Data Protection Policy

EFOT-UK (“EFOT-UK”, “Equine Facilitated Occupational Therapy UK”, We” or “Us” or “Our”).

EFOT-UK is required to collect and use personal information about people with whom it deals to be able to operate. EFOT-UK takes confidentiality and privacy rights very seriously and is committed to ensuring that the legal framework provided by GDPR for the appropriate handling and disclosure of personal data is adhered to.


For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) and/or any relevant law implemented as a result of General Data Protection Regulation and E Privacy Law (together, “Data Protection Laws“), EFOT-UK are a:

  1. data controller in respect of any personal data that is shared with us by an individual, or that we collect, through our website (including any personal data that is provided to us by an individual, or that we collect, during an individual’s registration for, and subscription to, the services we provide) or otherwise in an individual’s communications with Us; and
  2. data processor in respect of personal data that an individual shares with us as part of that individuals use of the services that we provide, and in respect of which the individual is the data controller. Our and the individual’s respective obligations in relation to that personal data are set out in this Data Protection Policy.

Personal data is any information relating to a living individual who can be identified from that information. Please note that personal data includes expressions of opinion and indications of intention in respect of an individual.  


In line with the Six Principles of GDPR personal data will be:

  1. Processed fairly and lawfully, and in a transparent manner in accordance with at least one condition set out in the GDPR.
  2. Collected for specified, explicit and legitimate purposes and not further processed in any way incompatible with those purposes.
  3. Adequate, relevant, and not excessive in relation to the purpose for which it was collected.
  4. Accurate and up to date.
  5. Kept for no longer than is necessary.
  6. Protected by appropriate technical and organisational measures which guard against unauthorised or unlawful processing of personal data, or accidental damage to, or loss or destruction of, personal data.