At Reach we are committed to providing the best service possible to all our clients.  This includes adhering to the legal requirements in relation to confidentiality and data protection.

All our therapists are members or accredited members of BACP, NCP, CMA, UKCP or other bodies governing the psychological and holistic therapies – and so we are all bound to very clear and specific codes of conduct. Clients can therefore be assured that their issues and concerns will be discussed and explored in the strictest of confidence.

General Data Protection Regulation (GDPR)

In May 2018 the new General Data Protection Regulation (GDPR) comes into effect.  It replaces the Data Protection Act 1998.  It is designed to better protect the personal information directly or indirectly given to companies and organisations.

In compliance with GDPR we will collect, store, use and retain your personal data appropriately.

This means we will:

  • Only collect data that helps us to offer you the best service possible – we will therefore not collect or retain excessive amounts of data.Take appropriate steps to protect your personal data once it’s collected.
  • Therefore, we will store your data securely, in locked rooms, and on password protected computers, taking all reasonable measures to protect it from loss, misuse and unauthorised access.

We will use personal data for the following purposes:

  • To deliver the services which have been requested by you and agreed by us.
  • To make contact with clients as necessary.
  • To maintain our own records.
  • Client data will never be passed to a third party without express consent of the client.

In accordance with the requirements of our governing bodies (BACP, NCP, CMA, UKCP) we will retain client data for a minimum of 7 years.  For clients under the age of 18, data will be retained until their 25 birthday.

N.B. All therapists are required by their governing bodies to undertake regular supervision in order to ensure the highest standards of service are maintained and under these circumstances all personal data is fully anonymised such that a client cannot be identified.

The lawful basis for processing your personal data

We are required to relate our data collection and processing activity to a ‘lawful basis’ in order to comply with GDPR guidelines.

  1. Contract: The lawful basis for collecting and processing your data is that we have a contract.  From the outset you have sought our services and we have agreed to provide them and this constitutes a verbal (it may also be written) contract. Therefore, having agreed what we will offer, when and how regularly we will meet and what the fee is for this service, this contract is the lawful basis on which we can store and process your personal data.
  2. Legitimate interest: The second legal basis for collecting and processing your personal data is that having this information is necessary for us to be able to deliver the therapy we’ve agreed to offer you, and you would be unable to receive our service without giving us this information – so therefore it is in both the client’s and Reach’s ‘legitimate interests’.

Your rights

  • You have the right to request a copy of the personal data we have collected.
  • You have the right to request that any incorrect or incomplete data be corrected or completed if it is found to be inaccurate.
  • You have the right to request that the data is erased where it is no longer necessary to be stored.


In the event that you have any issue or concern about your personal data we would first of all invite you to discuss this with your therapist or a member of the Reach Senior Management Team at:

If this does not bring a satisfactory conclusion to your concerns, you have the right to complain to the Information Commissioner’s Office: (ICO) at:

So, please rest assured your data is in safe hands and will always be managed with the utmost sensitivity and care.

© Reach: Privacy Notice 2018