Privacy notice

Introduction

At Relational Spaces Ltd, we are committed to protecting your privacy and handling your personal information with care, respect and transparency.

Whether you contact us to enquire about room hire, attend one of our events, subscribe to our newsletter, participate in community activities or visit our website, we want you to understand what information we collect, why we collect it and how we keep it safe.

This privacy notice explains how Relational Spaces Ltd collects, uses, stores and protects personal information in accordance with the:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • Data (Use and Access) Act 2025 (DUAA)

We are committed to processing personal information lawfully, fairly and transparently and to respecting the rights of everyone whose information we hold.

Who we are

Relational Spaces Ltd is the data controller for the personal information described in this privacy notice.

This means we decide how and why certain personal information is collected and used in connection with the operation of our business.

Our activities include:

  • managing enquiries
  • providing consulting and therapy room hire
  • administering bookings
  • organising community activities, workshops and training
  • managing our website
  • communicating with people who contact us
  • maintaining our business records
  • complying with our legal and regulatory obligations

If you have any questions about this privacy notice or how we use your information, you can contact us at therapyroomsuk@gmail.com.

Relational Spaces Ltd is registered with the Information Commissioner’s Office (ICO) as a data controller. Our registration reference is ZA901803.

Independent therapists

Many of the therapists who practise from Relational Spaces are self-employed, independent practitioners.

Those therapists are separate and independent data controllers for the personal information they collect and process in connection with their professional practice.

This includes, for example:

  • therapy records
  • client notes
  • clinical assessments
  • appointment records
  • treatment plans
  • correspondence relating to therapy
  • any other information created within the therapeutic relationship

Each therapist is responsible for providing their own privacy notice explaining how they process personal information within their practice.

Relational Spaces Ltd does not routinely access, manage or control therapists’ clinical records and is not responsible for the processing of personal information carried out independently by those practitioners.
Where appropriate, we may assist individuals in contacting their therapist regarding any questions about their personal information.

Practitioner group communications

We provide access to a Google Group to help independent practitioners communicate with each other, including to share referrals, requests for information or other professional updates.

If you send a message to the group, your name, email address and the content of your message will be shared with the other members of the group.

Practitioners should not use the group to share confidential client information, clinical information or other sensitive personal information unless they are satisfied that they have a lawful basis for doing so and appropriate safeguards are in place.

Personal information we collect

The personal information we collect depends upon how you interact with us.

We may collect:

  • your name
  • postal address
  • email address
  • telephone number
  • information you provide when making an enquiry
  • professional information provided as part of onboarding or room-hire checks, which may include professional indemnity insurance details, evidence of qualifications and professional registration details
  • booking information
  • event registrations
  • workshop or training bookings
  • communication preferences
  • billing and payment information where required
  • bank account details where necessary to issue refunds or make payments
  • correspondence you send to us
  • website usage information
  • cookie information where consent has been provided
  • technical information such as IP address, browser type and device information

Most of the personal information we collect is provided directly by you.

We may also receive personal information from service providers that help us operate our business, such as website hosting providers, booking systems or payment providers.

Special category personal information

As a general rule, Relational Spaces Ltd does not seek to collect special category personal information.

However, there may be occasions where you choose to provide information relating to your health, accessibility requirements, disability, dietary requirements or other information that is relevant to an event, workshop or service.

Where we process special category information, we will only do so where both the following are the case:

  • an appropriate lawful basis exists under UK GDPR
  • a relevant condition for processing under Article 9 UK GDPR and the Data Protection Act 2018 applies

We will only collect information that is genuinely necessary for the purpose for which it is provided.

How we use your information

We may use your personal information to:

  • respond to enquiries
  • administer room bookings
  • manage training events and workshops
  • communicate with you about services you have requested
  • send booking confirmations
  • issue invoices and process payments
  • administer refunds where appropriate
  • manage our relationship with you
  • improve our website and services
  • comply with legal obligations
  • maintain business records
  • manage safeguarding responsibilities where applicable
  • investigate complaints
  • protect the security of our premises, systems and website
  • send newsletters where you have chosen to receive them.

We will only use your personal information where we have a lawful reason to do so.

Our lawful bases for processing

Depending upon why we are using your information, we rely on one or more of the following lawful bases under UK GDPR.

Activity Lawful basis
Responding to enquiries Legitimate interests
Room hire and bookings Performance of a contract
Event administration Contract
Issuing invoices Contract
Accounting and tax records Legal obligation
Responding to safeguarding concerns Legal obligation or vital interests, where applicable
Website administration Legitimate interests
Improving our services Legitimate interests
Sending newsletters Consent
Managing complaints Legitimate interests and legal obligations where applicable

Where we rely on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn.

Where we rely on our legitimate interests, we have considered the impact on your rights and freedoms and are satisfied that our interests do not override those rights.

Legitimate interests

In some circumstances, we process personal information because it is necessary for our legitimate interests as a business.

Our legitimate interests include:

  • responding to enquiries
  • managing room hire and bookings
  • administering events, workshops and training
  • maintaining the security of our premises, systems and website
  • improving our services
  • preventing fraud or misuse of our services
  • resolving complaints and disputes
  • managing our day-to-day business operations

Before relying on legitimate interests, we consider the potential impact on your rights and freedoms and ensure that your interests are not overridden.

Newsletter and marketing communications

If you choose to subscribe to our newsletter, we will use your email address to send you information about Relational Spaces Ltd, including news, events, workshops, community activities and other information we believe may be of interest.

We will only send marketing communications where you have actively opted in or where another lawful basis applies under the Privacy and Electronic Communications Regulations (PECR).

Our lawful basis for sending newsletters is your consent.

You may withdraw your consent at any time by either:

We use Mailchimp to manage our mailing list and distribute newsletters. Mailchimp processes personal information on our behalf in accordance with our instructions and applicable data protection legislation.

Website and cookies

Our website uses cookies and similar technologies to provide essential functionality, improve performance and help us understand how visitors use our website.

Cookies are small text files placed on your device when you visit a website.

Some cookies are essential for the operation of the website and do not require your consent.

Other cookies, including analytics cookies, are optional and will only be used if you choose to accept them through our cookie banner.

You may change your cookie preferences at any time using the cookie settings available on our website.

You can also manage or delete cookies through your browser settings.

Further information is available in our separate cookie policy.

Website analytics

Where you consent, we use Google Analytics to help us understand how visitors use our website.
Analytics information is used to:

  • monitor website performance
  • understand which pages are most useful
  • improve accessibility
  • improve user experience
  • help us develop our services

Where possible, information is aggregated and does not identify individual users.

Google Analytics cookies are only activated after you have provided your consent.

Third-party service providers

Like most organisations, we use third-party providers to help us operate our business.

Depending upon the services you use, we may share personal information with providers of:

  • website hosting
  • room-booking management systems
  • email services
  • newsletter distribution
  • accounting software and bookkeeping services
  • payment processing
  • banking and financial services
  • cloud storage
  • website security
  • IT support
  • business administration

Our principal providers currently include:

  • Google Workspace, which we use for business email, documents and administration and practitioner group communications (through a Google Group)
  • Dropbox, which we use for document storage
  • Mailchimp, which we use to manage and send newsletters
  • Xero, which we use for accounting and financial administration
  • Stripe, which we use to process ad hoc room booking payments
  • Zen Internet, which hosts our websites and associated databases
  • Google Analytics, which we use, where analytics cookies are accepted, to help us understand website usage

Where these providers process personal information on our behalf, we ensure that appropriate contractual arrangements are in place requiring them to process personal information securely, confidentially and only in accordance with our instructions.

We do not sell your personal information to third parties.

We may disclose personal information where required by law or where necessary to protect individuals from a serious risk of harm, comply with safeguarding responsibilities, meet insurance or regulatory obligations, or establish, exercise or defend legal claims.

International transfers

Some of our service providers may store or process personal information outside the United Kingdom.

Where personal information is transferred internationally, we ensure that appropriate safeguards are in place as required by UK data protection legislation.

These safeguards may include:

  • a UK adequacy decision
  • the UK International Data Transfer Agreement (IDTA)
  • the UK Addendum to the European Commission’s Standard Contractual Clauses
  • another lawful transfer mechanism recognised under UK law

We will take reasonable steps to ensure that your personal information continues to receive an appropriate level of protection wherever it is processed.

Data security

Protecting personal information is important to us.
We maintain appropriate technical and organisational measures designed to safeguard personal information against accidental loss, unauthorised access, misuse, disclosure, alteration or destruction.

These measures include, where appropriate:

  • secure business systems
  • password protection and multi-factor authentication
  • restricted access to information
  • encrypted communications where appropriate
  • secure cloud-based services
  • staff awareness of confidentiality responsibilities
  • regular review of our information security arrangements
  • secure disposal of personal information when it is no longer required

Although we take reasonable steps to protect personal information, no electronic transmission or storage system can ever be guaranteed to be completely secure.

Data retention

We keep personal information only for as long as it is reasonably necessary for the purposes for which it was collected.
Retention periods vary depending upon:

  • the type of information
  • the purpose for which it was collected
  • legal obligations
  • insurance requirements
  • accounting requirements
  • safeguarding responsibilities
  • the need to establish, exercise or defend legal claims

When personal information is no longer required, it will be securely deleted, anonymised or otherwise disposed of in accordance with our retention procedures.

Newsletter subscription information will normally be retained until you unsubscribe.

Where you unsubscribe, we may retain limited information on a suppression list to ensure we do not send further marketing communications.

Automated decision-making

Relational Spaces Ltd does not use your personal information to make decisions based solely on automated processing that produce legal effects or similarly significant effects for individuals.
If this position changes in the future, we will update this privacy notice and provide any information required under applicable data protection legislation.

Your rights

Under UK data protection law, you have a number of rights in relation to your personal information.

Depending on the circumstances, these may include the right to:

  • be informed about how your information is used
  • request access to your personal information
  • ask us to correct inaccurate or incomplete information
  • ask us to delete your personal information in certain circumstances
  • ask us to restrict how we use your personal information
  • object to certain types of processing
  • receive personal information in a portable format, where this applies
  • withdraw consent where we rely on consent
  • complain about how your personal information has been handled

These rights are not absolute and may be subject to legal exemptions.

To exercise any of your rights, please contact us using the details provided in this privacy notice.

We will respond to your request within the timescales required by data protection law.

Data protection concerns and complaints

We are committed to handling concerns and complaints about personal information fairly, openly and promptly.

You can contact us if you have a concern or complaint about how we collect, use, store, share or protect your personal information. You can also contact us if you are unhappy with how we have responded to a request to exercise your data protection rights.

Your concern or complaint may relate to:

  • how personal information is collected
  • how personal information is used
  • the accuracy of personal information we hold
  • how personal information is shared
  • how long personal information is kept
  • how we have responded to a request to exercise your data protection rights

Please contact us by email at: therapyroomsuk@gmail.com.

Please include enough information for us to understand your concern and look into it. If you are contacting us on behalf of someone else, we may need to ask for evidence that you have authority to act for them.

We will acknowledge receipt of your data protection complaint within 30 days. We will then take appropriate steps to look into the complaint, keep you informed where necessary, and tell you the outcome without undue delay.

When looking into a concern or complaint, we may:

  • assess the nature of the issue
  • gather relevant information internally where necessary
  • provide a clear response
  • explain any steps taken or decisions made

Where appropriate, we may take steps such as:

  • correcting inaccurate information
  • deleting information
  • restricting how information is used
  • providing further explanation
  • improving our internal processes
  • taking other reasonable steps to resolve the issue

We may keep records of data protection complaints and how they have been handled for compliance, audit and service improvement purposes.

You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection matters. You can contact the ICO through its website by calling 0303 123 1113.

Nothing in this privacy notice affects your right to complain to the ICO at any time.

Contact us

If you have any questions about this privacy notice or about how we process your personal information, please contact us at Relational Spaces Ltd.

Registered office: 32a Coppetts Road, London N10 1JY

Company number: 09480016

Email: therapyroomsuk@gmail.com

ICO registration number: ZA901803

Changes to this privacy notice

We may update this privacy notice from time to time to reflect changes in:

  • our services
  • technology
  • legal requirements
  • regulatory guidance
  • our business operations

The most recent version will always be available on our website. This privacy notice was last updated on 14 July 2026.

Cookies on this site
Relational Spaces logo

This site, like many others, stores small files (called ‘cookies’) on your computer to collect information about how you use the site.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Google Analytics cookies

We use Google Analytics to collect aggregated statistics about how visitors use the website.

We do not use Google Analytics for advertising, remarketing or profiling.

Google Analytics may process online identifiers and technical information about your visit, such as device/browser information, approximate location, pages visited and session information.

You can accept or reject analytics cookies using our cookie settings.