Privacy notice

How we handle your data.

Last updated 5 June 2026

This notice explains what personal data we collect through this website, why we collect it, where it lives, and what you can do about it. It is written to meet our obligations under the UK GDPR and the Data Protection Act 2018.

Who we are

The data controller for personal data collected through this website is Dr Henry Briscoe, trading as What Works Psychology, an HCPC-registered Clinical Psychologist based in the United Kingdom.

You can reach us at contact@whatworkspsychology.co.uk. We are registered with the Information Commissioner's Office as a data controller.

What this notice covers

Anything you submit through the form on whatworkspsychology.co.uk, plus the limited technical data your browser sends when loading the page. It does not cover personal data you share with us by other routes, for example during a paid consulting engagement, which is handled under a separate processing agreement.

What we collect, and why

We only collect what you actively give us through the contact form. Everything else (analytics, cookies, tracking pixels) we have deliberately left off.

Form What we collect Lawful basis
Contact form Name, email, your business, message, timestamp Legitimate interests, and pre-contractual steps where relevant (Art. 6(1)(b) and (f))

We use what you give us to do exactly what the form says it will do: reply to your enquiry and arrange a conversation. We do not use it for profiling, ad targeting, or automated decision-making.

Where your data is stored

This site is intentionally lightweight, and so is the back end behind it. Form submissions are processed through Google Workspace, using Google Apps Script and Google Sheets.

Here is what actually happens when you submit the form:

  • Your browser sends the form contents directly to a Google Apps Script web endpoint hosted on Google's infrastructure.
  • That script writes the row into a Google Sheet inside our Google Workspace account, owned and accessed by Dr Henry Briscoe.
  • The Apps Script processes the submission server-side at Google. As part of that request, Google's servers will see your IP address and standard request metadata, which Google logs in line with its own processing terms.
  • We do not run a separate database, customer relationship management system, or third-party email marketing platform on this site. The Sheet is the record.
In plain terms

Google is the data processor for everything you submit through this site. We rely on the Google Workspace Data Processing Addendum, which incorporates the EU Standard Contractual Clauses and the UK International Data Transfer Addendum where relevant. Google may process or store data on servers located outside the United Kingdom, including in the European Economic Area and the United States, under those safeguards.

If we later move any of this to a different processor (for example, a dedicated email tool), we will update this notice before we do so.

Cookies, analytics, and tracking

We do not set cookies on this site. We do not run analytics (no Google Analytics, no Plausible, no Fathom). We do not embed marketing pixels or third-party trackers.

The page loads no external fonts, scripts, or stylesheets. The only outbound request your browser makes is the one that sends your details to Google when you submit the form, as described above. Nothing tracks you across the site.

How long we keep your data

We keep contact enquiries for 24 months from the date of our last contact, then delete them. You can ask us to delete your record sooner at any time.

If a casual enquiry turns into a paid engagement, the data we hold about you is governed by the engagement agreement and the retention rules that apply to clinical and consulting records, not by this notice.

Who we share it with

We do not sell your data. We do not share it with marketing partners, advertisers, or data brokers.

The only third party that routinely processes your data is Google, in its role as the operator of Google Workspace, Google Apps Script, and Google Sheets, as described above.

We may disclose data if we are legally required to (for example, in response to a valid court order or a request from a UK regulator with proper authority), or where we believe it is necessary to protect someone from serious harm.

Your rights

Under the UK GDPR, you have the right to:

  • Ask for a copy of the personal data we hold about you
  • Ask us to correct anything that is wrong
  • Ask us to delete your data, where we have no overriding reason to keep it
  • Ask us to restrict how we use your data, or to object to particular uses
  • Withdraw consent at any time, where we are relying on consent as our lawful basis
  • Receive a portable copy of the data you gave us, in a structured format

To exercise any of these rights, email contact@whatworkspsychology.co.uk. We will respond within one calendar month, usually much sooner.

How to complain

We would much rather hear from you first if you think something is wrong, so we can put it right. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk/make-a-complaint, by phone on 0303 123 1113, or by post to:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Changes to this notice

If we change anything material (a new processor, a new lawful basis, a longer retention period) we will update the "Last updated" date at the top of this page.