Privacy Policy

Who we are

Our website address is:

We are Reach Psychology Limited, a company incorporated in England and Wales. Our company number is 09310987, our VAT number is 215730039 and our registered address is

Kings House, St.
Johns Square, Wolverhampton,
England, WV2 4DT

(“Reach Psychology Limited” / “we” / “our” / “us“). We are committed to ensuring that your privacy is protected. We comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) unless and until the GDPR is no longer directly applicable in the UK, together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to the GDPR and the DPA (together “Data Protection Legislation”). We are the data controller of data you pass to us pursuant to this policy. Our Data Protection Officer can be contacted at

This Privacy Policytogether with our website terms and conditions and cookie policy, sets out how we collect personal information from you and how the personal information you provide will be processed by us. By visiting the website at (the “Website”) you are accepting and consenting to the practices described in this Privacy Policy. If you do not consent, please do not submit any personal data to us.


Reach Psychology has prepared this policy so we are transparent about why and how we handle your personal information (data). Under the General Data Protection Regulations (GDPR), I (Ruth Hare) am a “data controller”, as I collect and use personal data. Associates of Reach Psychology also have information about you from their work with you. They have responsibility for this separately but between us we undertake to keep your personal data safe and secure. 


The website uses cookies to distinguish you from other users of the website. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookies Policy.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Information about you

We collect and hold personal information about you in order to provide a service and process payment. In doing this we follow the law and code of ethics set out by the Health Care Professions Council (HCPC), British Psychological Society (BPS) and the Information Commissioner’s Office (ICO). Typically you can expect information to be shared with the associate practitioner working with you, and your details will be given to Beth Bloxham, our associate finance manager to process administration and payment. 

Categories of information 

The categories of information that we collect and hold are classified as ‘personal data’ and ‘sensitive data’. This information includes: 

  • Your personal information such as name and address and telephone numbers. 
  • Enquirers information (emails sent between us) 
  • Characteristics (where appropriate eg ethnicity, language, nationality, country of birth) 
  • Attendance information (number of sessions we’ve had together) 
  • Relevant medical information 
  • Sensitive data: agreements, notes (which may include names of relatives, children, employers etc), letters, reports and any questionnaires used. 

If you are referred to us by an organisation, then we also process information and data provided by them which includes basic contact information, referral information and their authorisation to pay or refer you to us. 

How we use your information 

Our professional bodies require us to keep information about the work we do and the people we see. We are unable to offer you a service unless we keep some information about our work together. 

We use the information: 

  • To provide you with a service 
  • For billing and processing payments 
  • To monitor and report risk where appropriate 
  • To review the quality of the service we are providing 
  • To comply with the law regarding data sharing 

To use the legal speak, we have a ‘legitimate interest’ in using the personal and sensitive data that we collect, to provide the most appropriate support service to clients. We are registered with the Information Commissioner’s Office (ICO) and collect and use personal information in order to meet legal obligations and legitimate interests set out in GDPR. 

Who we share your data with

Your personal information will only be shared: 

  • If an organisation is funding your support: appointment schedules may be shared for the purposes of billing. We may also share information about the need to cease or extend our work but this will always be done with your knowledge and a prior discussion. 
  • When there is a need-to-know situation for another provider eg GP. 
  • When disclosure is in the public interest (to prevent a miscarriage of justice or where there is a legal duty eg a court order) 
  • When the information concerns risk of harm to you or someone else. You will be involved in discussion of the proposed disclosure unless to do so is perceived to increase the level of risk to you or someone else) 
  • To ensure practitioner safety in line with recommendations from the Suzy Lamplugh Trust recommends always ensuring that someone else has access to schedules and contact details for clients and practitioners. 

Your personal information will not be shared with third parties for marketing purposes. 

Storing your information

Myself and each Reach associate practitioner is instructed to protect your data. Any paper files are to be stored in locked filing cabinets. Computers, phones and electronic devices used for phone calls, texts and emails are password protected and follow standard technical safety and privacy procedures. 

Data is held for the minimum amount of time needed in order to provide the service that you have requested and then it will be destroyed. Your contact details, formal letters and reports will be kept for 7 years in accordance with BPS and HCPC guidelines, however case notes may be destroyed 6 months after our work together has ceased because the data we hold (eg number of sessions held, dates worked together and any summary documents are sufficient). 

Paper records are destroyed using a destruction service (eg shred-it) which meets industry standards for document management and provides the appropriate certification. 

What rights you have over your information

You have the right of access about information held about you. Following a formal written request from you, Reach will provide the data we have about you within 30 days. You also have the right to have inaccurate personal data rectified. If any data we hold is incorrect or requires updating, please contact us and we will correct it within 30 days of your request. 

Data breaches 

In the unlikely event of a data breach, I (Ruth Hare) will inform you as soon as I am aware of it and will notify the Information Commissioner’s Office. 

This policy is reviewed annually or when new requirements are mandated.