certain details, which will usually include some personal information. This may include special categories of personal data such as health information. We need to process this information as part of our regulatory role and may need to keep and use the information even if the complaint is subsequently withdrawn, for example, if UKCP considers an investigation is necessary as part of its role in protecting the public. We usually have to disclose the complainant’s identity to the members concerned. However, there are occasions when we can take anonymous complaints. Usually, if we find that we can independently verify the allegations. We will always notify the complainant of our intention to disclose their identity to the member. If they object, we will consider whether we may need to disclose the information in any event, in fairness to the member being investigated. We will keep personal information in a safe place and access is restricted according to the ‘need to know principle’.

We never publish the names of complainants but we do publish certain details of members in accordance to our Publication of Decisions policy if a complaint has been upheld. Members are aware before registration that they are subject to our complaints and conduct process, and its related policies.

To avoid duplicate complaints being made to different regulatory bodies, we may also provide information about complaints including but not limited to the British Association of Counselling and Psychotherapy (BACP) and the British Psychoanalytic Council (BPC). A link to our Hearings and Decisions page is sent to the other bodies, this page details the name of the registrant and the Adjudication Panel’s decision. The decision paper is written in accordance with our Publication of Decisions Policy. On occasion the other bodies may request further information, and this will be shared provided the request is in relation to their regulatory function.

Membership information

As part of the membership process we ask all of our members to provide certain types of information so that we are able to process their application and create a record on our database. This includes:

  • Name
  • Home address (this is kept confidential and is for internal use only)
  • Work address (If applying for full clinical membership this address will be used on our ‘Find a Therapist’ tool)
  • Telephone number
  • Personal email address
  • Work email address
  • Organisational Membership details
  • Course details (For Student and Trainee membership)
  • Declaration of any criminal convictions or ongoing complaints (please see section on special category data)
  • Date of birth
  • Indemnity Insurance information
  • Gender

As part of the membership process we send out annual membership renewal notices. In order for us to process a member’s renewal, we process bank details. These are shared with a third-party to process the card payments and direct debit payments we receive from our members.

We may also use your information to contact your organisational member to confirm that you are still a member and if the contact details we have for you are still correct.

As our function as a regulator we have a duty to ensure that our registrants aremeeting our standards. We conduct an annual audit of a random 3% selection of our full clinical members. We ask our registrants to provide the following information:

  • Name
  • Organisational membership information
  • Membership number
  • Details of supervision (this includes the supervisors name, contact details and UKCP membership information)

This information is processed in accordance to our Registrant Sample Audit policy and isn’t shared with any third parties. The results are recorded on the registrant’s record on our database and any hard copy or electronic copy is destroyed after 1 year.

We collect this data and run these processes in order to carry out our membership and regulatory functions

Volunteers

We may use the personal information we collect from you in any of the following ways:

  • Process volunteer applications. Your personal information allows us to communicate with you and assess your suitability for the role
  • Administer all the aspects of your volunteering role
  • Administer your volunteer records
  • Support in your volunteering journey at UKCP and your volunteering activities for us
  • Engage better and in a more meaningful way with you
  • Match your skills, expertise or skills with various volunteering and development opportunities
  • Data analysis of volunteering involvement and engagement
  • Improvement of our volunteering services and processes. For example, we may at times provide you with feedback opportunities.

Organisational Members

For any of our organisational members we list the organisation’s name and contact details on our website. This information is obtained when an organisation makes an application and is updated via the 5 yearly reviews. The information is also updated when an organisational member informs us of a change. This information is not shared with any third parties and is used for the purposes of:

  • informing our members and the public of where to go if they want to contact them
  • contacting them regarding their 5 yearly reviews
  • contacting them regarding any membership queries

Job applicants, current / former UKCP employees, committee members and the Board of Trustees members

When individuals apply to work or take up a position at UKCP, we will only use the information they supply to us to process their application and to monitor recruitment statistics.

Personal information about unsuccessful candidates will be held for 6-12 months after the recruitment exercise has been completed. It will then be destroyed or deleted. We may use anonymised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

We share the bank details, pension information and HMRC information of all staff members with a third party who processes salary payments and expenses. We also hold the bank details of our volunteers to ensure any fees and/or expenses are paid promptly in accordance to our Expenses policy.

Special category data

Note that in some cases we may process “special categories” of personal data, and information about criminal convictions and offences. For example:

  • Information in relation to our employees (such as health data), which is necessary for the performance of our contract with them or under employment law (in the case of our volunteers, we obtain their consent to process these types of information)
  • Information in relation to our members (for example, whether they have criminal convictions) which is necessary to uphold high standards in the profession and to protect the public
  • Information provided by complainants (such as health data, sexuality), which is necessary in order to process complaints.

We take particular care of this information, using appropriate security measures, including limiting who has access to such information.

Lawful processing of personal data

UKCP will only process your personal data in accordance with one of the conditions for lawful processing set out in the GDPR.   The main ways in which we process data are as follows:

  • Processing on the basis of consent
  • Processing is necessary for the performance of a contract
  • Processing based on legitimate interests

Consent – When new members register with UKCP, they are asked if they would like to receive information about courses, events, publications and other goods and services offered by UKCP, its member organisations, and other professional and commercial organisations.  You can withdraw your consent at any time by contacting the Data Protection Lead at dataprotection@ukcp.org.uk.

Contract – In order to perform our obligations to our members, we need to process their personal data (for example, information about their qualifications to check they are eligible for membership or notifying them of an upcoming Chair election).  Similarly, where members of the public sign up to paid events, we need to process their personal details in order to administer the booking.

Legitimate interests – Where it is necessary to process personal data for our purposes as an organisation (our “legitimate interests”), we may do so provided that this does not override the rights and freedoms of the person whose data we are processing.   UKCP exercises some functions where it is necessary to process personal data (including that of non-members) for the performance its regulatory and public protection functions (such as the processing of complaints).  In these cases, UKCP may rely on its legitimate interests as a body set out to promote and maintain high standards in the profession. In some cases, there will be some prejudice to the rights and freedoms of members who are subject to complaints, as they may be subject to an adverse decision.  However, any such prejudice will be outweighed by UKCP’s legitimate interests in maintaining high standards in the profession and protection of the public

Where it is necessary to use personal data to provide services (see People who use UKCP online services) and explicit consent has not been provided, we will rely on our legitimate interests in providing the services to further our organisation’s aims, provided they are not outweighed by the rights and freedoms of those using the services.

In some cases, we may send information about courses or events we think individuals may be interested in.  This is in our legitimate interest because it is promoting our charitable objects, by promoting the profession, and is normally unlikely to cause any prejudice to those receiving the materials.  However, it is always possible to change your preferences about receiving these materials by contacting us using the details above and updating them via the Members’ Area

Transfers outside the EEA

UKCP may occasionally transfer your personal data outside of the EEA.  For example, the information contained on our servers is periodically backed up and this back up information is held outside the EEA.  We also use some service providers (for example, to produce surveys or invitations to events) who are based outside of the EEA.  This can involve the transfer of personal data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Retention of data

Information about how long we keep the personal data of members is set out in our retention policy, available on request by contacting us.

For non-members, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Recipients of personal data

In addition to bodies mentioned in this policy, we may occasionally need to transfer personal data to other organisations, including but not limited to:

  • Current, past or future employers [for example, in relation to a request for references]
  • Healthcare, social and welfare advisors or practitioners
  • Education, training and accrediting establishments and examining bodies
  • Employees and agents of the UKCP
  • Suppliers, providers of goods and services (such as the mailing house for our membership certificates and magazine)
  • Persons making an enquiry or complaint (For example with an organisational member or another regulatory body)
  • Police forces (For example if a criminal investigation is being carried out involving one of our registrants)
  • Central government
  • Voluntary and charitable organisations
  • Ombudsmen and regulatory authorities

We will ensure we have a legal basis for any such transfers before doing so.

Security

We will respect your confidentiality and will keep the information about you confidential. We store it securely and control who has access to it.

We will only share such information as necessary, and where we are satisfied that a third party is entitled to receive it and they will keep your information confidential and secure.

The security of your Personal Information is important to us but remember that no method of transmission over the internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Other websites

If you transfer to another website from a link within the UKCP website, this privacy notice does not apply. We recommend you examine all privacy statements for all third-party websites to understand their privacy procedures.

Your rights

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to this privacy notice

We aim to keep this notice under review to reflect changes to law or practice.

Document Created June 2018

Updated:  July 2019