Privacy Policy

Purpose of this Policy

Your privacy is integral to how REST Psychological Services (“REST”, “we”, “us”, or “our”) provides psychological therapy, consultancy, and training. This Privacy Policy explains what personal data is, what types of data we collect, how we collect, how it is processed, the safeguards we apply, and what rights you have in this regard. You can rest assured that your personal data is handled with care.

This privacy notice is issued by REST as the “data controller”, in other words, as the organisation which determines the purposes for which, and the manner in which, any Personal Data is, or is likely to be, processed.

What is personal data?

Personal data means any information relating to an identified or identifiable natural person, such as for instance your contact information, your browsing history or your clinical data. It does not include anonymous data where identifying features have been removed.

General principles for personal data processing by REST

We adhere to the following principles when processing your personal data:

We will only collect personal data for specified, explicit, and legitimate purposes
We will not collect personal data beyond what is necessary to accomplish those purposes
We will not use personal data for purposes other than that for which the data was collected, except as stated herein or with prior consent
We will not transfer personal data to third parties, except as stated herein, or with prior consent
We will do our best to ensure that information is up to date by encouraging you to verify your personal data periodically
We will maintain appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful forms of processing
Except when stated herein, we will not store personal data longer than is necessary to accomplish the purpose for which the data were collected or for which they are further processed, or as is required by law

Personal data we collect and process

We collect only the information that is relevant to providing safe, effective, and personalised services. We may collect and process the following data about you:

Data you give us. You may give us information about you by filling in forms on our site https://www.restpsychology.com (our site) or through the questionnaires we ask you to complete, or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, subscribe to any updates, request or receive psychological therapy, training or consultancy services through our site, participate in social media functions on our site, complete a survey, or report a problem with our site. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description, and medical history. This information helps us allocate you to the most appropriate clinician or service. Once you begin working with a clinician, they will be responsible for managing your clinical records and will provide their own privacy information as your data controller
Data we collect about you. With regard to each of your visits to our website we may automatically collect the following data:
Technical data, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform
Your behaviour information collected via use of cookies and similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our website and app(s) are used and to customise our marketing offerings; data about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); pages you viewed or searches you carried out; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number
Data we receive from other sources. We may receive data about you from third parties we work closely with (including, without limitation, medical practitioners, business partners, sub-contractors in technical, payment and delivery services, analytics providers, and search information providers)
How we use your personal data:
We use data held about you in the following ways:
To carry out our obligations arising from any contracts entered into between you and us relating to psychological therapy, and to provide you with the information and services that you request from us
To provide you with information about other services we offer that are similar to those that you have already received or enquired about
To provide you with information about goods or services we feel may interest you. If you are an existing client, we will only contact you by electronic means (email or SMS) with information about services similar to those you have previously received or enquired about
To notify you about changes to our services
To improve our website, products/services, marketing, customer relationships and experiences
To ensure that content from our site is presented in the most effective manner for you and for your computer
We may also use your data from the questionnaires you complete for audit and service evaluation purposes. The data used will be anonymised and no identifiable information will be shared with anyone outside of the clinic. This information will be analysed at a group level meaning the data from clients will be combined making it impossible to identify an individual from the data. It will be used to identify general trends of statistics about how the clinic is delivering on successful outcomes. This helps us achieve a good standard of care and highlights areas for improvement.
We will use this data:
To administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical, and survey purposes
For performance of a contract with you e.g. to contact you about an appointment or to collect payment
To improve our site to ensure that content is presented in the most effective manner for you and for your computer
To allow you to participate in interactive features of our service, when you choose to do so
As part of our efforts to keep our site safe and secure
If it is necessary to comply with a legal obligation
To measure or understand the effectiveness of the marketing we serve to you and others, and to deliver the relevant marketing to you
To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them
Data we receive from other sources. We may combine this data with data you give to us and data we collect about you. We may use this data and the combined data for the purposes set out above

Where we store and process your personal data

As a general principle, your personal data is stored and processed within the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details. By submitting your personal data, you agree to this transfer, storing or processing. In case of transfer of your personal data to any third countries, as defined in General Data Protection Regulation (GDPR), applicable legislation and regulations concerning such transfers are observed and relevant legal and security safeguards are ensured before such transfer.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential and we ask you not to share the password with any other parties.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our disclosure of your personal data to third parties

As a general principle, we collect and process data in order to facilitate or improve REST’s services or offers. We do not sell your personal data or share the said data with third parties, except to the extent stated in this Privacy Policy.

We may disclose your personal data to third parties to the extent required by law, court order or a decision rendered by a competent public authority and for the purpose of law enforcement. In addition, we may share your personal data with the following third parties:

Medical or psychological therapy practitioners for the purposes of furthering a contract between us and you for the provision of psychological therapy
Third party vendors carrying out services on our behalf, including billing, sales, marketing, IT support, advertising, analytics, research, customer service, data storage, customer- diary software validation, security, fraud prevention, payment processing, and legal services. Such third-party vendors have access to perform these services but are prohibited from using your personal data for other purposes
Third parties in order to establish, exercise or defend legal rights of REST
Third parties in the event of any merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of REST assets or stock (including without limitation in connection with any bankruptcy or similar proceedings)
Other third parties subject to your consent
When we disclose your personal data to a third party, we take all reasonable steps to ensure that those third parties are bound by confidentiality and privacy obligations with respect to the protection of your personal data. The disclosure is conducted in compliance with legal requirements, including entering into data processing agreements with the relevant third parties, to ensure that personal data is only processed in accordance with our instructions, applicable law and regulations and for the purpose specified by us and to ensure adequate security measures

Retention of your personal data

We keep your information for no longer than necessary for the purposes for which it is collected. The length of time for which we retain information depends on the purposes for which we collected and use it.

Personal data related to our services is kept and processed for a period of seven (7) years from the last date of service, unless such data is legitimately processed for other purposes, such as providing you with personal benefits or customised direct marketing upon your consent or for pursuing our legal claims, where maintaining such information is considered necessary.

Your Rights

You have the right to:

Request access to the personal data concerning you which you have provided to REST in a structured, commonly used and machine-readable format and have the right to transmit those data to any third party you should choose to.

Request and/or delete your personal data

We encourage you to update your personal data provided to REST any time there are changes in your personal data.  Your personal data can be deleted from REST servers unless we are entitled or obliged by applicable law and regulations to keep and process such information regardless of withdrawal of your consent.  Following your request for deletion of your personal data, these will be deleted from our servers without undue delay; please note it may take a period of up to two (2) months to ensure complete deletion of any information stored in our back-up. You may also contact REST to review, update or delete personal data stored about you. Please note that prior to accessing and requesting changes to your data, we will need to verify your identity properly.

Object to processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

If you want us to establish the data's accuracy
Where our use of the data is unlawful but you do not want us to erase it
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it

Right to withdraw your consent

Some of REST’s processing activities may be based on your consent. In these situations you will have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal.

If you withdraw your consent, REST and third parties involved in personal data processing will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations. Please note that as a consequence of your withdrawal of your consent, REST may not be able to meet your requests or provide you with our services.

No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Right to Complain

If you want to complain about a privacy breach, please write to hello@restpsychology.com. We take every enquiry seriously and will respond as promptly and transparently as possible.

We will acknowledge receipt of your complaint within five (5) business days. We will do our best to resolve it as quickly as possible and within one (1) month from the date of complaint. In case a response would require longer than one (1) month, we will let you know and inform you of the relevant reason(s).

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

We use cookies and similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our website(s) and app(s) are used and to customise our marketing offerings.

A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (1) recognise your computer; (2) store your preferences and settings; (3) understand the web pages of www.restpsychology.com you have visited; (4) enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (5) perform searches and analytics; and (6) assist with security and administrative functions. Some cookies are placed in your browser cache while those associated with Flash technologies are stored with your Adobe Flash Player files.

Pixels are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email that are designed to: (1) collect usage information like ad impressions or clicks and e-mail open rates; (2) measure popularity of advertising; and (3) access user cookies.

As we adopt additional technologies, we may also gather information through other methods.  Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether.

Please consult the “Help” section of your browser for more information. You can also manage the use of Flash technologies, including Flash cookies and local storage objects with the Flash management tools available at Adobe’s website. Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings on our website(s) or app(s). For example, to complete a purchase on our website(s), you will need to accept cookies sent by our site(s).

Third-party websites, plug-ins and services

Website(s) and the app(s) of REST Clinic may contain links to third party websites and plug-ins, for instance a social media login plug-in. If you choose to use these websites, plug-ins or services you may disclose your information to those third parties. REST is not responsible for the content or practices of those websites, plug-ins or services. The collection, use, and disclosure of your personal data will be subject to the privacy policies of these third parties and not this Privacy Policy. We urge you to read the privacy and security policies of the relevant third parties.

Changes to our Privacy Policy

REST may modify or update this Privacy Policy when necessary to reflect changes in our products and services, changes in applicable legislation, regulations or practice and to address customer feedback. Accordingly, please review it periodically. Date of the latest update is always provided on the top of the document.

If there are material changes to this Privacy Policy, we will notify you either by posting a notice or by sending you a notification.

Contact Details

If you have questions about this Privacy Policy, please write to us on hello@restpsychology.com.