Privacy Policy

Privacy Policy

Aims and Objectives

This policy demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.

Personal and Health information data is collected to enable Wild and Free Therapy CIC and any staff/volunteers to ensure that all participants can take part in our services safely with their needs met as much a possible. Privacy is a top priority. We’re committed to always being a good custodian of your personal information, handling it in a responsible manner, and securing it with industry standard administrative, technical and physical safeguards.

We follow two guiding principles when it comes to your privacy:

  • Transparency – we work hard to be transparent about what personal information we collect and process
  • Simplicity – we try to use easy-to-understand language to describe our privacy practices to help you make informed choices


  • ICO – Information Commissioner’s Office (ICO)
  • BACP – British Association for Counselling and Psychotherapy
  • UK GDPR – United Kingdom General Data Protection Regulation
  • DBS – Disclosure and Barring Service
  • Personal data or personal information: Any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Special categories of sensitive personal data – Data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, physical or mental health conditions, gender or sexual orientation, genetic data, and biometric data which require a higher level of protection.

Duties and Responsibilities

Personal and health information/data is collected to enable Wild and Free Therapy CIC and any staff/volunteers to ensure that all participants can take part in our services safely with their needs met as much as possible.

It is the responsibility of all Directors to:

  • Gather relevant data for the safe implementation of our services
  • Use personal data fairly and responsibly.
  • Store personal data safely and securely.
  • Only share personal data when necessary for the health and safety of participants.
  • Protect participant confidentiality while understanding the duty to share information when in the best interests of the participants.

It is the responsibility of all employees, volunteers and directors, to:

  • Use personal data fairly and responsibly.
  • Store personal data safely and securely.
  • Only share personal data when necessary for the health and safety of participants.
  • Protect participant confidentiality while understanding the duty to share information when in the best interests of the participants.

Process for Implementation

Details of information we hold:

The list below identifies the kind of data that we will hold about participants:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • Date of birth
  • Gender identification
  • Emergency contact details
  • Medical and health information
  • Care plan information
  • Psychological assessments relevant to the service we offer

The list below identifies the kind of data that we will hold about staff/volunteers:

  • Reference contact details from location of employment or workplace
  • Copy of driving licence, passport and proof of address for DBS checks
  • Information included on your CV including references, education history and employment history
  • Information used for equal opportunities monitoring about your sexual orientation, religion or belief and ethnic origin
  • Medical and health information relevant to our services

The following list identifies the kind of data that we will process and which falls within the scope of “special categories” of more sensitive personal information:

  • Information relating to race or ethnicity, religious beliefs, gender orientation
  • Information about health, including any medical conditions and disabilities
  • Information about criminal convictions and offences

Method of collection of personal information:

Personal information is obtained through the referral or recruitment process, this may be directly from parent/carers, via an organisation or a third party who undertakes background checks.

Other details may be collected directly from staff/volunteers in the form of official documentation such as passport, driving licence, or proof of address.

Processing information

We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:

  • Consent: consent for us to process personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with staff/volunteers, or because we have asked you to take specific steps before entering into a contract.
  • Legal obligation: The processing is necessary for us to comply with the law
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

Data Collection and Storage

All data is stored securely by Wild and Free Therapy CIC. Your data will be stored for seven years from your last session. (in line with our Insurance policy) .

Any paper documents are locked in a robust cabinet to which only directors and staff have access.
Notes are anonymous, free of identifying information, and are kept for up to 7 years (or 7 years after a young person turns 18) as per insurance guidelines and then securely destroyed by shredding.
Referral forms and other contracts and other documentation that includes personal data are kept secure and in a separate location from notes.

Sharing Data

Your data will be shared with staff/volunteers within the organisation only where it is necessary for them to undertake their duties.

It may be necessary for us to share your personal data with a third party or outside agencies in the event of a medical emergency, a safeguarding concern or other professional requirement. (e.g. immediate risk of substantial harm to self or others; or under a legal requirement, e.g. terrorism, drug money laundering; or via court order for disclosure) Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest.


We send messages by telephone, email or other digital methods. These messages may be:
• to communicate information about our services
• to keep you informed about news, update and services available to you
• to meet our obligations, for example visits by our own regulators


Pursuant to that legislation, when processing data we will;

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that we find proper
  • in ways that have been explained to you
  • only use it in the way that we have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as we need it in compliance with our insurance policy and legal obligations
  • process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate)

Your Rights in Relation to Your Data

We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

In some situations, you may have the;

  • Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
  • Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
  • Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
  • Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
  • Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
  • Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
  • Right to portability. You may transfer the data that we hold on you for your own purposes.
  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact

Training requirements

Wild and Free Therapy CIC is registered with the Information Commissioner’s Office and any information that is kept is subject to the Data Protection Act 2018 (DPA 18) and United Kingdom General Data Protection Regulation UK-GDPR see Information Commissioner’s Office: and BACP’s Privacy notice.

Monitoring Compliance

The Directors to review the effective implementation of this procedure and the organisations compliance with this procedure and report internally.


This policy will be reviewed every two years and passed to the Board of Directors for approval. It will be reviewed and passed for approval in the instance of any material amendment to legislation, changes to guidance, or any amendment to best practice.

Website Data and Cookies

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

– “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit

– “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
– “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your website data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.


For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at