near Tewkesbury & Cheltenham in Gloucestershire
  • Instagram


Positive Exchange Privacy Notice

If you have any concerns regarding the data held about you by Positive Exchange, please contact us at

General Data Protection Regulation 

The GDPR, or General Data Protection Regulation, is a European privacy law that went into effect in May 2018. This legislation is known as General Data Protection Regulation (GDPR).  GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe regardless of where that data is processed.  For the purpose of the GDPR regulation, Positive Exchange will act as data processor for data that has been provided.

Type of Data

GDPR legislation applies to any data that can identify a living person including, but not limited to,  e-mail address, postal address and phone number.  It is known as Personally Identifiable Information (PII).

Data Physical Locations

Website data is hosted by 123-Reg and their data servers are stored within the EU.

Data Processing Agreements 

Our data processing commitments are set within the Privacy Policy. These have been updated with guidance from regulators.  More recently it has been updated to include GDPR legislation.

Circumstances in which data may be shared with other agencies

Positive Exchange will not share any of your confidential information with any third parties unless we are instructed or permitted to do so by the client or we are required to do so by law; for example: immediate risk of substantial self-harm to self or others; or under a legal requirement, eg terrorism, drug money laundering; or via court order for disclosure.

Client’s Rights Under Data Protection Law:

  • To access a copy and explanation of their personal data
  • To request correction or erasure, in certain circumstances
  • To request limiting or ceasing data processing, where applicable

Your Rights of Access, Correction, Erasure and Restriction

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request“). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
    If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact in writing.
  • No fee usually required – you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  • What we may need from you – we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
  • Right to withdraw consent – in the circumstances where you may have provided your consent to processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Deleting Data

Client records shall be kept for at least 7 years following the last occasion on which treatment was given.  In the case of treatment of minors, records will be kept for a least 7 years after they reach the age of majority (18).

What happens to your details when you contact us

When you contact us by social media, e-mail or phone, we will retain your details for the sole purpose of correspondence relating to that enquiry only.  We will delete your message sent via Facebook and will communicate with you via e-mail and/or telephone.   If you become a client, your details will be recorded within our paper files which will be securely stored including any e-mail correspondence which will be held on our encrypted and password protected system.  We will not use your details for any purpose other than in connection with your treatment.


We occasionally use PayPal to collect some payments.  Click here to view PayPal’s privacy page and what they do with your data.

Visitors to our website

When someone visits we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.


If you are a minor in the country in which you are accessing our website, you may submit your personal data on this website only with the involvement of your parent(s) or guardian. If you are a parent(s) or guardian and you provide consent for a minor to submit personal data on this website, you agree to this Policy in respect to the minor’s use.

  • Children have the same rights as adults over their personal data. These include the rights to access their personal data; request rectification; object to processing and have their personal data erased.

With all of the above taken into account, your use of is taken as acceptance that the internet is not 100% secure medium for communication.  We cannot ensure security of any information you transmit to us, and you do so at your own risk.  Once we receive your transmission, we make our best efforts to ensure its security on our systems using encryption and passwords. Accordingly, we cannot guarantee the security of any information sent via the internet and are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.

Use of cookies by Positive Exchange

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Category Cookie Name Purpose
Necessary Cookies PHPSESSID Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Necessary Cookies cookiesAccepted Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Necessary Cookies cookiesAcceptedAnalytics Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Necessary Cookies cookiesAcceptedPayPal Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Necessary Cookies gwcc Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Analytical cookies '_ga','_gat','_gid' Analytical cookies for us to better craft the user experience based on your page view experiences.
PayPal 'PYPF' Used by PayPal for enabling payments

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites/services.  You should note that we are in no way responsible for the content or privacy policies these websites/services may have in place and advise that you use caution and refer to these websites own Privacy statements and terms.

Data Controller

Any personal information that you provide on this website is controlled by Positive Exchange.

Please check the Privacy Policy periodically as it may change from time to time.

Positive Exchange is registered with the Information Commissioner’s Office, Reference Number: A8327963. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.