Off The Record Twickenham Logo
020 8744 1644

Privacy Policy

Data Privacy – keeping your data private and secure

We, at Off The Record Twickenham (OTR), are committed to protecting your personal data and will only use it in line with the purposes for which it has been provided, your expectations for its use, and data protection laws. For the purposes of Data Protection legislation (GDPR), OTR is the Data Controller. This means it is in charge of personal information about you. We are committed to protecting and respecting your privacy. We will only use your personal data in line with the purposes for which it has been provided, your expectations for its use, and data protection laws.

Personal data we collect and how we use it

Your privacy

We keep your information safe and private.

When you talk to us at OTR, it is always private (confidential) unless:

  • You ask us to tell someone else
  • We believe that your life, or someone else’s life, is in danger
  • You are being seriously hurt by someone
  • You are seriously harming someone else

We will always try to talk with you first about who we can tell.

If we need to tell someone urgently, we will only talk privately to the right person about information they need to keep everyone safe.

When you start counselling sessions, we will explain this and ask you to agree to it.

Personal data we collect from you

We may collect this information from you, or someone or someone on your behalf (for example, a parent or guardian, teacher, GP, social worker).

Your informationWhy we keep it
NameTo contact you about counselling sessions
Address / Date of birthTo show that you are local and the right age to have counselling at OTR
Phone number / Email addressTo contact you about counselling sessions
School or College / GP Surgery / Ethnicity / Gender / How you heard about usTo help make sure we are offering our services to all young people across Richmond borough
Health issues or disabilityTo make sure we can keep you safe and offer you the best possible counselling service
If you know anyone at OTRTo make sure we don’t arrange counselling with someone you, or or your friend/sibling, already know
Parent Email and Phone NoTo make contact with you about arranging counselling sessions, but only if that’s what you want us to do

How we use your data

Information you provide may be used in the following ways:

  • To show our funders how the money they give is used to help young people
  • To show how many local young people are having emotional difficulties
  • To make sure we are helping local young people in the way they need
  • To find out how we, and others, can do to more help.

We take out all information which might identify an individual, like name, phone number and address. This makes sure that no-one will know that you have been to OTR.

If you were referred to OTR through CAMHS (Child & Adolescent Mental Health Service), then we may tell them about you if you give us permission.

OTR is part of a national NHS programme covering young people’s mental health services. We don’t give any personal information, but in the future, they may ask us for a rough idea of where young people come from (e.g. TW1) and the month they were born. This information will never be attached to your name or address.

Your Permission

When we take this information, we will ask for permission to store it safely (if you are 13 or under, we may ask your parent/guardian).

You can ask us to stop storing your information at any time, and you don’t have to give us any information that you don’t want to.

We never use your personal information to contact you about anything other than counselling, unless you have asked us to.

You can download the full youngPerson’s privacy notice (pdf) here.

Data we may collect from you and how we use it

  • Your name and contact details so we can send you our e-newsletters, which provide further information about our work, services and activities
  • Information to help us process donations and re-claim Gift Aid if you have authorised us to do so (this will include your name and address)
  • Information to fulfil sales made online (e.g. for tickets to our fund-raising events)

Please download non-client privacy notice (pdf) for further information.

Data we may collect from you

  • We may collect information such as name and address, national insurance number, bank account details, employment contracts and remuneration details, qualifications and absence information, your next of kin/emergency contact information, from you. We may also collect categories of sensitive personal data such as ethnic group and information about your health, where this information has been shared with us.
  • During the recruitment process we may receive information about you from a previous employer or an educational establishment you have previously attended. Applicants will know about this because they will have supplied us with the relevant contact details.

How we use your data

We process personal data relating to those we employ or engage to work at OTR, as employees under contract, or as volunteers. If you are applying for a job or to volunteer with us, the information you are asked to provide will be set out in the application form as being necessary for us to process your request and fulfil our responsibilities and legal obligations as your employer.

We may use your data for the following purposes:

  • To process job and volunteer inquiries and expressions of interest
  • To complete our recruitment process
  • To process the details of your contract of employment or volunteer agreement, pay and pension, and keep a record of employment related and volunteering matters
  • To deliver our services as an employer
  • For our own internal administrative purposes
  • For statistical purposes appropriate to our services
  • To comply with relevant laws and regulations

You can download a copy of our employee and volunteer privacy notice (pdf) here.

Data we may collect from you and how we use it

  • We may collect your bank account details in order to meet our obligations when we have entered into a contract with you to supply us with goods or services

Data we may collect about you and how we use it

When you contact us about counselling for a child or a young person in your care, we will ask for the name of the child, your home address and that of the child/young person, your email address and a contact telephone number so that we can provide you with information about our service, and be in touch with you about counselling if the child or young person has given their consent. Please read the Young People’s Privacy Notice section above which explains how and why we handle this information, how we keep it safe, and your rights under data protection laws.

OTR also provides a Parent Support Service which is entirely separate to its counselling offer to young people. If you wish to access this service you will be asked for permission for your name, email address and telephone number to be passed to the Parent Support Counsellor, so that the counsellor can contact you to make an appointment. We record this information on a secure database which shows the date on which you provided your consent and, where it is applicable, pseudonymised information about your child.

Data security

We understand the importance of keeping collected personal information safe, and are committed to taking all appropriate steps to prevent unauthorised access, loss or disclosure. We use suitable physical, electronic and operational management procedures to safeguard the information we collect on paper, in digital format, and online. as outlined below. Staff who have access are appropriately trained to manage and safeguard the information. We are fully compliant with NHS Digital information governance protocols, under which we are assessed annually.

  • We keep all client personal information in locked cabinets which only our staff can access
  • We use Microsoft 365, in which client personal information is stored in password-protected, encrypted files, that only a few members of our staff can access
  • Counsellors who work online with clients adhere to strict protocols for safe data processing
  • Emails containing personal data are encrypted, password protected and stored securely
  • We use a secure database platform (Oracle NetSuite) to process supplier payments through BACS transactions, and have restricted access protocols in place in Microsoft 365
  • Data sent via our website is secured by website encryption (SSL padlock)
  • We do our best to check external website links are safe. If you’re not sure about a link, ask us, and we will check it for you
  • We use Mighty Text for text messaging on computers which are password protected

Legal basis for processing personal information

  • We rely on your consent to contact you with information about our work
  • We process personal data that is necessary for the performance of a legal obligation to which OTR is subject, for example our legal duty to safeguard those who use our service or is necessary to protect the vital interests of others, i.e. to protect those who use our service from harm
  • When you subscribe to our e-news, we rely on your consent, which you may withdraw at any time by simply clicking the ‘unsubscribe’ link provided in all communications that you receive
  • We like to stay in touch with our supporters and we do so in our legitimate interests based on your expressed interests and involvement with us in the past
  • Where we have entered into a contract with you, we process your personal data on the lawful basis of contract
  • We process personal data on the basis of compliance with our statutory and legal obligations which includes but is not limited to reporting on financial and health and safety matters
  • We process personal data that is necessary for the performance of employment or volunteer contracts

Sharing personal data

  • We will never sell or swap your personal details with anybody else
  • We use the Mailchimp platform to send out our e-newsletter and enable subscribers to manage their subscription. You can read Mailchimp privacy policy here
  • We use the Paypal platform to process donations. You can read Paypal’s Privacy Notice here
  • We may be required, by law, to pass on some of the personal data which we collect to government and statutory bodies, such as HMRC
  • We may disclose personal data to the Disclosure and Barring Service for the purposes of carrying out checks on suitability for staff and volunteers to work with children or vulnerable adults
  • We disclose employee national insurance number and absence information to our payroll provider to enable payment, and share identity and pay information with HMRC to pay income tax and make national insurance contributions
  • We share employee details with their pension provider as appropriate in order to maintain their pension entitlement

Keeping your data up to date

It’s important that the records that we keep are up to date. Please let us know if your details change at anytime.

Data retention

We only keep your information for as long as we need it or for as long as we are required by law to keep it. Full details are given in our Data Protection Policy.

Legally we must shred client personal data after six years, but you can ask us to shred it at any time.

Your rights

  • You can ask to see, amend, or correct the personal information we hold about you
  • You can ask that we delete or stop processing your personal data
  • You can ask us to transfer your information to another person
  • We can give your personal data to another organisation, if we protect your legal rights and our legal rights under Data Protection law.

Website cookies

  • We use Google Analytics cookies to give us general information about how our website is working
  • We never use cookies to access your phone or computer or to find out your personal data
  • You can block cookies in your browser settings
  • For more information see:

Further information

If you have any concerns about the privacy and safety of your personal information you can talk to OTR staff or one of the counselling team. Or please email our Data Protection Officer, OTR Manager Deborah Kerpner, at or phone 020 8744 1644.

If we make any changes to any OTR privacy policies, we will post an update on our website.

OTR complies with the National Data Opt Out Policy. OTR is registered with the Information Commissioner’s Office. Please see our Data Protection Policy for further information.

You can also get in touch with the Information Commissioner’s Office, where we are registered.

Information Commissioner’s Office
Wycliffe House
Water Lane
Tel: 0303 123 1113

Changes to this notice

We will keep this notice under regular review and post any changes on our website, or by notification to you by email, so that you are aware of how we use your data at all times.