Privacy Policy

Universities Psychotherapy and Counselling Association (UPCA) is committed to protecting your personal data and respecting your privacy. This privacy notice explains how we collect, use, store, and protect personal data when you interact with us, including through our website and membership services. It also explains your rights under UK data protection law.

This notice applies to members, applicants, website users, and other individuals who interact with UPCA.

Controller and Contact Details

Universities Psychotherapy and Counselling Association (UPCA) is the controller responsible for your personal data (referred to as “UPCA”, “we”, “us” or “our”).

UPCA is not required to appoint a Data Protection Officer under UK GDPR. However, we have designated a Data Protection Contact to oversee data protection compliance and act as a point of contact for data protection matters.

If you have any questions about this privacy notice or wish to exercise your data protection rights, please contact:

Email: administration@upca.org.uk

UPCA is registered as a data controller with the Information Commissioner’s Office (ICO).

ICO registration number: Z6434624

Accuracy of Your Information

It is important that the personal data we hold about you is accurate and current. Please inform us if your personal data changes during your relationship with us.

Personal Data We Collect

Depending on how you interact with UPCA, we may collect the following types of personal data:

Identity Data – name
Contact Data – email address, telephone number, postal address
Professional Data – practice address, qualifications, insurance details, CPD records, complaints declarations
Membership Data – membership number, status, application and renewal records
Technical Data – IP address, browser type and version, operating system
Usage Data – information about how you use our website

UPCA does not intentionally collect special category personal data via its website.

How We Use Your Personal Data

To administer membership applications, renewals, and enquiries
To maintain accurate membership records
To meet regulatory, audit, and governance obligations (including UKCP requirements)
To provide UPCA services, including the “Find a Therapist” directory
To communicate essential membership information
To maintain and improve the security and functionality of our website

Where correspondence is received by email, telephone, or other means, this may be recorded securely within membership records where relevant.

Lawful Bases for Processing

We process personal data in accordance with UK GDPR using one or more of the following lawful bases:

Contract – where processing is necessary to administer membership
Legal obligation – where required to meet regulatory or governance requirements
Legitimate interests – where necessary for the operation of UPCA and balanced against individual rights
Consent – where required (e.g. non-essential communications)

Where processing is based on consent, consent may be withdrawn at any time.

Public Directory and “Find a Therapist” Listings

Certain professional information provided by full clinical members may be published on the public “Find a Therapist”directory. This information is published solely to enable members of the public to locate and contact therapists for therapeutic services.

UPCA:

Does not sell, rent, or distribute member contact details
Does not authorise scraping, harvesting, or reuse of directory data
Does not permit use of directory information for marketing or sales purposes
Takes reasonable organisational and technical measures to reduce misuse of publicly available data

Members may contact UPCA if they have concerns regarding their public listing.

Phishing, Impersonation, and Misuse of Data

UPCA is aware that individuals may attempt to misuse publicly available information or falsely represent UPCA.

Please note:

UPCA does not sell or share membership lists
UPCA will not contact members from Gmail or other personal email accounts
Emails offering UPCA “distribution lists” or “member contacts” are fraudulent

Suspected misuse or impersonation should be reported to administration@upca.org.uk

Reports help us monitor misuse and take appropriate action.

Data Sharing

We use trusted third-party services where necessary, including:

UPCA does not share personal data with third parties for their own direct marketing purposes.

We may share personal data with trusted service providers where necessary to deliver UPCA services, including:

Website hosting and content management (WordPress)
Email communications (Mailchimp)
Event and survey platforms (e.g. Eventbrite, Google Sheets, Online Events and SurveyMonkey)

These providers process personal data under their own contractual and data protection obligations.

International Transfers

UPCA does not routinely transfer personal data outside the UK. Where third-party services involve international data transfers, appropriate safeguards are in place in accordance with UK GDPR.

Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, and governance requirements.

Membership records are retained for the duration of membership and for a defined period thereafter. Data is securely deleted or anonymised when no longer required.

Your Data Protection Rights

Under UK GDPR, you have the right to:

Be informed about how your data is used
Access the personal data we hold about you
Request correction of inaccurate data
Request erasure where appropriate
Object to processing, including for direct marketing
Request data portability
Withdraw consent at any time

Requests should be sent to administration@upca.org.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Cookies

UPCA uses cookies and similar technologies to analyse website usage and improve performance. You can manage cookies through your browser settings. Refusing cookies may limit website functionality.