Last updated: 14/10/2025
1. INTRODUCTION
Andrew Tobert ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website AndrewTobertTherapy.com (the "Website").
This Privacy Policy applies to information collected through the Website only. Once you enter into a therapeutic relationship with Andrew Tobert, your clinical information will be governed by a separate Therapeutic Contract and the BACP Ethical Framework for the Counselling Professions.
Data Controller: Andrew Tobert
Business Address: 231 Shoreditch High Street, London, E1 6PJ
Email: andrew.tobert@gmail.com
We take our responsibility to protect your data seriously and are committed to transparency about how we handle your information.
2. INFORMATION WE COLLECT
2.1 Information You Provide to Us
When you use our Website, you may voluntarily provide us with personal information, including:
Contact enquiries:
Name
Email address
Telephone number
Any information you include in your message or enquiry
This information is provided when you:
Fill out a contact form on the Website
Send us an email
Call or message us to enquire about services
2.2 Information We Collect Automatically
When you visit our Website, we automatically collect certain information about your device and how you interact with our Website:
Technical information:
Internet Protocol (IP) address
Browser type and version
Device type (computer, tablet, mobile)
Operating system
Time zone settings
Browser plug-in types and versions
Usage information:
Pages you visit on our Website
How you arrived at our Website (referral source)
Time and date of your visit
Time spent on pages
Links clicked
Mouse movements, scrolling, and clicks
This information is collected through cookies and similar tracking technologies (see Section 5 below).
3. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes:
3.1 To Provide Services and Respond to Enquiries
To respond to your contact form submissions or email enquiries
To arrange initial consultations
To provide information about therapy services
To communicate with you about your enquiry
Legal basis: Legitimate interests (to respond to enquiries and provide requested information) and, where applicable, performance of a contract.
3.2 To Improve Our Website
To understand how visitors use our Website
To improve Website functionality and user experience
To identify and fix technical issues
Legal basis: Legitimate interests (to improve our services and Website).
3.3 For Marketing and Advertising
To show you relevant advertisements on third-party websites and platforms
To understand the effectiveness of our marketing efforts
To retarget visitors who have shown interest in our services
Legal basis: Consent (which you can withdraw at any time through your browser settings or by contacting us).
4. DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected:
Contact enquiries: We keep your contact information for up to 24 months after your last contact with us, unless you request earlier deletion or you become a client (in which case clinical record retention rules apply).
Analytics and tracking data: This is typically anonymised and retained for up to 26 months.
Marketing data: We retain data necessary for retargeting purposes in accordance with the policies of our advertising platforms, typically for up to 180 days.
If you become a client, your clinical records will be retained in accordance with BACP guidelines (typically 7 years from the end of therapy for adults, or until the client's 25th birthday for those who were under 18 during therapy).
5. COOKIES AND TRACKING TECHNOLOGIES
5.1 What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They help websites remember information about your visit and can make your next visit easier and the site more useful to you.
5.2 How We Use Cookies
We use the following types of cookies on our Website:
Essential Cookies:
These are necessary for the Website to function properly
They enable basic functions like page navigation
The Website cannot function properly without these cookies
Legal basis: Strictly necessary for the operation of the Website
Analytics Cookies:
We use Google Analytics or similar tools to understand how visitors use our Website
These cookies collect anonymous information about pages visited, time spent on the site, and how you arrived at the Website
This helps us improve the Website and user experience
The information generated is aggregated and does not personally identify you
Legal basis: Consent
Advertising/Retargeting Cookies:
We use advertising cookies to show you relevant advertisements on other websites
These cookies track your browsing activity to determine which ads to show you
We may use services such as Google Ads, Facebook Pixel, or similar platforms
These cookies may track you across different websites
Legal basis: Consent
5.3 Managing Cookies
You can control and manage cookies in several ways:
Browser settings: Most browsers allow you to refuse or accept cookies. You can usually find these settings in the 'options' or 'preferences' menu of your browser.
Third-party opt-outs:
Google Analytics: https://tools.google.com/dlpage/gaoptout
Google Ads: https://adssettings.google.com
Facebook: https://www.facebook.com/ads/preferences
Note: Blocking or deleting cookies may impact your experience on our Website. Essential cookies cannot be disabled if you wish to use the Website.
For more information about cookies and how to manage them, visit www.allaboutcookies.org or www.youronlinechoices.eu.
6. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information to third parties.
We may share your information in the following limited circumstances:
6.1 Third-Party Service Providers
We use trusted third-party services to help us operate our Website and provide services:
Analytics providers (e.g., Google Analytics) - to understand Website usage
Advertising platforms (e.g., Google Ads, Facebook) - for retargeting and advertising
Email service providers - to send and receive emails
Website hosting providers - to host and maintain the Website
These service providers are contractually obligated to protect your data and may only use it for the purposes we specify.
6.2 Legal Requirements
We may disclose your information if required to do so by law or in response to:
A court order or legal process
A request from law enforcement or regulatory authorities
Protection of our rights, property, or safety, or that of others
Prevention of fraud or other illegal activity
6.3 Business Transfers
If our business is sold or merged with another organisation, your information may be transferred to the new owners so they can continue to provide services to you.
7. INTERNATIONAL TRANSFERS
Some of our third-party service providers (such as Google and Facebook) may process your data outside the United Kingdom and European Economic Area (EEA).
We only use reputable service providers who comply with data protection requirements and have appropriate safeguards in place to protect your information when it is transferred internationally.
8. DATA SECURITY
We take appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.
These measures include:
Secure servers and encrypted connections (SSL/TLS)
Regular security assessments
Access controls and authentication procedures
Regular backups of data
However, please note:
Email and contact form communications are not end-to-end encrypted
No method of transmission over the internet is 100% secure
You should not send sensitive clinical or personal information via the Website
Wait until a secure therapeutic relationship has been established before sharing sensitive information
9. YOUR RIGHTS
Under UK data protection law (UK GDPR and Data Protection Act 2018), you have the following rights:
9.1 Right of Access
You have the right to request a copy of the personal information we hold about you (commonly known as a "subject access request").
9.2 Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
9.3 Right to Erasure
You have the right to request that we delete your personal information in certain circumstances, such as when:
The information is no longer necessary for the purposes for which it was collected
You withdraw your consent (where consent was the legal basis for processing)
You object to the processing and there are no overriding legitimate grounds
Note: This right does not apply to clinical records, which must be retained in accordance with professional and legal requirements.
9.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal information in certain circumstances.
9.5 Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
9.6 Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes (including profiling).
9.7 Right to Withdraw Consent
Where we rely on your consent to process your personal information (such as for marketing and retargeting cookies), you have the right to withdraw that consent at any time.
9.8 Exercising Your Rights
To exercise any of these rights, please contact us at andrew.tobert@gmail.com
We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.
10. CHILDREN'S PRIVACY
This Website is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18 through the Website.
If you are under 18, please do not submit any personal information through the Website. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.
If you work with young people and are seeking therapy services for them, please contact us directly rather than providing their information through the Website.
11. THIRD-PARTY WEBSITES
Our Website may contain links to third-party websites, such as professional bodies, resources, or other organisations. This Privacy Policy does not apply to those websites.
We have no control over and are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Any changes will be posted on this page with an updated revision date. Significant changes will be highlighted on our Website.
We encourage you to review this Privacy Policy periodically. Your continued use of the Website after any changes indicates your acceptance of the updated Privacy Policy.
13. QUESTIONS AND COMPLAINTS
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, please contact us:
Andrew Tobert
Email: andrew.tobert@gmail.com
Address: 231 Shoreditch High Street, London, E1 6PJ
We take all privacy concerns seriously and will respond to your enquiry within 30 days.
13.1 Right to Complain to the ICO
If you are unhappy with how we have handled your personal information or believe we have not complied with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint
We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.
14. DISTINCTION BETWEEN WEBSITE DATA AND CLINICAL DATA
Important: This Privacy Policy relates only to information collected through the Website.
Once you become a client and enter into a therapeutic relationship with Andrew Tobert, your clinical information (session notes, assessments, treatment plans, etc.) will be governed by:
A separate Therapeutic Contract
The BACP Ethical Framework for the Counselling Professions
Professional confidentiality obligations
Specific legal and ethical requirements for clinical records
Clinical confidentiality and data handling will be explained in detail during your initial consultation and before therapy begins.
Thank you for trusting Andrew Tobert with your information.
Privacy Policy
Qualified therapist based in Hackney, London
© 2025 Andrew Tobert Therapy | Terms & Conditions | Privacy Policy