Privacy Policy 

We want everyone who supports us, or who comes to us for support, to feel confident and comfortable with how any personal information you share with us will be looked after or used. This Privacy Policy sets out how we collect, use and store your personal information (this means any information that identifies or could identify you).

The D R DOWNES & ASSOCIATES Privacy Policy may change, so please remember to check back from time to time, this is version 2.1 was last updated on the 30th January, 2019. Where we have made any changes to this Privacy Policy, we will make this clear on our website or contact you about any changes.

We are committed to treating you with respect and openness.

  1. Definitions
  2. Who we are
  3. How we collect information about you
  4. Information we collect and why we use it
  5. Legal basis for using your information
  6. Marketing
  7. Sharing your Information
  8. Keeping your information safe
  9. How long we hold your information for
  10. Your rights
  11. Cookies
  12. Changes to our Privacy Policy
  13. Contact
  14. Questions & Complaints

1.    Definitions

In this policy the following words have the following meanings:

Act means the Data Protection Act 1988.

Customer includes the following: customers who have entered into a contract with us for the supply of the Services at D R DOWNES & ASSOCIATES in accordance with our Terms of Service.

Data Protection Laws means the Act, GDPR, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and all applicable laws and regulations relating to the processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the ICO or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction.

Data Controller, Data Processor, Data Subject and Personal Data all have the meaning given to them in the Act and GDPR.

Client’s means the individual client.

Client’s Data means Personal Data of client’s, including clinical notes and assessments.

GDPR means EU General Data Protection Regulations.

ICO means the Information Commissioner’s Office and any successor to it as data protection authority.

UsOurWe or Company means D R DOWNES & ASSOCIATES and our Staff.

YouYour, or Customer means you the customer

Staff means our employees, workers, agents and sub-contractors of the Company

Consulting Rooms means:

  • Suite 256, Fifth Floor, temple Chambers, 3-7 Temple Avenue, City of London, EC4Y 0DA
  • Suite 11, The Villiers, Gower Road, Weybridge, Surrey, KT13 0EA

Site means the Company’s website at

2.    Who we are

Here at D R DOWNES & ASSOCIATES, we are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.

We are a “data controller” for the purposes of the Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”).  This means that we are responsible for, and control the processing of, your personal information.

For further information about our privacy practices, please contact our Data Protection Officer by:

  • Writing to D R DOWNES & ASSOCIATES, Suite 14, Station House, Central Way, Warrington, WA2 7TT
  • Calling us on 0330 001 1037
  • Emailing

3.    How we collect information about you

Everything we do, we do to ensure, we can help people experiencing a mental health problem get both support and respect. We want to make sure you receive the communications that is most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We want to make sure you receive the best attention when commissioning our services.

We collect information from you in the following ways:

When you interact with us directly: This could be if you ask us about our activities, register with us as a customer or ask a question about mental health, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, or get in touch through the post, or in person.

When you interact with us through third parties: This could be if you are referred to us by either your private healthcare insurance provider or medical legal insurer’s or solicitor’s or your employer or one of the other third parties we work with, where you have provided them with your consent for your personal information to be shared with us.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use “cookies” to help our site run effectively. There are more details below – see ‘Cookies’.

We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.

4.    Information we collect and why we use it

The kind of information we hold

We will collect and process the following personal information:

  • Information you provide to us;
  • Information we collect about you; and
  • Information supplied to us by third parties.

We may process the following types of Personal Data:

Client’s Data:

This information is entered into our database when you are using our Services which may include, but is not limited to:

  • Name;
  • Address;
  • Email address;
  • Contact number
  • Insurer details
  • Billing instructions
  • Date of Birth
  • GP details
  • Medical records
  • Treatment plans
  • Assessments
  • Letters & documentation
  • Communications with other healthcare professionals: and
  • Other information necessary for the operation of our Services.

This Client Data may be supplied by you when you:

  • use our Services;
  • when you report a problem with our Service.

This Client Data may be processed by us for the purposes of:

  • storing Client Data on WriteUpp;
  • supplying you with our Services;
  • enabling and assisting us to comply with all legal, regulatory and compliance obligations to which we are subject

Enquiry Data:

This is information you give to us and may include:

  • your name;
  • address;
  • email address; and
  • any other information you may supply or volunteer.

This data may be supplied by you when you:

  • submit an enquiry to us regarding our Services whether by telephone, email, via our website or other channel;
  • tell us about any problems with our Site;
  • submit material for publication on our website (whether in discussion boards, chat rooms or other social media platforms our website; or
  • subscribe (optional) for any newsletter or publication we may supply.

This data may be processed by us for the purposes of:

  • responding to your enquiry;
  • marketing, offering and selling our Services to you; or
  • sending you publications you have requested;
  • enabling and monitoring your use of our Site, products and Services.

Information we collect

Whenever you access the Site we will automatically collect the following information:

Usage Data:

This may include

  • information about your visit, via our cookie policy

Sensitive Personal Information

If you share your personal experience or the experiences of a friend or relative with us.  We may also collect this as health information. If you provide us with any Sensitive Personal Information by telephone, email or by other means.  We will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy.

You can of course decide if you want to remain anonymous, if you are happy to share your personal details with staff members or if you would like us to share your story with the media or other parties as part of our work telling people’s personal stories about mental health (for example, on our website).

A special note about the Sensitive Personal Information we hold   

Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.

If you contact us and communication through blogs or emails, you may choose to provide details of a sensitive nature.

We will only use this information:

  • For the purposes of dealing with your enquiry or evaluating the services we provide.
  • We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
  • Where you have given us your express consent or otherwise clearly indicated to us (for example, by submitting your story to us by email) that you are happy for us to share your story, then we may publish it on our site or blog or in other media.

5.    Legal basis for using your information 

Lawful Grounds for the Company’s processing activities

When we process Personal Data, whether as Data Controller or as Data Processor.  We rely on the following lawful grounds for processing of each of the categories of data identified above.

Client’s Data – the legal basis for this processing is:

  • because this is necessary in order for us to supply the Services to you and perform our contract with you and/or taking steps at your request to enter such a contract;
  • because this is necessary for the purposes of our legitimate interests (or those of a third party).
  • consent from the data subject;
  • because this is necessary and in our legitimate interests, namely the supply of services to our Customer’s in accordance with our contract

The Company will use personal information in the following ways:

May be processed for the purposes of:

  • for internal record keeping
  • in the performance and administration of our Services
  • to provide you with letter or reports as requested
  • enabling and assisting us to comply with all legal, regulatory and compliance obligations to which we are subject
  • to operate our business efficiently
  • to provide you with information to improve our Services
  • to notify you about new features, special offers or other information which we think you may find interesting
  • to notify you about changes to the Company’s service, this privacy policy, and Terms of Service

If you fail to provide personal information

If you, the Customer, fail to provide certain information when requested, the Company may not be able to perform the Services and any contract we have entered into with you or we may be prevented from complying with our legal obligations.

6.    Marketing (optional)

We will only contact you about promoting awareness or workshop events by phone, email or text message, if you have agreed for us to contact you in this manner.

However, if you have provided us with your postal address, we may send you information about our work and how you can support us by mail unless you have told us you would prefer not to hear from us in that way.

You can update your choices or stop us sending you these communications at any time by contacting ‘’ and writing ‘STOP’ in the subject line.

7.    Sharing your information 

The personal information we collect about you will mainly be used by our staff (and volunteers) at D R DOWNES & ASSOCIATES, so they can support you.  As we run an appointment only system in our consulting rooms, we may also need to share your information with our landlords (Sterling Properties, Brmyau Estates and Adam Geoffrey Management Ltd) reception staff to confirm you have a booked appointment.

We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.

The Company may however share your information with our suppliers who work with us on or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes.

We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.

Legal disclosure

We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.

8.    Keeping your information safe

 We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.

Where the Company will store personal data

We may hold personal information in our electronic database a product called ‘WriteUpp’. We take all reasonable steps to keep any personal information we hold about you secure.

We restrict access to personal information to our Staff who require such information in order to operate and develop our Services.

All information which is provided to, or collected by, the Company is:

  • stored on the Pathway Software (UK) Limited secure servers within the European Union (EU).
  • Hosted on secure data centre managed by their hosting partner with 24/7 manned security, CCTV, biometric access to the facility and restrictive access to the internals of the building based on authorisation levels.

9.    How long we hold your information for

The Company will retain Client’s Data for:

  • such time as this is required in connection with the Services we are supplying to you;
  • following completion of the Services for a period of not less than 7 years from the date the Services end.
  • if a child is the main focus for seeking therapy, the statute of liability is 6 years after the child reaches the age of 18.

We may retain Customer Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

10.    Your Rights

Your rights as a data subject (where the Company is the Data Controller)

If you are an individual in respect of whom the Company processes Personal Data, you have the following rights. Please note that this is a summary of your rights. (If you wish to understand your rights in detail you should read the relevant laws, guidance and regulations for a fuller explanation).

Right of access to your Personal Data 

You can ask us to confirm whether or not we process your Personal Data, and where we it is held and/or request a copy from us. If your request is sent to the Company electronically the Company will supply this in a commonly used electronic form, unless you specifically request this in a different format.

We will supply the data free of charge but we reserve the right to charge a reasonable fee (or refuse to act on the request), if you request additional copies of the information, or if access requests are unfounded or excessive.

There are circumstances where we may withhold the supply of your Personal Data – for instance where the rights and freedoms of others may be affected or where we are permitted by law.

Right to request the rectification of your Personal Data

In the event you think we hold any inaccurate or incomplete Personal Data, you can ask us to correct any inaccurate data or to complete any incomplete data we hold.

Right to request the erasure of your Personal Data (the “right to be forgotten”)

The Company will not hold any Personal Data for longer than is necessary for the purposes for which it was collected. However, in some circumstances, you may request the erasure of any Personal Data held by the Company.

Right to request the restriction on processing of your Personal Data

In some circumstances, you may request the Company to restrict processing of your Personal Data.

Right to object to the Company’s processing of your Personal Data

You may object to the Company’s processing of your Personal Data where:

  • processing is based on public interests or legitimate interests pursued by is or by a third party; or
  • processing is for direct marketing.

If you object the Company will stop processing the Personal Data unless the Company:

  • has a compelling legitimate ground for processing the Personal Data; or
  • needs to process the Personal Data to establish, exercise, or defend legal claims.

Processing for direct marketing will cease immediately.

Right to data portability in respect of your Personal Data

In limited circumstances, you may have the right to request the Company to:

  • supply your Personal Data in a format so that you may store it for further personal use on a private device;
  • transmit the Personal Data to another data controller;
  • transmit your Personal Data directly to another data controller to another where technically possible.

Right to complain to ICO/supervisory authority

If you believe our processing infringes Data Protection Laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection.

You may complain in the EU member state of your residence, place of work or the place of the alleged infringement.

Right to notification of any breach

In the unlikely event of a Personal Data breach which is likely to result in a high risk to your rights, the Company will notify you of the breach without undue delay.

However, if your Personal Data is encrypted or otherwise unintelligible the Company will not be required to notify you of a breach.

Withdrawal of consent

In all cases where the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Such withdrawal will not affect the lawfulness of any processing before you withdraw consent.

11.    Cookies

Cookie is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website.

They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you.

How do we use cookies?

We use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you come to our website and also allows us to improve the user experience.

The cookies we use

We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.

We use all four categories of cookies:

  • Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket and your account.
  • Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
  • Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
  • Targeting or advertising cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. As such if you visit the Company’s website you may then be more likely to see adverts about our work on other websites as your browsing suggests that this is an area of interest.

No cookies, please

You can opt out of all our cookies (except the strictly necessary ones). Find out how to control and delete cookies in your browser.

But, if you choose to refuse all cookies, our website may not function for you as we would like it to.

If you have any questions about how we use cookies, please contact us.

12. Changes to our privacy policy

Any changes the Company makes to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

13. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to

14. Questions or complaints

You can contact us at

If you have any questions or have a complaint about this Privacy Policy, please let us know us immediately.