Protecting Your Privacy

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how Re…root uses your information about you.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

In specific situations, we can collect and process your data with your consent.

For example, when you opt in to receive helpful updates on our website or on our feedback form.

In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, we collect your personal information from your first enquiry to us, whether you contact us by webform, email or telephone, so that we can provide you with our therapy services.

If required by law, we may need to share your data.

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our therapy service and which does not materially impact your rights, freedom or interests.

For example, we may undertake anonymised statistical analysis to improve our services (we won’t be able to identify individuals from this data)

• When you contact us to enquire about therapy, we collect personal details, for example your name, date of birth, the issue(s) troubling you, your address, email and telephone number and availability to attend therapy
• Details of your interactions with us. For example, we keep changes in availability for therapy.
• Personal details which help us match you with a Re…root Associate Therapist.
• Anonymised therapy session summaries which for example help your therapist provide effective therapy for you and record date and payment for each session.
• Your comments and reviews on our services where you have opted not to anonymise this information.
• To deliver the best possible web experience, we collect anonymised information including internet connections and browsers as well as countries and areas that web visitors are using , the web pages viewed during visits, the advertisements clicked on, and any search terms entered. Learn more about this go to our cookie policy.
• Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

• We secure access to all transactional areas of our website and apps using HTTPS and SSL/TSL technology.
• Access to your personal data is password-protected, and sensitive data is secured. Data stored in Google Cloud Platform is encrypted at the storage level using either AES256 or AES128.
• We regularly monitor our system for possible vulnerabilities and attacks.

We sometimes share your personal data with third parties as part of delivering our service to you, under circumstances specified in the therapy agreement to help us maintain your wellbeing and safety, when required by law and to handle complaints.

For example, health insurance providers, other health professionals, your therapist and payment service providers.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

• We provide only the information they need to perform their specific services.
• They may only use your data for the exact purposes we specify in our contract with them.
• For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
• We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
• We may, expand, reduce or sell Re…root Ltd. and this may involve the transfer of the business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
• For further information please contact our Data Protection Officer.

To help improve our website we currently use data aggregation services such as Google to collect information on clicks and page views. See our cookie policy for more information.

An overview of your different rights

You have the right to request:

• Access to the personal data we hold about you, free of charge in most cases.
• The correction of your personal data when incorrect, out of date or incomplete.
• That we stop any consent-based processing of your personal data after you withdraw that consent.
• Review by a Director of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).

To ask for your information, please contact the Data Protection Officer, Re...root, 8 King Street, Richmond-upon-Thames, TW9 1ND, or email officeadmin@re-root.com. If we choose not to action your request we will explain to you the reasons for our refusal.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.