Last updated: April 2026

Previous updates: March 2025, July 2025

This Privacy Policy applies between you, the user of this website, and Connections Training & Therapy, owned and operated by Verity Green. We take the privacy of your information very seriously. This notice tells you what to expect us to do with your personal information. Please read it carefully.

1. Our Core Beliefs About Privacy and Data Protection

•  User privacy and data protection are human rights

•  We have a duty of care to every person whose data we hold

•  Data is a liability — we only collect and process it when genuinely necessary

•  We will never sell, rent, or otherwise distribute your personal information

•  We loathe spam as much as you do

Please do not submit personal information to us if you do not wish us to collect it.

2. Relevant Legislation

When collecting and processing your personal data, we comply with the following:

•  UK General Data Protection Regulation (UK GDPR)

•  Data Protection Act 2018

•  Privacy and Electronic Communications Regulations 2003 (PECR)

•  Data (Use and Access) Act 2025

•  Relevant professional body guidance (BACP, HCPC)

3. Personal Information We Collect and Why

3.1 To provide services

•  Names and contact details

•  Addresses

•  Date of birth

•  Photographs or video recordings (where relevant to your work with us)

•  Booking and appointment information

3.2 For service updates or marketing

•  Names and contact details

•  Marketing preferences

You will only receive marketing communications from us where you have actively opted in. You can unsubscribe at any time using the link in any email we send, or by contacting us directly.

3.3 Special category data — therapeutic and health records

Because we provide therapy and physiotherapy services, we may process special category data as defined under Article 9 of the UK GDPR. This includes:

•  Health and physical wellbeing information

•  Mental health and therapeutic history

•  Disability-related information

•  Any other sensitive personal data you share in the course of therapy or assessment

Our lawful basis for processing special category data is Article 9(2)(h) UK GDPR — processing necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems. All therapeutic records are handled with the highest level of confidentiality, in line with our professional obligations.

3.4 To comply with legal requirements

•  Name and contact information

•  Therapeutic records and brief therapeutic history (where applicable)

•  Records required by our insurers or professional registration bodies

4. Lawful Bases for Processing

We rely on the following lawful bases under Article 6 UK GDPR:

•  Consent — for example, newsletter sign-up and marketing communications

•  Contract — for example, processing your details to deliver a booked service

•  Legal obligation — for example, maintaining records required by professional bodies or insurers

•  Legitimate interests — for example, responding to general enquiries

For special category data, we additionally rely on Article 9(2)(h) — health and social care provision — as set out in section 3.3 above.

Where we rely on consent as our lawful basis, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing that took place before withdrawal.

5. Where We Get Personal Information From

•  Directly from you, via enquiry forms, email, telephone, or in session

•  From referrers, with your knowledge, where relevant to your care

6. How Long We Keep Information

General contact and enquiry data

Retained only for as long as necessary to respond to your enquiry, unless you go on to arrange services with us.

Client and therapeutic records

In line with guidance from our professional bodies (BACP and HCPC), we retain adult client records for a minimum of 7 years following the end of treatment. Records relating to work with children or young people are retained until the young person’s 25th birthday, or for 7 years from the end of treatment, whichever is later.

Marketing data

Retained for as long as you remain subscribed. You may unsubscribe at any time.

Financial records

Retained for 6 years in line with HMRC requirements.

7. Contact Forms and Email

If you contact us via the contact form on our website or by email, the data you provide will be used solely to respond to your enquiry. It will not be used for marketing purposes and will not be stored beyond what is necessary unless you go on to arrange services with us. You do not sign up to a newsletter by contacting us.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights:

•  Right of access — you can ask us for copies of your personal data

•  Right to rectification — you can ask us to correct inaccurate or incomplete data

•  Right to erasure — you can ask us to delete your personal data in certain circumstances

•  Right to restriction — you can ask us to restrict how we process your data

•  Right to object — you can object to processing based on legitimate interests

•  Right to data portability — you can ask us to transfer your data to another organisation

•  Right to withdraw consent — where consent is our lawful basis, you can withdraw it at any time

You do not usually need to pay a fee to exercise these rights. We have one calendar month to respond to your request. To make a request, please contact us using the details in section 12.

9. Complaints

If you have any concern about how we handle your personal data, we ask that you raise it with us directly in the first instance. We take all data protection complaints seriously and will respond without undue delay.

To raise a concern, please contact us at hello@connectionstrainingtherapy.co.uk or using the contact details in section 12.

If you remain unhappy after raising a concern with us, you have the right to complain to the Information Commissioner’s Office (ICO):

•  Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

•  Helpline: 0303 123 1113

•  Website: ico.org.uk/make-a-complaint

10. Website Hosting and Security

This website is hosted by Systeme.io, with servers located in Dublin, Ireland. All traffic between this website and your browser is encrypted and delivered over HTTPS. We use industry-standard SSL encryption and appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure.

11. Third Party Processors

We use the following third-party services to support our work. Each has been chosen carefully and processes data in accordance with UK GDPR. We have data processing arrangements in place where required:

•  CarePatron — clinical records and practice management

•  Systeme.io — website, booking, and email marketing platform

•  Ticket Tailor — event and course ticketing

•  Zoom — video consultations and discovery calls

•  Microsoft Teams — video consultations and professional communications

•  WhatsApp — client communication (optional, see note below)

Note on WhatsApp: WhatsApp is operated by Meta and involves the transfer of data to Meta’s servers. We recognise that some clients may prefer not to communicate via WhatsApp, particularly given the sensitive nature of therapeutic work. If you would prefer to communicate by email, telephone, or Microsoft Teams instead, please let us know and we will always accommodate your preference. You are never required to use WhatsApp to access our services.

12. Data Breaches

We will report any unlawful data breach involving personal data stored in an identifiable manner to all relevant persons and authorities within 72 hours of becoming aware of it, in line with our obligations under UK GDPR.

13. Social Media and External Links

Our website includes links to our social media profiles (Facebook, Instagram, LinkedIn). These are links only — we do not embed social media feeds or tracking scripts on this website. Once you leave our website via these links, you are subject to the privacy policies of those platforms, over which we have no control.

Our website may also contain links to other third-party websites. We are not responsible for the privacy practices of those sites and recommend you review their policies independently.

14. Data Controller

The data controller for this website is:

Verity Green — Connections Training & Therapy

Unit 9, Hunters Hill Farm, Crakehall, Bedale, DL8 1LA

Email: hello@connectionstrainingtherapy.co.uk

Website: www.connectionstrainingtherapy.co.uk

15. Changes to This Privacy Policy

This privacy policy is reviewed at least annually and following any significant change to our services or the law. When we make changes, we will update the date at the top of this page. We recommend checking this page periodically. We will notify existing clients of any material changes that affect how their data is processed.

This policy was prepared in accordance with the UK GDPR, the Data Protection Act 2018, PECR 2003, and the Data (Use and Access) Act 2025. Professional record retention periods are in line with BACP and HCPC guidance.