Find an Accredited Cognitive Behavioural Therapist

Privacy Notice; How your information is protected

We are committed to making sure that Your data is securely protected and that you are aware of the rights you hold when your data is being processed by us.

Our privacy policy is compliant with the principles of General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). We are registered with the Information Commissioner’s Office (ICO) under the Data Protection Register, our registration number is ZA050075.

Think CBT Ltd. is the Data Controller of the data it holds about clients, associates and staff. You can contact the data protection officer by emailing This email address is being protected from spambots. You need JavaScript enabled to view it..

Why We Maintain Personal Data:

We need to collect and maintain a record of the data you submit to ensure that:

  • Professionals receiving referrals have accurate and up-to-date information.
  • Professionals can be verified and contacted for the purposes of referrals.
  • Your concerns can be properly investigated if you raise a complaint. 

Your Record:

We have a duty to:

  • Ensure that your records are confidential, secure and accurate.
  • Provide a copy at your request in an accessible format.

Your record may include some or all of the following:

  • Your name.
  • Your phone Number.
  • Your referral data as submitted via the website.

How We Use Your Contact Details:

We take your privacy seriously so please let us know if you have any specific contact instructions.


If you provide a mobile phone number: we may ring, leave a message or text you, please inform us if you do not want us to do so.
If you provide a landline: we may leave a message, please inform us if you do not want us to do so.


If you provide us with your email address: we may use it to send confidential information, unless you have instructed us not to do so.
Please read the following before providing us with your email address:

Email Encryption:

For the purpose of sending sensitive and confidential information such as therapy reports, referrals and test results we use password protection on all documents transmitted.

This additional level of security allows us to stop further access to your content, prevent data breaches, and control your data at all times.

Further Email Information:

  • Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet. Be aware also that if you share your computer, others may read your emails.
  • You can use email as a method to contact our main office or your designated therapist in relation to a query or to ask about an appointment.
  • Do not give more personal information than we need to process your request.
  • Do not ask us to send you personal details that you would not want seen by other people.
  • If you have an urgent question or feel at risk after going home after treatment contact an emergency service e.g. 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email Think CBT Ltd. in an emergency.

How Your Records Are Kept:

Our guiding principle is that we hold your records in strict confidence. We use appropriate technical and organisational measures to ensure this.

CBT Pages is a trading name of Think CBT Ltd. Which is registered under the Data Protection Act 1998. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security.

How Your Records Are Used:

We use your records to:

  • Ensure that any referral or advisory services we provide to you are based on accurate information.
  • Send a referral about your request for therapy to health professionals listed on CBT Pages.
  • Investigate any relevant concerns or complaints you or your family have. 

Passing Your Intake Information to Your Designated Therapist:

All therapists listed on this website are checked for relevant training, experience, qualifications, accreditation status and professional indemnity.

All therapists are self-employed and responsible for their own data management standards.

When your personal intake data is passed to your designated therapist, direct responsibility for the secure maintenance of your personal information is transferred to this therapist. This helps to ensure that your information is not shared more widely and that only your designated therapist has access to your personal data.

Therapists are required to strictly comply with the conditions and practice standards laid down by their relevant UK professional body.

The designated therapist is required to comply with the standards laid out in the GDPR and maintain the principles outlined in this privacy statement.

We may also share information that identifies you where:

  • You ask us to do so;
  • We ask for specific permission and you agree to this;
  • We are required to do this by law;
  • We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed).

CBT Pages and it’s holding body Think CBT Ltd. will not provide client information to other organisations except under the circumstances described in this Privacy Notice.

Special Situations:

Sometimes we have a legal duty to provide information about people;, e.g. where personal risk is a factor and when a court order instructs us to do so. Records may also be shared without the patient's consent in exceptional situations, such as to safeguard adults or children.

Sharing Your Records Outside the EU:

If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU. This would normally be the therapist who you have chosen to deliver your treatment.

In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions with regard to confidentiality and security in addition to the obligations imposed by the Data Protection Act 1998.

Exceptionally we may use suppliers who are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.

How Can I Stop My Information From Being Shared?

If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your designated therapist.

Your Legal Rights:

You have the right to confidentiality under the Data Protection Act 1998 (DPA), the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.

You have the right to request the erasing of your data under the policy Right to Erasure (‘right to be forgotten’) in article 17 of Chapter 3 of the GDPR (EU) 2016/679.

You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:

  • The right to obtain a copy of your records in permanent form;
  • The right to have the information provided to you in a way you can understand, and explained where necessary, for example where abbreviations have been used. You would not be entitled to see information that: 

Has been provided about you by someone else if they haven’t given permission for you to see it.

    • Identifies another person who has not given permission for you to see the information about them.
    • Relates to criminal offences.
    • Is being used to detect or prevent crime.
    • Could cause physical or mental harm to you or someone else. If you are currently receiving services organised via CBT Pages and wish to view your data record without obtaining a copy, discuss your request with the therapist providing your care.

Obtaining a Copy of Your Record;

If you wish to apply for access to the information we hold about you. Please note:

  • You should send your request in writing to the Think CBT Ltd. Data Protection Officer – This email address is being protected from spambots. You need JavaScript enabled to view it.. You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth.
  • We will take every reasonable step to respond to you within 40 days of receiving your request.
  • You may be required to provide a form of ID before any information is released to you. Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.

Glossary of Terms:

GDPR; General Data Protection Regulation. New data privacy and protection regulations replacing the individual data protection laws in all EU countries on 25th May 2018.

Therapy Notes; anonymised notes securely kept by your therapist to support continuity and progress through the therapeutic process.

Consent; Freely given, specific, informed and explicit consent by statement or action by the patient, staff member or any person signifying agreement to the processing of their personal data.

Controller; The Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor; A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Subject; Any individual we deal with such as a client, patient, therapist or Doctor whom the particular personal data is about.

Data Protection Officer (DPO); An expert on data privacy who works independently to ensure the business is adhering to the policies and procedures set forth in the GDPR.

Personal Data; Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Processing; Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.

Right to be Forgotten (RTBF); Also known as 'right to erasure'. Entitles the data subject to have the clinic erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.

Think CBT

Cognitive Behavioural Therapy Experts.
Fast and confidential CBT Appointments.
No waiting lists, no red-tape and no fuss.