Hello Change Privacy Policy

Hello Change is a psychology and behaviour change consultancy founded by Liz Gilbert, HCPC-registered and Chartered Health Psychologist. Services include consultancy, training, psychological therapy, research, and digital interventions.

This privacy notice explains how personal data is collected, stored, and used in line with the UK General Data Protection Regulation (UK GDPR).

Liz Gilbert is the Data Controller for Hello Change.

1. Your rights

You have the right to:

  • Be informed about how your data is used

  • Access the personal data held about you

  • Request correction of inaccurate or incomplete data

  • Request deletion of your data (where appropriate)

  • Restrict or object to processing

  • Withdraw consent where applicable

2. Why information is collected

Information is collected to:

  • Provide psychological therapy, assessment, and support

  • Deliver consultancy, training, and professional services

  • Deliver and evaluate research studies and digital interventions

  • Communicate with you about services

  • Maintain safe, ethical, and professional practice

  • Meet legal, regulatory, and professional obligations

Lawful bases for processing

Depending on the service, data is processed under:

  • Legitimate interests - to deliver safe and effective services

  • Provision of health care - for psychological therapy and assessment

  • Contractual necessity - for consultancy, supervision, and training

  • Consent - particularly for research participation and digital interventions

  • Legal obligation - where required (e.g. safeguarding, legal claims)

You are not required to provide personal data, but this may limit the ability to provide services.

3. What information is collected

Personal data may include:

  • Name

  • Address

  • Email address

  • Telephone number

  • Date of birth

  • Gender (or preferred identity)

  • Occupation

  • Family or relationship information (where relevant)

Sensitive (special category) data may include:

  • Physical and mental health information

  • Psychological history and current difficulties

  • Medication

  • Therapy history

  • Relevant personal history

  • Risk-related information

  • Completed questionnaires or outcome measures

  • Session notes and records

Additional data depending on service:

Consultancy / training clients:

  • Professional role and organisation

  • Contact and billing details

Research participants:

  • Data provided as part of study participation

  • Responses to intervention materials or feedback

  • Outcome measures and evaluation data

Digital interventions (e.g. online programmes):

  • Login details and engagement data (e.g. module completion)

  • Responses to exercises or reflective tasks

Some information may be collected directly from you or via referral sources (e.g. GP, healthcare provider, organisation).

4. Website and online data

Information may be collected when you:

  • Complete a contact form

  • Email or contact Hello Change

  • Visit the website (via cookies)

Cookies are used to understand general website traffic. Individuals are not identified through this data.

5. How your information is used

Information is used to:

  • Respond to enquiries

  • Arrange and manage appointments or services

  • Deliver therapy, consultancy, training, or research

  • Support safe and ethical practice

  • Create invoices and manage accounts

  • Evaluate and improve services

Information is never sold or shared for marketing purposes.

6. How information is stored

Reasonable steps are taken to protect your data.

Data may be stored in:

  • Secure email systems

  • Password-protected devices

  • Encrypted cloud storage

  • Secure digital platforms (e.g. course or intervention platforms)

  • Paper records stored in locked cabinets

Clinical records are securely stored using a professional practice management system (WriteUpp), which is GDPR-compliant and designed for healthcare professionals. Access to this system is password-protected and restricted.

Where third-party systems are used, these are selected to ensure appropriate data protection and GDPR compliance.

7. How long information is kept

  • Clinical / therapy records: up to 7 years in line with professional guidance

  • Research data: retained in line with ethical approval and study requirements

  • Financial records: up to 7 years (HMRC requirements)

  • Basic contact details: deleted within 6 months of service ending where appropriate

Data is not kept longer than necessary.

8. Who information may be shared with

Information is kept confidential and only shared when necessary.

This may include:

  • Referrers (with your consent)

  • Supervisors (anonymised)

  • Organisations funding or commissioning work (limited to necessary information)

  • Secure digital platforms used for intervention delivery

  • Legal or safeguarding authorities where required

Information is never shared for marketing.

9. Accessing your information

You can request access to your data (Subject Access Request).

You may also request correction or deletion where appropriate.

Requests should be made in writing.

Some records (e.g. therapy notes) may need to be retained in line with professional and legal obligations.

10. Complaints

If you have concerns about how your data is handled, please contact:

hellochange.psychology@protonmail.com

If unresolved, you can contact the Information Commissioner’s Office (ICO):
https://ico.org.uk/concerns/
Telephone: 0303 123 1113

ICO Registration Number: ZC001151
Data Controller: Liz Gilbert