Privacy notice
Contents
- Introduction
- Who we are
- Independent therapists
- Personal information we collect
- How we use your information
- Our lawful bases for processing
- Legitimate interests
- Newsletter and marketing communications
- Website and cookies
- Third-party service providers
- International transfers
- Data security
- Data retention
- Automated decision-making
- Your rights
- Data protection concerns and complaints
- Contact us
- Changes to this privacy notice
Introduction
At Relational Spaces Ltd, we are committed to protecting your privacy and handling your personal information with care, respect and transparency.
Whether you contact us to enquire about room hire, attend one of our events, subscribe to our newsletter, participate in community activities or visit our website, we want you to understand what information we collect, why we collect it and how we keep it safe.
This privacy notice explains how Relational Spaces Ltd collects, uses, stores and protects personal information in accordance with the:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
- Data (Use and Access) Act 2025 (DUAA)
We are committed to processing personal information lawfully, fairly and transparently and to respecting the rights of everyone whose information we hold.
Who we are
Relational Spaces Ltd is the data controller for the personal information described in this privacy notice.
This means we decide how and why certain personal information is collected and used in connection with the operation of our business.
Our activities include:
- managing enquiries
- providing consulting and therapy room hire
- administering bookings
- organising community activities, workshops and training
- managing our website
- communicating with people who contact us
- maintaining our business records
- complying with our legal and regulatory obligations
If you have any questions about this privacy notice or how we use your information, you can contact us at therapyroomsuk@gmail.com.
Relational Spaces Ltd is registered with the Information Commissioner’s Office (ICO) as a data controller. Our registration reference is ZA901803.
Independent therapists
Many of the therapists who practise from Relational Spaces are self-employed, independent practitioners.
Those therapists are separate and independent data controllers for the personal information they collect and process in connection with their professional practice.
This includes, for example:
- therapy records
- client notes
- clinical assessments
- appointment records
- treatment plans
- correspondence relating to therapy
- any other information created within the therapeutic relationship
Each therapist is responsible for providing their own privacy notice explaining how they process personal information within their practice.
Relational Spaces Ltd does not routinely access, manage or control therapists’ clinical records and is not responsible for the processing of personal information carried out independently by those practitioners.
Where appropriate, we may assist individuals in contacting their therapist regarding any questions about their personal information.
Practitioner group communications
We provide access to a Google Group to help independent practitioners communicate with each other, including to share referrals, requests for information or other professional updates.
If you send a message to the group, your name, email address and the content of your message will be shared with the other members of the group.
Practitioners should not use the group to share confidential client information, clinical information or other sensitive personal information unless they are satisfied that they have a lawful basis for doing so and appropriate safeguards are in place.
Personal information we collect
The personal information we collect depends upon how you interact with us.
We may collect:
- your name
- postal address
- email address
- telephone number
- information you provide when making an enquiry
- professional information provided as part of onboarding or room-hire checks, which may include professional indemnity insurance details, evidence of qualifications and professional registration details
- booking information
- event registrations
- workshop or training bookings
- communication preferences
- billing and payment information where required
- bank account details where necessary to issue refunds or make payments
- correspondence you send to us
- website usage information
- cookie information where consent has been provided
- technical information such as IP address, browser type and device information
Most of the personal information we collect is provided directly by you.
We may also receive personal information from service providers that help us operate our business, such as website hosting providers, booking systems or payment providers.
Special category personal information
As a general rule, Relational Spaces Ltd does not seek to collect special category personal information.
However, there may be occasions where you choose to provide information relating to your health, accessibility requirements, disability, dietary requirements or other information that is relevant to an event, workshop or service.
Where we process special category information, we will only do so where both the following are the case:
- an appropriate lawful basis exists under UK GDPR
- a relevant condition for processing under Article 9 UK GDPR and the Data Protection Act 2018 applies
We will only collect information that is genuinely necessary for the purpose for which it is provided.
How we use your information
We may use your personal information to:
- respond to enquiries
- administer room bookings
- manage training events and workshops
- communicate with you about services you have requested
- send booking confirmations
- issue invoices and process payments
- administer refunds where appropriate
- manage our relationship with you
- improve our website and services
- comply with legal obligations
- maintain business records
- manage safeguarding responsibilities where applicable
- investigate complaints
- protect the security of our premises, systems and website
- send newsletters where you have chosen to receive them.
We will only use your personal information where we have a lawful reason to do so.
Our lawful bases for processing
Depending upon why we are using your information, we rely on one or more of the following lawful bases under UK GDPR.
| Activity | Lawful basis |
|---|---|
| Responding to enquiries | Legitimate interests |
| Room hire and bookings | Performance of a contract |
| Event administration | Contract |
| Issuing invoices | Contract |
| Accounting and tax records | Legal obligation |
| Responding to safeguarding concerns | Legal obligation or vital interests, where applicable |
| Website administration | Legitimate interests |
| Improving our services | Legitimate interests |
| Sending newsletters | Consent |
| Managing complaints | Legitimate interests and legal obligations where applicable |
Where we rely on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn.
Where we rely on our legitimate interests, we have considered the impact on your rights and freedoms and are satisfied that our interests do not override those rights.
Legitimate interests
In some circumstances, we process personal information because it is necessary for our legitimate interests as a business.
Our legitimate interests include:
- responding to enquiries
- managing room hire and bookings
- administering events, workshops and training
- maintaining the security of our premises, systems and website
- improving our services
- preventing fraud or misuse of our services
- resolving complaints and disputes
- managing our day-to-day business operations
Before relying on legitimate interests, we consider the potential impact on your rights and freedoms and ensure that your interests are not overridden.
Newsletter and marketing communications
If you choose to subscribe to our newsletter, we will use your email address to send you information about Relational Spaces Ltd, including news, events, workshops, community activities and other information we believe may be of interest.
We will only send marketing communications where you have actively opted in or where another lawful basis applies under the Privacy and Electronic Communications Regulations (PECR).
Our lawful basis for sending newsletters is your consent.
You may withdraw your consent at any time by either:
- clicking the unsubscribe link included in every newsletter
- contacting us directly at therapyroomsuk@gmail.com
We use Mailchimp to manage our mailing list and distribute newsletters. Mailchimp processes personal information on our behalf in accordance with our instructions and applicable data protection legislation.
Website and cookies
Our website uses cookies and similar technologies to provide essential functionality, improve performance and help us understand how visitors use our website.
Cookies are small text files placed on your device when you visit a website.
Some cookies are essential for the operation of the website and do not require your consent.
Other cookies, including analytics cookies, are optional and will only be used if you choose to accept them through our cookie banner.
You may change your cookie preferences at any time using the cookie settings available on our website.
You can also manage or delete cookies through your browser settings.
Further information is available in our separate cookie policy.
Website analytics
Where you consent, we use Google Analytics to help us understand how visitors use our website.
Analytics information is used to:
- monitor website performance
- understand which pages are most useful
- improve accessibility
- improve user experience
- help us develop our services
Where possible, information is aggregated and does not identify individual users.
Google Analytics cookies are only activated after you have provided your consent.
Third-party service providers
Like most organisations, we use third-party providers to help us operate our business.
Depending upon the services you use, we may share personal information with providers of:
- website hosting
- room-booking management systems
- email services
- newsletter distribution
- accounting software and bookkeeping services
- payment processing
- banking and financial services
- cloud storage
- website security
- IT support
- business administration
Our principal providers currently include:
- Google Workspace, which we use for business email, documents and administration and practitioner group communications (through a Google Group)
- Dropbox, which we use for document storage
- Mailchimp, which we use to manage and send newsletters
- Xero, which we use for accounting and financial administration
- Stripe, which we use to process ad hoc room booking payments
- Zen Internet, which hosts our websites and associated databases
- Google Analytics, which we use, where analytics cookies are accepted, to help us understand website usage
Where these providers process personal information on our behalf, we ensure that appropriate contractual arrangements are in place requiring them to process personal information securely, confidentially and only in accordance with our instructions.
We do not sell your personal information to third parties.
We may disclose personal information where required by law or where necessary to protect individuals from a serious risk of harm, comply with safeguarding responsibilities, meet insurance or regulatory obligations, or establish, exercise or defend legal claims.
International transfers
Some of our service providers may store or process personal information outside the United Kingdom.
Where personal information is transferred internationally, we ensure that appropriate safeguards are in place as required by UK data protection legislation.
These safeguards may include:
- a UK adequacy decision
- the UK International Data Transfer Agreement (IDTA)
- the UK Addendum to the European Commission’s Standard Contractual Clauses
- another lawful transfer mechanism recognised under UK law
We will take reasonable steps to ensure that your personal information continues to receive an appropriate level of protection wherever it is processed.
Data security
Protecting personal information is important to us.
We maintain appropriate technical and organisational measures designed to safeguard personal information against accidental loss, unauthorised access, misuse, disclosure, alteration or destruction.
These measures include, where appropriate:
- secure business systems
- password protection and multi-factor authentication
- restricted access to information
- encrypted communications where appropriate
- secure cloud-based services
- staff awareness of confidentiality responsibilities
- regular review of our information security arrangements
- secure disposal of personal information when it is no longer required
Although we take reasonable steps to protect personal information, no electronic transmission or storage system can ever be guaranteed to be completely secure.
Data retention
We keep personal information only for as long as it is reasonably necessary for the purposes for which it was collected.
Retention periods vary depending upon:
- the type of information
- the purpose for which it was collected
- legal obligations
- insurance requirements
- accounting requirements
- safeguarding responsibilities
- the need to establish, exercise or defend legal claims
When personal information is no longer required, it will be securely deleted, anonymised or otherwise disposed of in accordance with our retention procedures.
Newsletter subscription information will normally be retained until you unsubscribe.
Where you unsubscribe, we may retain limited information on a suppression list to ensure we do not send further marketing communications.
Automated decision-making
Relational Spaces Ltd does not use your personal information to make decisions based solely on automated processing that produce legal effects or similarly significant effects for individuals.
If this position changes in the future, we will update this privacy notice and provide any information required under applicable data protection legislation.
Your rights
Under UK data protection law, you have a number of rights in relation to your personal information.
Depending on the circumstances, these may include the right to:
- be informed about how your information is used
- request access to your personal information
- ask us to correct inaccurate or incomplete information
- ask us to delete your personal information in certain circumstances
- ask us to restrict how we use your personal information
- object to certain types of processing
- receive personal information in a portable format, where this applies
- withdraw consent where we rely on consent
- complain about how your personal information has been handled
These rights are not absolute and may be subject to legal exemptions.
To exercise any of your rights, please contact us using the details provided in this privacy notice.
We will respond to your request within the timescales required by data protection law.
Data protection concerns and complaints
We are committed to handling concerns and complaints about personal information fairly, openly and promptly.
You can contact us if you have a concern or complaint about how we collect, use, store, share or protect your personal information. You can also contact us if you are unhappy with how we have responded to a request to exercise your data protection rights.
Your concern or complaint may relate to:
- how personal information is collected
- how personal information is used
- the accuracy of personal information we hold
- how personal information is shared
- how long personal information is kept
- how we have responded to a request to exercise your data protection rights
Please contact us by email at: therapyroomsuk@gmail.com.
Please include enough information for us to understand your concern and look into it. If you are contacting us on behalf of someone else, we may need to ask for evidence that you have authority to act for them.
We will acknowledge receipt of your data protection complaint within 30 days. We will then take appropriate steps to look into the complaint, keep you informed where necessary, and tell you the outcome without undue delay.
When looking into a concern or complaint, we may:
- assess the nature of the issue
- gather relevant information internally where necessary
- provide a clear response
- explain any steps taken or decisions made
Where appropriate, we may take steps such as:
- correcting inaccurate information
- deleting information
- restricting how information is used
- providing further explanation
- improving our internal processes
- taking other reasonable steps to resolve the issue
We may keep records of data protection complaints and how they have been handled for compliance, audit and service improvement purposes.
You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection matters. You can contact the ICO through its website by calling 0303 123 1113.
Nothing in this privacy notice affects your right to complain to the ICO at any time.
Contact us
If you have any questions about this privacy notice or about how we process your personal information, please contact us at Relational Spaces Ltd.
Registered office: 32a Coppetts Road, London N10 1JY
Company number: 09480016
Email: therapyroomsuk@gmail.com
ICO registration number: ZA901803
Changes to this privacy notice
We may update this privacy notice from time to time to reflect changes in:
- our services
- technology
- legal requirements
- regulatory guidance
- our business operations
The most recent version will always be available on our website. This privacy notice was last updated on 14 July 2026.
