Privacy Policy

Privacy Policy | Routes 2 Branching Ltd | UK GDPR & Data Protection

Last updated: 31 August 2025 | Next review: 31 August 2026

Controller: Routes 2 Branching Ltd (Company No: 16573955), 6 Norreys Drive, Maidenhead, England, SL6 4BU, admin@r2b.uk

Who we are
Routes 2 Branching Ltd provides fire safety consultancy, R2B Therapies & Growth services, and specialist training across the UK, acting as data controller for personal data processed through our website and service delivery activities.

What this notice covers
This notice explains what personal data we collect, why and how we use it, the lawful bases relied upon, who we share it with, retention periods, international transfers, individual rights, cookies/consent, and how to raise concerns, consistent with the UK GDPR and Data Protection Act 2018.

Information we collect

Contact details: name, email, telephone number, postal and site addresses, and emergency contacts.
Business information: company name, job title, manager’s name, professional qualifications, and organisational information.
Financial information: invoicing details, payment history, and credit references where applicable.
Service‑specific data: fire safety property/specification and compliance history; training attendance, assessments, and certification; therapy session notes, goals, referrals, and safeguarding information.
Technical data: IP address, browser and device information, and site usage patterns via cookies and similar technologies, subject to consent where required.
Marketing data: communication preferences, service interests, and event participation.

Lawful bases and purposes

Contract (Article 6(1)(b)): delivering consultancy, therapy and training; managing bookings, certifications, and payments; and fulfilling service obligations.
Legal obligation (Article 6(1)(c)): maintaining tax and financial records, meeting regulatory and insurance requirements, and safeguarding/reporting duties.
Legitimate interests (Article 6(1)(f)): responding to enquiries and providing quotations; operating, securing, and improving services and the website; preventing fraud; and proportionate B2B marketing with a simple opt‑out.
Vital interests (Article 6(1)(d)): handling emergencies, health and safety incidents, or safeguarding where necessary to protect life.

Special category data (therapy): where therapy involves health information, processing is under Article 9(2)(h) for health or social care with the Data Protection Act 2018 Schedule 1 paragraph 2 condition, under professional confidentiality and appropriate safeguards.

Safeguards for therapy records: therapy notes are stored separately with role‑based access and password protection, data minimisation, least‑privilege access, and encryption at rest/in transit where available, supported by confidentiality obligations and auditability.

Consent: where used (for example, non‑essential cookies or optional marketing), consent is specific, informed, freely given and can be withdrawn at any time without detriment.

Children’s data

Services are offered from age 13 with enhanced safeguards for therapy clients under 18 and parental consent for clients under 16 alongside age‑appropriate confidentiality.
For any online service relying on consent offered directly to a child, the UK age of consent is 13 and below that consent must be authorised by someone with parental responsibility with reasonable verification.

Cookies and similar technologies (PECR)
The site uses essential cookies for security and core functionality and, subject to consent, analytics cookies to improve the website; non‑essential cookies are not set before consent and the banner provides equally prominent Accept All and Reject All choices with a persistent Cookie settings link in the footer.

Analytics (if used) operates only after consent and cookie details are provided in the separate Cookie Policy, which is reviewed and updated after periodic scans.

Data sharing
We do not sell personal data or share it for third‑party marketing, and we only share data where necessary with trusted processors and professional bodies under contract and appropriate safeguards.
Categories include hosting and site functionality, email and storage, analytics (if consented), payment processing (if enabled), insurers and accreditation bodies, professional regulators or supervisors where required, and competent authorities when legally obliged.

International transfers
Where providers transfer data outside the UK, we implement appropriate safeguards such as adequacy regulations, the UK Addendum to the Standard Contractual Clauses, or the UK International Data Transfer Agreement as applicable, reviewed periodically for effectiveness.

Retention
We retain personal data only as long as necessary for the purposes described and to meet legal and professional obligations.

Fire safety services: 7 years from last service.
Therapy services: 7 years from last session.
Training records (certification): 10 years.
Financial records: 7 years.
Marketing data: until consent is withdrawn or after 3 years of inactivity.Website analytics: 26 months by default if analytics is used and con
figured accordingly.

Security
We apply technical, organisational and physical measures proportionate to risk, including secure cloud infrastructure, encryption in transit and at rest where available, multi‑factor authentication, role‑based access controls, staff training, audits, incident response, and secure premises and disposal.
Therapy notes are segregated from other records and accessible only to authorised personnel under professional confidentiality obligations.

Your rights
Individuals have the rights of access, rectification, erasure, restriction, objection (including to legitimate interests), portability where feasible, and to withdraw consent at any time when consent is the basis.
Rights may be limited where required by law, professional standards, or safeguarding obligations, especially for therapy and fire safety records.
How to exercise rights: email admin@r2b.uk stating the right and scope; identity verification may be required.
We respond without undue delay and within one month, extendable by up to two further months if requests are complex or numerous, with notice of any extension and reasons.
No fee is charged unless a request is manifestly unfounded or excessive, in which case a reasonable fee may apply or we may refuse with reasons.

Automated decision‑making and profiling: none conducted that produce legal or similarly significant effects, and this statement will be updated if that changes.

Business continuity and changes of control
If ownership or structure changes, personal data may transfer under equivalent protections and individuals will be notified where appropriate.

Complaints
Questions and concerns can be raised via admin@r2b.uk and we aim to respond within 30 days wherever possible.
If unresolved, complaints can be escalated to the Information Commissioner’s Office by telephone at 0303 123 1113 or by post to Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Changes to this policy
We keep this policy under regular review and will update it with a new “Last updated” date; material changes will be communicated where appropriate.

Privacy Policy

Privacy Policy | Routes 2 Branching Ltd | UK GDPR & Data Protection

Last updated: 31 August 2025 | Next review: 31 August 2026

Controller: Routes 2 Branching Ltd (Company No: 16573955), 6 Norreys Drive, Maidenhead, England, SL6 4BU, admin@r2b.uk

Who we are
Routes 2 Branching Ltd provides fire safety consultancy, R2B Therapies & Growth services, and specialist training across the UK, acting as data controller for personal data processed through our website and service delivery activities.

Information we collect

Contact details: name, email, telephone number, postal and site addresses, and emergency contacts.

Business information: company name, job title, manager’s name, professional qualifications, and organisational information.

Financial information: invoicing details, payment history, and credit references where applicable.

Service‑specific data: fire safety property/specification and compliance history; training attendance, assessments, and certification; therapy session notes, goals, referrals, and safeguarding information.

Technical data: IP address, browser and device information, and site usage patterns via cookies and similar technologies, subject to consent where required.

Marketing data: communication preferences, service interests, and event participation.

Lawful bases and purposes

Contract (Article 6(1)(b)): delivering consultancy, therapy and training; managing bookings, certifications, and payments; and fulfilling service obligations.

Legal obligation (Article 6(1)(c)): maintaining tax and financial records, meeting regulatory and insurance requirements, and safeguarding/reporting duties.

Legitimate interests (Article 6(1)(f)): responding to enquiries and providing quotations; operating, securing, and improving services and the website; preventing fraud; and proportionate B2B marketing with a simple opt‑out.

Vital interests (Article 6(1)(d)): handling emergencies, health and safety incidents, or safeguarding where necessary to protect life.

Special category data (therapy): where therapy involves health information, processing is under Article 9(2)(h) for health or social care with the Data Protection Act 2018 Schedule 1 paragraph 2 condition, under professional confidentiality and appropriate safeguards.

Safeguards for therapy records: therapy notes are stored separately with role‑based access and password protection, data minimisation, least‑privilege access, and encryption at rest/in transit where available, supported by confidentiality obligations and auditability.

Consent: where used (for example, non‑essential cookies or optional marketing), consent is specific, informed, freely given and can be withdrawn at any time without detriment.

Children’s data

Analytics (if used) operates only after consent and cookie details are provided in the separate Cookie Policy, which is reviewed and updated after periodic scans.

International transfers
Where providers transfer data outside the UK, we implement appropriate safeguards such as adequacy regulations, the UK Addendum to the Standard Contractual Clauses, or the UK International Data Transfer Agreement as applicable, reviewed periodically for effectiveness.

Retention
We retain personal data only as long as necessary for the purposes described and to meet legal and professional obligations.

Fire safety services: 7 years from last service.

Therapy services: 7 years from last session.

Training records (certification): 10 years.

Financial records: 7 years.

Marketing data: until consent is withdrawn or after 3 years of inactivity.Website analytics: 26 months by default if analytics is used and con

figured accordingly.

Automated decision‑making and profiling: none conducted that produce legal or similarly significant effects, and this statement will be updated if that changes.

Business continuity and changes of control
If ownership or structure changes, personal data may transfer under equivalent protections and individuals will be notified where appropriate.

Changes to this policy
We keep this policy under regular review and will update it with a new “Last updated” date; material changes will be communicated where appropriate.

SITELINKS
FIRE SAFETY SERVICES
Fire Risk Assessments
Fire Doors Inspection
BLOGS
Fire Safety Blog
Therapies & Growth Blog
Training & Consultancy Blog

THERAPIES & GROWTH SERVICES

Hypnotherapy
Therapeutic Coaching
Group Therapy
Employees Therapies & Growth Program (ETGP)

TRAINING & CONSULTACY SERVICES
Investigators and Enforcement Officers
SPECIALIST COURSES
Witness & Victim Interviewing and Statement Writing
Contemporaneous Notes and Notebooks
Sentencing in Fire, H&S Cases
Fire Safety Enforcement in HMOs

THE COMPANY

Privacy Policy

Privacy Policy | Routes 2 Branching Ltd | UK GDPR & Data Protection

Last updated: 31 August 2025 | Next review: 31 August 2026

​

Controller: Routes 2 Branching Ltd (Company No: 16573955), 6 Norreys Drive, Maidenhead, England, SL6 4BU, admin@r2b.uk

Who we are Routes 2 Branching Ltd provides fire safety consultancy, R2B Therapies & Growth services, and specialist training across the UK, acting as data controller for personal data processed through our website and service delivery activities.

​

​

Information we collect

Contact details: name, email, telephone number, postal and site addresses, and emergency contacts.

Business information: company name, job title, manager’s name, professional qualifications, and organisational information.

Financial information: invoicing details, payment history, and credit references where applicable.

Service‑specific data: fire safety property/specification and compliance history; training attendance, assessments, and certification; therapy session notes, goals, referrals, and safeguarding information.

Technical data: IP address, browser and device information, and site usage patterns via cookies and similar technologies, subject to consent where required.

Marketing data: communication preferences, service interests, and event participation.

Lawful bases and purposes

Contract (Article 6(1)(b)): delivering consultancy, therapy and training; managing bookings, certifications, and payments; and fulfilling service obligations.

Legal obligation (Article 6(1)(c)): maintaining tax and financial records, meeting regulatory and insurance requirements, and safeguarding/reporting duties.

Legitimate interests (Article 6(1)(f)): responding to enquiries and providing quotations; operating, securing, and improving services and the website; preventing fraud; and proportionate B2B marketing with a simple opt‑out.

Vital interests (Article 6(1)(d)): handling emergencies, health and safety incidents, or safeguarding where necessary to protect life.

Special category data (therapy): where therapy involves health information, processing is under Article 9(2)(h) for health or social care with the Data Protection Act 2018 Schedule 1 paragraph 2 condition, under professional confidentiality and appropriate safeguards.

Safeguards for therapy records: therapy notes are stored separately with role‑based access and password protection, data minimisation, least‑privilege access, and encryption at rest/in transit where available, supported by confidentiality obligations and auditability.

​

Consent: where used (for example, non‑essential cookies or optional marketing), consent is specific, informed, freely given and can be withdrawn at any time without detriment.

Children’s data

Analytics (if used) operates only after consent and cookie details are provided in the separate Cookie Policy, which is reviewed and updated after periodic scans.

International transfers Where providers transfer data outside the UK, we implement appropriate safeguards such as adequacy regulations, the UK Addendum to the Standard Contractual Clauses, or the UK International Data Transfer Agreement as applicable, reviewed periodically for effectiveness.

Retention We retain personal data only as long as necessary for the purposes described and to meet legal and professional obligations.

Fire safety services: 7 years from last service.

Therapy services: 7 years from last session.

Training records (certification): 10 years.

Financial records: 7 years.

Marketing data: until consent is withdrawn or after 3 years of inactivity.Website analytics: 26 months by default if analytics is used and con

figured accordingly.

Automated decision‑making and profiling: none conducted that produce legal or similarly significant effects, and this statement will be updated if that changes.

Business continuity and changes of control If ownership or structure changes, personal data may transfer under equivalent protections and individuals will be notified where appropriate.

Changes to this policy We keep this policy under regular review and will update it with a new “Last updated” date; material changes will be communicated where appropriate.

SITELINKS FIRE SAFETY SERVICES ​Fire Risk Assessments Fire Doors Inspection BLOGS Fire Safety Blog Therapies & Growth Blog Training & Consultancy Blog

THERAPIES & GROWTH SERVICES

Hypnotherapy Therapeutic Coaching Group Therapy Employees Therapies & Growth Program (ETGP)

TRAINING & CONSULTACY SERVICES Investigators and Enforcement Officers​ SPECIALIST COURSES Witness & Victim Interviewing and Statement Writing Contemporaneous Notes and Notebooks Sentencing in Fire, H&S Cases Fire Safety Enforcement in HMOs

THE COMPANY​​​

Who we are
Routes 2 Branching Ltd provides fire safety consultancy, R2B Therapies & Growth services, and specialist training across the UK, acting as data controller for personal data processed through our website and service delivery activities.

International transfers
Where providers transfer data outside the UK, we implement appropriate safeguards such as adequacy regulations, the UK Addendum to the Standard Contractual Clauses, or the UK International Data Transfer Agreement as applicable, reviewed periodically for effectiveness.

Retention
We retain personal data only as long as necessary for the purposes described and to meet legal and professional obligations.

Business continuity and changes of control
If ownership or structure changes, personal data may transfer under equivalent protections and individuals will be notified where appropriate.

Changes to this policy
We keep this policy under regular review and will update it with a new “Last updated” date; material changes will be communicated where appropriate.

SITELINKS
FIRE SAFETY SERVICES
Fire Risk Assessments
Fire Doors Inspection
BLOGS
Fire Safety Blog
Therapies & Growth Blog
Training & Consultancy Blog

Hypnotherapy
Therapeutic Coaching
Group Therapy
Employees Therapies & Growth Program (ETGP)

TRAINING & CONSULTACY SERVICES
Investigators and Enforcement Officers
SPECIALIST COURSES
Witness & Victim Interviewing and Statement Writing
Contemporaneous Notes and Notebooks
Sentencing in Fire, H&S Cases
Fire Safety Enforcement in HMOs

THE COMPANY