Privacy Notice

Policy Title: Privacy Notice Policy Owner: Say More Ltd  Data Protection Lead: Lee Moggridge Effective Date: 13/06/2025 Review Date: 13/06/2026

1. Your Privacy Matters to Us

At Say More, we are committed to protecting your privacy and personal data. This Privacy Notice explains how we collect, use, store, and share your personal information when you engage with our therapeutic services. It’s designed to be easy to understand and tells you about your rights under the UK General Data Protection Regulation (UK GDPR).

2. Who We Are

Say More is the data controller responsible for your personal data. We are registered with the Information Commissioner’s Office (ICO). Our ICO registration number is 00010548993.

3. What Information We Collect About You

We collect various types of personal data to provide our services, including:

  • Identity & Contact Data: Your name, address, gender, email, phone number, and emergency contact details.
  • Sensitive Health Data (Special Category Data): Information about your mental health, presenting issues, therapy notes, and any other health-related information you share.
  • Professional Data: Your GP’s name and contact details.
  • Financial Data: Records of payments for services (but not your full payment card details, which are handled by secure payment processors).
  • Communication Data: Records of emails, texts, and other communications between us.

4. How We Collect Your Information

We collect information directly from you when you:

  • Make an inquiry via our website (say-more.org) or email.
  • Complete intake forms or during assessment sessions.
  • Engage in therapeutic sessions (verbal information, and notes taken by the therapist).
  • Communicate with us between sessions. We may also collect information from third parties (e.g., your GP or other healthcare professionals), but only with your explicit consent.

5. How and Why We Use Your Information (Lawful Basis)

We only use your personal data where we have a lawful basis to do so under UK GDPR.

  • To provide therapeutic services (Contractual Necessity & Health Care Provision): We use your information to deliver our counselling services, manage your appointments, and provide ongoing therapeutic support. This is necessary for our contract with you and for the provision of health care.
  • For legitimate business interests: We may use your data for our legitimate interests (e.g., for professional accountability, managing our business, or for legal defence in case of a complaint or claim).
  • To meet legal obligations: We may process your data to comply with legal requirements (e.g., safeguarding duties, court orders).
  • To protect vital interests: In very rare, life-threatening emergencies, we may share information to protect your life or the life of another person.
  • With your explicit consent: For certain specific purposes not covered above (e.g., if we ask to use anonymised quotes in a case study for awareness, or to contact another professional not directly involved in your care), we will ask for your explicit consent. You can withdraw this consent at any time.

6. How We Store and Protect Your Information

We take the security of your data very seriously. We use robust technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure, including:

  • Password protection for electronic records and devices.
  • Use of secure, GDPR-compliant online practice management systems.
  • Physical security (locked filing cabinets) for any paper records.
  • Strict access controls to your data, limited to authorised Say More personnel on a “need-to-know” basis.

7. How Long We Keep Your Information (Data Retention)

We retain your personal data for no longer than is necessary.

  • Generally, we keep client records for 7 years after your last session.

8. Sharing Your Information

We will only share your personal data in limited circumstances:

  • With your explicit consent: For example, with your GP or another professional you wish us to liaise with.
  • Clinical Supervision: Your counsellor discusses client work in anonymised form with their qualified clinical supervisor.
  • Legal/Ethical Duty: If there is a legal requirement (e.g., court order) or a serious ethical duty to act (e.g., significant risk of serious harm to yourself or others, safeguarding concerns). Wherever possible, we will aim to discuss this with you first.
  • Emergency Contact: If you have provided an emergency contact and there is an immediate and serious risk to your safety.
  • Third-Party Service Providers: With trusted service providers (e.g., online booking system, video platform) who are themselves GDPR compliant and have contracts with us.

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Be informed: About how your data is used (this Privacy Notice helps with that!).
  • Access: Request a copy of the data we hold about you (Subject Access Request).
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): Request deletion of your data (this right is not absolute and may not apply if we have a legal or legitimate reason to keep it).
  • Restrict processing: Ask us to limit how we use your data in certain circumstances.
  • Data portability: Request that your data be transferred to another organisation.
  • Object to processing: Object to certain types of data processing.

10. How to Contact Us

If you have any questions about this Privacy Notice, your personal data, or wish to exercise your rights, please contact our Data Protection Lead:

Data Protection Lead: [Lee Moggridge – Director] Email: [email protected] 

Complaints: If you are not satisfied with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

11. Changes to This Privacy Notice

This Privacy Notice may be updated periodically. The latest version will always be available on our website at say-more.org.

© 2025 Say More. All rights reserved.