The Ellesmere Centre for Psychotherapy Training is committed to complying with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.  Looking after personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it. We have produced this policy to help you understand

  • how and why ECPT collect information from you
  • how ECPT store and dispose of information from you
  • what your rights are

If we make changes to this policy we will notify you by updating our privacy statement on our website.  ECPT will be what is known as the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as ‘we’ or ‘us’.  By Data Controller, this means that ECPT determines the purposes and way in which any personal data are, or will be, processed.

This privacy policy was last updated on 25th May 2018.

If you have any questions regarding this policy, please contact our Data Protection Lead, using the following details:

Data Protection Lead, The Ellesmere Centre for Psychotherapy Training, 861 Holderness Road, Hull HU8 9BA  


This policy applies to information we collect about:

  • Visitors to our website
  • People who use our services, for example workshop attendees
  • Our trainees and members
  • Job applicants and our current and at times former employees
  • Self employed therapists who rent rooms
  • Clients referred in from external services eg Let’s Talk, Perinatal
  • Any other information that you may choose to send to us
  • Third party suppliers

Information we collect and what we use it for

Visitors to our websites

When someone visits our Site, we collect standard internet log information and details of

isitor behaviour patterns, we do this to find out things such as the number of visitors to the various parts of our site. We collect this information in a way that does not identify anyone. The exception to this is logging into the member’s area, where there is a need to identify our members.

We may use your personal information to monitor and improve our website. By using our website, you agree to the collection and use of information in accordance with this policy. You may request that ECPT remove your identifiable information from our records at any time. In these instances, we will endeavour to consider each request on a case by case basis and try to remove your data.

The ECPT website comprises  

While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name, email address and contact phone number. This can be when you are booking something or submitting an enquiry through our website for example.

Use of cookies by ECPT

Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

Search engine

Search queries and results are logged anonymously to help us improve our website and search functionality, no user-specific data is collected by either ECPT or any other third party.

People who use ECPT online services

ECPT offer various services to its trainees, members, users and the public, including:


  • Event booking
  • ECPT presence on social media platforms such as Facebook, Twitter, LinkedIn and Googleplus


  • Members area of the website
  • Event booking

All of the services we provide are run in their entirety by ECPT.

Where possible, we do not request personal identifiable information unless it is necessary for the functionality of the service being provided. We will not request more information than necessary to supply the service.  We will only use details to provide the service the person has requested and for other closely related purposes. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.

When financial transactions take place online, personal details such as name and address are stored on the ECPT server.

Online Promotions

For events we sometimes use speakers names and photos to promote events – this is usually done with their approval but on occasions we take information from their website and use that. If this happens then we contact the speakers prior to using the information and inform them of this.  This information is kept afterwards for reference only to evaluate the effectiveness of different promotional tools. 

People who telephone us

When we receive a call from or about an ECPT trainee or member, we may record the details of the call in the ‘messages’ section of the member’s database record, to allow us to administer your membership.  

People who email us


We may use your personal information to contact you with newsletters, marketing or promotional material.

Complaints about ECPT

All complaints about ECPT are treated seriously and we will only use the personal information we collect to process the complaint and to check on the level of service we provide.

Complaints about our members

ECPT has a strict complaints and conduct process. In order to process a complaint it is necessary to obtain certain details, which will usually include some personal information.  We need to process this information as part of our regulatory role, and may need to keep the information even if the complaint is subsequently withdrawn.  We usually have to disclose the complainant’s identity to the members concerned. However there are occasions when we can take anonymous complaints. Usually, if we find that we can independently verify the allegations. We always ask for consent from the complainant from the outset to disclose their identity to the member. Without consent, the complaint would be considered as a third party complaint and processed in this way. We will keep personal information in on a secure, cloud based system and access is restricted according to the ‘need to know principle’.

Occasionally, requests may be made for further information about complaints, for example from organisational members or employers. The requests will be considered on their individual merit, proportionately and whether it is in the legitimate interest of public protection.   Any disclosure will be communicated to the parties in advance, except where prohibited by law.

Trainee information

As part of the training enrolment process we ask all of our trainees to provide certain types of information so that we are able to process their application and create a record on our secure, cloud based database. This includes:

  • Name
  • Home address (this is kept confidential and is for internal use only)
  • Telephone number
  • Personal email address
  • Date of birth
  • Gender (please see section on special category data below)

Member information

As part of the membership process we send out annual membership renewal notices. This is via email. We will ask members to review the information we already hold about them to inform us of any changes.  This includes:

  • Name
  • Home address
  • Telephone number
  • Personal email address

Job applicants, current / former employees, committee members and the Board of Trustees members

When individuals apply to work or take up a position at ECPT, we will only use the information they supply to us to process their application. 

Personal information about unsuccessful candidates will be held for 6-12 months after the recruitment exercise has been completed. It will then be destroyed or deleted. We share the bank details, pension information and HMRC information of all staff members with a third party who processes salary payments and expenses. We also hold the bank details of our employees to ensure salaries are paid promptly within our payroll services.

Special category data

Note that in some cases we may process “special categories” of personal data, and information about criminal convictions and offences.  For example:

  • Information in relation to our employees (such as health data), which is necessary for the performance of our contract with them or under employment law
  • Information in relation to our trainees and members (for example, whether they have criminal convictions) which is necessary to uphold high standards in the profession and to protect the public
  • Information provided by complainants (such as health data, sexuality), which is necessary in order to process complaints.

We take particular care of this information, using appropriate security measures, including limiting who has access to such information.

Lawful processing of personal data

ECPT will only process your personal data in accordance with one of the conditions for lawful processing set out in the GDPR.   The main ways in which we process data are as follows:

  • Processing on the basis of consent
  • Processing is necessary for the performance of a contract
  • Processing based on “legitimate interests”

Consent – When new members register with ECPT, they are asked if they would like to receive information about courses and training workshops.  You can withdraw your consent at any time by contacting ECPT at

Contract – In order to perform our obligations to our members, we need to process their personal data (for example, information about their qualifications to check they are eligible for training.  Similarly, where members of the public sign up to paid events, we need to process their personal details in order to administer the booking. 

Legitimate interests – Where it is necessary to process personal data for our purposes as an organisation (our “legitimate interests”), we may do so provided that this does not override the rights and freedoms of the person whose data we are processing.   ECPT exercises some functions where it is necessary to process personal data (including that of non-members) for the performance of its regulatory and public protection functions (such as the processing of complaints).  In these cases, ECPT may rely on its legitimate interests as a body set out to promote and maintain high standards in the profession.  In some cases, there will be some prejudice to the rights and freedoms of members who are subject to complaints, as they may be subject to an adverse decision.  However, any such prejudice will be outweighed by ECPT’s legitimate interests in maintaining high standards in the profession and protection of the public 

Where it is necessary to use personal data to provide services (see People who use ECPT online services) and explicit consent has not been provided, we will rely on our legitimate interests in providing the services to further our organisation’s aims, provided they are not outweighed by the rights and freedoms of those using the services. 

Retention of data

Information about how long we keep the personal data of members is set out in our Data Retention Policy, available on request by contacting us. 

For non-members, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Recipients of personal data

In addition to bodies mentioned in this policy, we may occasionally need to transfer personal data to other organisations, including:

  • Current, past or future employers [for example, in relation to a request for references]
  • Healthcare, social and welfare advisors or practitioners
  • Education, training and accrediting establishments and examining bodies
  • Employees and agents of the ECPT
  • Suppliers, providers of goods and services
  • Persons making an enquiry or complaint (For example with an organisational member or another regulatory body)
  • Police forces (For example if a criminal investigation is being carried out involving one of our registrants)
  • Central government
  • Voluntary and charitable organisations
  • Ombudsmen and regulatory authorities

We will ensure we have a legal basis for any such transfers before doing so. 


We will respect your confidentiality and will keep the information about you confidential. We store it securely and control who has access to it.

We will only share such information as necessary, and where we are satisfied that a third party is entitled to receive it and they will keep your information confidential and secure.

The security of your Personal Information is important to us, but remember that no method of transmission over the internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Other websites

If you transfer to another website from a link within the ECPT website, this privacy notice does not apply. We recommend you examine all privacy statements for all third party websites to understand their privacy procedures.

Your rights

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to this privacy notice

We aim to keep this notice under review to reflect changes to law or practice. 

Last updated: Mar 21.