The Grove Practice

Privacy notice

We pledge that we will never share the details of those people whose personal information we hold within The Grove.

This privacy notice makes it easier for you to find out how we handle personal information.

Personal data

In order to serve our clients and customers, The Grove Practice holds personal data including first name and surname, email address etc.

This privacy policy describes how we treat that personal information, as defined by GDPR (General Data Protection Regulation), the Data Protection Act 2018 and other applicable data protection legislation. The Grove is defined by this legislation as a Data Controller.

All personal data is held securely under restricted access control within The Grove, according to high standards of data security which are internationally recognised.

Because this personal data relates to an identified or identifiable individual, we take privacy very seriously. Importantly, we maintain confidentiality according to our professional code of ethics in addition to the requirements of the data protection legislation. Rest assured that we will always remove from our mailing list anyone who states that they wish to unsubscribe (a simple link to click and unsubscribe is shown on every marketing email or newsletter we send).

Ideally, we want all recipients to be as excited as we are about our therapy services, courses or new initiatives being offered by The Grove. All too often, we hear from practitioners who wanted to take our course but didn’t hear soon enough to diarise the dates. So we certainly want to keep everyone updated as soon as CPD course announcements are made.

Data protection legislation has been designed to protect individual consumers from unauthorised, accidental or unlawful processing of their data such as unwanted sales or marketing practices such as unscrupulous spam / scam emails, data being sourced or disclosed without the individual being aware, or data being inadvertently lost or deleted.

We only want to handle personal data which relates to our current clients or customers or prospects: people with whom we have a legitimate relationship; people who actively want to be in communication with us etc.

  • When we process personal data, we must ensure that the personal data is:
  • processed lawfully, fairly and transparently
  • collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes
  • adequate, relevant and limited in relation to those purposes
  • accurate and, where necessary, up to date
  • not kept for longer than necessary for those purposes
  • processed with appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

We must also be able to demonstrate that we comply with these principles.

Legitimate use of personal information

The information collected is for specified, explicit and legitimate purposes which have demonstrable benefit the customer.

What products and services does our Privacy Notice relate to? All products or services provided through The Grove Practice Limited, including:

  • Clients in our therapy service at The Grove Practice, relating to enquiries, appointment bookings, and therapy services according to clinical need.
  • Details of customers who participate in our corporate programmes including organisational engagement services.
  • Professionals who are interested in or who participate in our CPD courses.
  • People who are being treated in one of our trauma therapy services.

Our view in accordance with data protection legislation, is that there are various legal bases for The Grove using the details of clients and customers etc, for example, in order to fulfil a booking and to provide the services being purchased.  These legal bases include:

  • performance of a contract to which the individual is party or in order to take steps at their request prior to entering into such a contract;
  • our legitimate interests as a business (but not where this might significantly conflict with the interests or fundamental rights and freedoms of an individual);
  • protecting the vital interests of any individual;
  • compliance with our legal obligations;
  • the individual has given their valid consent;

Each of these legal bases is subject to further detailed provisions which will be considered carefully before being used as the reason to process personal data.

In certain specific situations, we may also process data in connection with the public interest, public health matters, or legal proceedings.  In addition, further restrictions apply to special categories of personal data including details of an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, health, sex life and sexual orientation, and criminal convictions.  We will ensure that we meet the necessary requirements for processing these categories of personal data.


We will implement appropriate security procedures including entry controls to premises, lockable cabinets, secure document disposal, suitable password protection for files and equipment, digital security such as firewalls and malware filters.

Transferring personal data to a country outside the UK/EEA

We will not transfer personal data to a country outside the UK or EEA, except for storage in a secure cloud storage centre where one of the following conditions applies:

  • specific contractual clauses or binding rules are in place
  • the individual has given their explicit consent
  • the transfer is necessary for certain specified reasons such as: the performance of a contract, for reasons of public interest, for the purpose of a legal claim, to protect the individual’s vital interests or for our legitimate interests.

Your rights

Individuals whose data we process have the right to:

  • access any personal data held about them
  • be given certain information concerning how their personal data is obtained and processed (this information is as set out in this Policy)
  • have their personal data rectified where necessary
  • have their personal data erased in certain circumstances (the “right to be forgotten”)
  • restrict processing of their personal data in certain circumstances
  • have their personal data transferred to themselves or another data controller (“data portability”)
  • object to automated processing

Individuals may exercise these rights by letting us know – all such requests will be forwarded to the Data Protection Manager for a response within the applicable time period.

For further information, please contact:


  • the Information Commissioner’s Office ( Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF, 0303 123 1113.

Changes to this policy

We may change this Policy at any time and you should check for updates from time to time.