— (click here to read Your Privacy – In Plain English)
1. Who We Are
Pegasus – Men’s Wellbeing Centre CIC (“Pegasus”, “we”, “us”, “our”) is a UK-based Community Interest Company providing trauma-informed counselling, psychotherapy, group support, training, corporate wellbeing services, and digital learning programmes across Cornwall, London, and UK-wide.
We are committed to protecting your privacy, dignity, and personal information in line with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Relevant professional ethical frameworks (e.g., BACP)
Pegasus acts as a Data Controller for the personal data we collect and process.
Contact:
Email: info@pegasusmenswellbeing.co.uk
Website: https://pegasusmenswellbeing.co.uk
2. Our Commitment to Confidentiality
As a trauma-informed organisation working with vulnerable individuals, confidentiality and psychological safety are central to our values.
We collect only the information necessary to:
- Deliver safe and effective services
- Meet safeguarding responsibilities
- Comply with legal and regulatory requirements
- Improve the quality of our work
We will never sell or trade your personal data.
3. What Information We Collect
3.1 Website Enquiries & Contact Forms
- Name
- Email address
- Telephone number
- Any message you provide
3.2 Training, Workshops & Events
- Name
- Contact details
- Billing information
- Professional registration details (where relevant)
- Attendance records
3.3 Counselling & Therapeutic Services
We may collect:
- Name and contact details
- Emergency contact details
- GP details
- Assessment information
- Session notes
- Risk assessments
- Relevant health and wellbeing information
This may include Special Category Data (e.g., mental health information).
Counselling services are governed by a separate therapeutic agreement.
3.4 Children & Young People (CYP)
Where services involve children or young people:
- We collect parental/guardian details where legally required
- We obtain appropriate consent in accordance with UK law
- We prioritise safeguarding and best interests of the child
3.5 Corporate & EAP Clients
For corporate partnerships, we may collect:
- Business contact details
- Contractual and billing information
- Anonymous service usage data (where agreed)
We do not share identifiable client information with employers without explicit consent, unless legally required.
4. Lawful Basis for Processing
We process data under the following lawful bases:
- Contract – to deliver services you have requested
- Legitimate Interests – for service improvement and administration
- Legal Obligation – safeguarding, insurance, compliance
- Consent – for marketing communications
- Vital Interests – where serious risk to life or safety exists
- Provision of Health & Social Care – for counselling-related sensitive data
5. Safeguarding & Limits of Confidentiality
Confidentiality is fundamental. However, it may be limited where:
- There is risk of serious harm to you or others
- Safeguarding concerns arise
- We are legally required to disclose information
- A court order compels disclosure
Any disclosure will be proportionate, necessary, and recorded.
6. Data Storage & Security
Pegasus takes data security seriously.
We use:
- Secure, encrypted clinical record systems (e.g., C360 platform)
- Password-protected systems
- Access-restricted staff permissions
- Secure email and cloud storage systems
- Device PIN protection and automatic updates
- Firewall and malware protection
We align our systems with Cyber Essentials security standards and continually review our data protection practices.
Only authorised personnel have access to personal data.
7. Data Retention
We retain personal data only as long as necessary:
- Counselling records: Typically 7 years after end of service (or in line with professional guidance)
- Training records: Up to 6 years for audit and certification purposes
- Financial records: As required under HMRC regulations
- Marketing data: Until consent is withdrawn
Data is securely deleted when no longer required.
8. Data Sharing
We do not sell personal data.
We may share information with:
- Counsellors and trainers delivering services
- Clinical supervisors (anonymised where possible)
- Safeguarding authorities where required
- Secure payment processors
- Professional advisors (e.g., accountants, insurers)
All third parties are required to process data lawfully and securely.
9. Online Services & Digital Platforms
For online workshops and counselling:
- Participants are responsible for attending from a private, secure location
- Recording sessions without consent is prohibited
- Access links must not be shared
For digital courses and downloads:
- Access is personal and non-transferable
10. Marketing Communications
We will only send marketing communications where:
- You have opted in, or
- You have previously engaged with our services and not opted out
You can unsubscribe at any time using the link in our emails.
We use secure email marketing platforms that comply with UK GDPR standards.
11. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request correction
- Request erasure (where applicable)
- Restrict processing
- Object to processing
- Withdraw consent
- Lodge a complaint
You can contact us directly to exercise your rights.
You also have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk
12. International Transfers
Where digital service providers store data outside the UK, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
13. Cookies & Website Analytics
Our website may use cookies to:
- Improve user experience
- Monitor website performance
- Analyse visitor behaviour
You can manage cookie settings via your browser preferences.
14. Changes to This Policy
We may update this Privacy Policy periodically. The most recent version will always be available on our website.