top of page

Privacy policy

Osborne Psychology Privacy Policy

This is the privacy notice of Osborne Psychology In this document, “we”, “our”, or “us” refers to Osborne Psychology and “you” refers to the person(s) using this website. We may update this privacy policy as required for the means of the business and/or to ensure any changes in legal requirements

  • This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.

  • The confidentiality and privacy of your information is important to us and something that we take seriously. We understand that all our clients and visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.

  • Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).

  • The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. For more information please see

  • Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.


The data we collect about you:

We may collect, use, store and transfer different kinds of information where the individual can be identified. These are grouped as follows:

  • Identity data

  • Contact data

  • Financial data

  • Transaction data

  • Technical data: includes Internet Protocol (IP) address, login data, browser type, time zone setting and location, operating system etc

  • Usage data: information about how you use our website.

  • Sensitive data: information about your existing and previous health.

  • Information we obtain from third parties: Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use. No such information is personally identifiable to you.


How we collect your data:

We may collect and process the following data about you:

  • Data you give us. You may give us information about you by filling in forms on our site (our site) or through the questionnaires we ask you to complete, or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, request or receive psychological therapy through our site, participate in social media functions on our site, complete a survey or report a problem with our site. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and medical history.

  • Data we collect about you. With regard to each of your visits to our site we may automatically collect the following data:

  • Technical data, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

  • Your behaviour information collected via use of cookies and similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our website and app(s) are used and to customize our marketing offerings; data about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); pages you viewed or searches you carried out; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number

  • Data we receive from other sources. We may receive data about you from third parties we work closely with (including, without limitation, medical practitioners, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers).


How we use your data and what we do with it:

We will only use your data when the law allows us too. Most commonly we will use your data in the following circumstances:

  • Information we process because we have a contract with you

  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests

  • Where we need to comply with a legal obligation


Generally we do not rely on consent as a legal basis for processing your personal data although we will get your consent when processing sensitive data.

We use data held about you in the following ways:

Data you give to us. We will use this data:

  • To carry out our obligations arising from any contracts entered into between you and us relating to psychological therapy, and to provide you with the information and services that you request from us

  • To provide you with information about other services we offer that are similar to those that you have already received or enquired about

  • To provide you with information about goods or services we feel may interest you. If you are an existing client, we will only contact you by electronic means (email or SMS) with information about services similar to those you have previously received or enquired about

  • To notify you about changes to our services

  • To ensure that content from our site is presented in the most effective manner for you and for your computer

  • We may also use your data from the questionnaires you complete for audit and service evaluation purposes. The data used will be anonymised and no identifiable information will be shared with anyone outside of the service. This information will be analysed at a group level meaning the data from clients will be combined making it impossible to identify an individual from the data. It will be used to identify general trends of statistics about how the service is delivering on successful outcomes. This helps us achieve a good standard of care and highlights areas for improvement.


Data we collect about you. We will use this data:

  • To administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes

  • To improve our site to ensure that content is presented in the most effective manner for you and for your computer

  • To allow you to participate in interactive features of our service, when you choose to do so

  • As part of our efforts to keep our site safe and secure

  • To measure or understand the effectiveness of marketing we serve to you and others, and to deliver relevant marketing to you

  • To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them


Data we receive from other sources. 

  • We may combine this data with data you give to us and data we collect about you. We may use this data and the combined data for the purposes set out above.


Who we share information with:

We may share your data with the parties set out below:

  • Service providers, acting as processors who provide IT and system administration services such as Writeupp for our therapy/assessment notes and Zoom for our online consultations.

  • HM, Revenue & Customs

We require all parties to respect the security of your personal and sensitive data and to treat it in accordance with the law. 


Data security:

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
Confidential digital  information will be stored in a secure cloud service offering high levels of security. Confidential information containing sensitive data or information sent via the internet will be encrypted and/or password protected with the password sent separately. Letters to GPs will be marked confidential and all electronic devices storing  data will themselves be password protected. 
We will notify of you any breach in data security. 


Access to your own personal information:

  • At any time you may review or update or request that we remove personally identifiable information that we hold about you. To obtain a copy of any information that is not provided on our website you may send us a request at 

  • After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.

  • When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.



Other matters
How you can complain about our privacy policy:

  • If you are not happy with our privacy policy or if you have any complaint with respect to how we process your personal information then you should tell us by email. Our address is

  • If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.

  • If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at


Retention period for personal data:

Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:

  • to provide you with the services you have requested;

  • to comply with other law, including for the period demanded by our tax authorities;

  • to support a claim or defence in court.


Compliance with the law:

Our privacy policy has been compiled so as to comply with the laws of the legal jurisdictions in the UK and the European Union. If you think it fails to satisfy any of these laws, we should like to hear from you.


Review of this privacy policy:

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.
If you have any question regarding our privacy policy, please contact us


Data Subject Access Request Procedure (SAR)

According to GDPR “a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.” This policy sets out the procedure following a Subject Access Request (SAR).


The rights of Data Subjects:

Data subjects have the legal right to know whether you are processing any personal data about them as an individual and, if so, to be given:

  • the purposes of you processing the data on them

  • the categories of personal data concerned, personal or sensitive

  • the recipients to whom the personal data have been or will be disclosed, in particular, recipients in third countries or international organisations

  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

  • the existence of the right to request from the controller rectification or erasure of personal data or restriction on processing of personal data concerning the data subject or to object to such processing

  • the right to lodge a complaint with a supervisory authority

  • any available information as to the source if you were not the originating data collector

  • the existence of automated decision-making, including profiling. Detail needs to be available on what technologies are used here and what result this has on the data subject and their data

The response to the data subject needs to be within 1 month of first receipt of the SAR.


What we may need from you:

We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.


Our response:

We will try to respond to all legitimate requests within one month. Occasionally it may take longer if your request is particularly complex. In this case we will notify you and keep you updated.

bottom of page