Effective date: 6th April 2026
Last updated: 6th April 2026

Mycore Psychological Consulting Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, contact us, make an enquiry, or use our services.

We handle personal information lawfully, fairly, transparently, and securely, in accordance with applicable data protection law, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

This Privacy Policy may be updated from time to time. The latest version will always be available on our website.

Mycore Psychological Consulting Ltd is the data controller for the personal data covered by this Privacy Policy.

Mycore Psychological Consulting Ltd is registered in England and Wales with company number 16994380 and registered office at 128 City Road, London, EC1V 2NX.

Mycore Psychological Consulting Ltd was formed from the former sole trader business D R Downes & Associates. If you previously contacted or received services from D R Downes & Associates, your personal data may continue to be processed by Mycore Psychological Consulting Ltd for the purposes set out in this Privacy Policy.

Contact details:
Telephone: 0333 200 1815
Email: enquiry@mycoreconsulting.co.uk

If you have any questions about this Privacy Policy or how we use your personal data, please contact us using the details above.

This Privacy Policy applies to personal data collected through:

• our website; 
• email, telephone, text, and other communications with us; 
• contact forms and enquiry forms; 
• appointment booking and administration; 
• the provision of psychological therapy, psychotherapy, assessments, and related services. 

The personal data we collect depends on how you interact with us.

You may provide us with personal data when you:

• contact us by telephone, email, website form, text, or in person; 
• make an enquiry about our services; 
• book or attend an appointment; 
• complete forms, assessments, or intake documents; 
• correspond with us about therapy, reports, billing, or administration; 
• provide feedback or make a complaint. 

This may include:

• name; 
• postal address; 
• email address; 
• telephone number; 
• date of birth; 
• emergency contact details; 
• information you choose to share about your circumstances or health. 

Where appropriate and lawful, we may receive personal data about you from third parties, including:

• private medical insurers; 
• employers or occupational health providers; 
• solicitors or medico-legal referrers; 
• GPs or other healthcare professionals; 
• family members or emergency contacts; 
• other third parties where you have asked them to share information with us, or where another lawful basis applies. 

When you visit our website, we may automatically collect certain technical and usage information, such as:

• IP address; 
• browser type and version; 
• device type; 
• operating system; 
• pages viewed; 
• time spent on the website; 
• referring website addresses; 
• cookie and analytics data. 

Where possible, website usage data is aggregated or anonymised.

Because we provide psychological and therapeutic services, we may process special category data, including information relating to:

• physical health; 
• mental health; 
• racial or ethnic origin; 
• sexual orientation; 
• religious or philosophical beliefs; 
• relationships and family circumstances; 
• other sensitive personal matters relevant to the services we provide. 

We only process this information where there is a lawful basis to do so and where a valid additional condition under data protection law applies.

We may use your personal data to:

• respond to enquiries; 
• assess whether our services are appropriate for you; 
• provide counselling, psychotherapy, assessments, and related services; 
• maintain clinical records and notes; 
• communicate with you about appointments and administration; 
• issue invoices and manage payments; 
• liaise with insurers, referrers, GPs, or other professionals where appropriate and lawful; 
• manage complaints, incidents, and service issues; 
• comply with legal, regulatory, professional, safeguarding, and insurance obligations; 
• protect the rights, safety, and welfare of clients, staff, and others; 
• operate, monitor, improve, and secure our website and systems; 
• send service-related communications. 

We will not use your personal data for unrelated purposes without a lawful basis.

Under the UK GDPR, we rely on one or more of the following lawful bases for processing personal data:

Processing is necessary to take steps at your request before entering into a contract, or to perform a contract with you for the provision of services.

Processing is necessary for our legitimate interests in operating a safe, effective, and professionally compliant practice, provided those interests are not overridden by your rights and freedoms.

Processing is necessary for compliance with legal, regulatory, professional, taxation, insurance, safeguarding, or compliance obligations.

Processing is necessary to protect your vital interests or those of another person, for example where there is a serious risk of harm.

In some circumstances, we may rely on your consent, for example for certain optional communications or where explicit consent is required. Where we rely on consent, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

Where we process health-related or other special category data, we do so in reliance on the relevant conditions under Article 9 UK GDPR and Schedule 1 of the Data Protection Act 2018, including where processing is necessary for:

• the provision of health or social care or treatment; 
• safeguarding; 
• protecting vital interests; 
• the establishment, exercise, or defence of legal claims; 
• substantial public interest reasons; 
• explicit consent, where consent is the appropriate basis. 

We may contact you in relation to:

• your enquiry; 
• appointments; 
• administration; 
• invoices and payments; 
• important updates relating to your care or our services. 

These communications are not marketing.

Where we send marketing or promotional communications, we will only do so where we are lawfully permitted. You can opt out of non-essential marketing communications at any time by contacting us.

We do not sell your personal data.

We may share your personal data where necessary, lawful, and proportionate, including with:

• employees, associates, or contractors who need the information to provide or support our services; 
• secure practice management, booking, and clinical software providers; 
• accountants, payment providers, IT support providers, and professional advisers; 
• insurers or third-party funders involved in paying for or administering services; 
• GPs, psychiatrists, healthcare professionals, or emergency contacts where appropriate and lawful; 
• clinical supervisors, where discussion is required for safe and ethical practice and identifying details are minimised where possible; 
• regulators, courts, law enforcement agencies, safeguarding authorities, or other official bodies where disclosure is required or permitted by law. 

We may also share limited appointment-related information with reception staff or venue managers where necessary to facilitate attendance at consulting rooms.

Where third-party providers process data on our behalf, we require them to process it securely and in accordance with data protection law.

We may use secure digital systems, including practice management systems and, where appropriate, AI-assisted note-taking or transcription tools, to support accurate documentation and administration.

This may include systems such as WriteUpp and AI-supported documentation tools used for clinical note-taking.

Where such tools are used, we take reasonable steps to ensure that:

• appropriate confidentiality safeguards are in place; 
• only necessary information is processed; 
• providers are selected with regard to privacy and security; 
• processing is carried out in accordance with applicable data protection law. 

These tools are used to support clinical administration and record-keeping, not for unrelated commercial purposes.

We take the security of personal data seriously and use appropriate technical, organisational, and physical measures to protect it from unauthorised access, misuse, loss, destruction, or disclosure.

These measures may include:

• secure electronic record systems; 
• access controls and password protection; 
• encrypted devices and communications where appropriate; 
• secure storage of paper records where used; 
• confidentiality obligations; 
• restricted access on a need-to-know basis; 
• secure third-party hosting and software providers. 

Although we take reasonable precautions, no internet transmission or electronic storage system can be guaranteed to be completely secure.

Your personal data may be stored or processed using third-party systems and service providers.

Where personal data is transferred outside the UK, we will ensure that appropriate legal safeguards are in place, as required by data protection law.

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including for clinical, legal, regulatory, insurance, safeguarding, and tax purposes.

In general:

• adult client records are usually retained for at least 7 years after services end; 
• records relating to children and young people may be retained until the young person reaches age 25, or longer where clinically or legally appropriate; 
• financial and accounting records may be retained for the period required by law; 
• enquiry information that does not lead to ongoing services will usually be retained only for as long as necessary for administration and follow-up. 

We may retain data for longer where necessary for legal claims, safeguarding, insurance, or other lawful reasons.

When personal data is no longer required, it will be securely deleted or destroyed.

Under data protection law, you may have the following rights, subject to legal limitations and exemptions:

• Right of access – to request confirmation of whether we process your personal data and to obtain a copy of it. 
• Right to rectification – to ask us to correct inaccurate or incomplete personal data. 
• Right to erasure – to ask us to erase personal data in certain circumstances. 
• Right to restrict processing – to ask us to restrict processing in certain circumstances. 
• Right to object – to object to processing based on legitimate interests and to direct marketing. 
• Right to data portability – in limited circumstances, to request your data in a structured, commonly used, and machine-readable format, or to have it transferred to another controller where technically feasible. 
• Right to withdraw consent – where processing is based on consent, to withdraw that consent at any time. 
• Right to complain – to lodge a complaint with the Information Commissioner’s Office (“ICO”). 

We aim to respond to valid requests within one calendar month, although this may be extended where permitted by law.

We may ask for proof of identity before responding to certain requests.

If you have a concern about how your personal data is handled, please contact us first so that we can try to resolve it.

You also have the right to complain to the Information Commissioner’s Office (ICO).

Our website may use cookies and similar technologies to help it function properly, understand how visitors use it, and improve user experience.

These may include:

• strictly necessary cookies; 
• performance or analytics cookies; 
• functionality cookies; 
• advertising or targeting cookies, where used. 

You can control cookies through your browser settings. Disabling certain cookies may affect how the website functions.

A separate cookie notice or cookie banner may also be provided on the website.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those third-party websites. We encourage you to read their privacy policies before submitting personal data to them.

We may update this Privacy Policy from time to time to reflect changes in law, regulation, professional guidance, technology, or our business operations.

The latest version will always be available on our website.

If you have any questions, requests, or concerns about this Privacy Policy or the way we process personal data, please contact:

Mycore Psychological Consulting Ltd
128 City Road
London
EC1V 2NX

Telephone: 0333 200 1815
Email: enquiry@mycoreconsulting.co.uk Mycore Psychological Consulting Ltd (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information with care, integrity, and discretion.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you contact us, use our website, or engage with our services.

Data Controller: Mycore Psychological Consulting Ltd
Contact email: enquiry@mycoreconsulting.co.uk
Registered address:  128 City Road, London EC1V 2NX  

Website: www.mycoreconsulting.co.uk

If you have any questions about this policy or how your information is handled, you are welcome to contact us.

Depending on how you interact with us, we may collect:

• your name and contact details (e.g., email address, phone number)
   
• enquiry details you provide via the contact form or email
   
• appointment-related information
   
• basic administrative and billing information (where relevant)
   
• technical information such as IP address, browser type, and device data (through standard website analytics and cookies)
   

If you become a client, additional sensitive personal data may be processed as part of therapeutic or consulting work, in line with professional obligations.

We may collect personal data when you:

• submit an enquiry through our website
   
• email or call us directly
   
• engage in an initial consultation or ongoing sessions
   
• use our website (via cookies and analytics)
   

We collect and use your data for purposes including:

• responding to enquiries and arranging consultations
   
• providing services you request
   
• maintaining necessary administrative records
   
• managing payments and invoicing (where applicable)
   
• meeting legal, ethical, and professional obligations
   
• maintaining the security and performance of our website
   

Under UK GDPR, the lawful bases we rely on may include:

• Consent – when you contact us and provide information voluntarily
   
• Contract – where data is needed to provide agreed services
   
• Legal obligation – where record-keeping or reporting is required
   
• Legitimate interests – for running and protecting our business and website securely
   

For sensitive personal data (special category data), we process information in line with clinical/professional obligations, including the provision of health or therapeutic support.

We treat all enquiries and client work with confidentiality and discretion. Limits of confidentiality will be explained clearly where relevant (for example, where there is risk of harm to self or others, safeguarding concerns, or legal obligations).

We store personal data securely and take appropriate steps to protect it from unauthorised access, loss, or misuse.

This may include:

• secure email and password protection
   
• encrypted or secure storage systems (where applicable)
   
• limiting access to personal information to only what is necessary
   

We keep information only for as long as necessary for its purpose and in line with professional and legal requirements.

We do not sell or share personal information for marketing purposes.

We may share information only when necessary, such as:

• with service providers who support business operations (e.g., secure scheduling, website hosting)
   
• with accountants or payment processors for invoicing purposes
   
• if legally required (e.g., court order)
   
• where safeguarding concerns apply
   

Any sharing is done with care and minimal disclosure.

Our website may use cookies or analytics tools to understand visitor traffic and improve site performance.

You can manage cookie preferences through your browser settings. Some website functionality may be limited if cookies are disabled.

Under UK GDPR, you have rights including:

• the right to access personal data we hold about you
   
• the right to request correction of inaccurate data
   
• the right to request deletion (where applicable)
   
• the right to restrict processing in certain circumstances
   
• the right to object to processing
   
• the right to data portability (where applicable)
   

To exercise these rights, please contact us using the details above.

We keep personal data only for as long as needed for its purpose, and in line with professional, insurance, and legal obligations.

Our website may include links to external websites. We are not responsible for the privacy practices of those websites and encourage you to review their policies.

If you have concerns about how your information is handled, we encourage you to contact us first so we can respond.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk

We may update this Privacy Policy from time to time to reflect changes in legal requirements or how we operate. The most recent version will always be available on this page.