Your privacy matters deeply to me. From our first contact to long after our final session, I treat any personal information you share with care, security, and respect. This policy explains how I collect, use, store, and protect your information, in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the British Association for Counselling and Psychotherapy (BACP) Ethical Framework BACP Ethical Framework for the Counselling Professions
What I Collect and Why
When you first contact me, I will ask for basic details such as (i.e., telephone number and/or email address). This helps me arrange appointments or respond to enquiries. If you choose not to proceed with therapy, I delete this information within one month, or sooner if you request it. Sometimes an organisation, employer, or relative may give me your details when making an enquiry on your behalf.
If you decide to work with me, I will collect further details such as your address, date of birth, and GP’s contact information for safeguarding purposes. I do not contact your GP without your consent unless I believe there is a serious risk to you or another and it is necessary to do so. During our work together, I may also record relevant health information you choose to share with me. Alongside this, I keep brief notes to help me track the issues we are working on and a diary to manage my appointments, these are anonymised and stored securely.
Lawful Basis for Processing Your Data
Under UK GDPR, I must have a lawful basis for processing your data. While we are in contact about therapy or currently working together, I process your information because it is necessary for the contract between us. If you have finished therapy, I retain your records under my legitimate interest to meet professional, legal, and insurance requirements. For sensitive information about your health, the lawful basis is that it is necessary for the provision of health treatment and forms part of our therapeutic contract.
Confidentiality and Supervision
Everything you share in our sessions is treated as confidential. I may need to break confidentiality if there is:
- Expression of harm to self or others
- Safeguarding of children and vulnerable adults
- Acts of terrorism
- Drug trafficking
- Money laundering
Other legal exceptions, for example, if a court order is received and a legal obligation arises.
As part of my professional commitment, I have regular supervision, where I may discuss our work in a non-identifiable way with a qualified supervisor who is also bound by the BACP Ethical Framework.
How I Store Your Information
I store your personal details separately from your therapy notes, and they are linked only by a reference number. Paper records are locked in a secure cabinet, and digital records are kept on password-protected, encrypted devices with antivirus protection. My email account, diary and any devices used to access it are also password protected. Emails that are no longer needed are deleted within one month, unless they form part of your record.
A short document, known as a Clinical Will, exists in case of my sudden illness or death, it can only be accessed by another registered counsellor, and only in an emergency. It ensures clients can be contacted in my absence and only holds name and contact details. It exists to make sure my clients can be contacted, while maintaining confidentiality.
After Therapy Ends
I keep therapy notes for seven years after our work together finishes, or for seven years after your eighteenth birthday if you were under eighteen when we worked together. Some minimal identifying information—such as your name, date of birth, and client reference number—will be kept for the same period so I can locate your notes if needed. Your personal details form is securely destroyed at the end of therapy. After the retention period, all records are securely shredded or permanently deleted.
Third Parties
I do not share your information with third parties for marketing purposes. If your therapy is paid for or arranged by a third party (such as an employer), I will only share the dates of your attendance for invoicing.
Website Visitors
If you contact me through my website, the information you provide is sent directly to me via a secure connection and is not stored on the website. My website uses cookies and may use Google Analytics to collect anonymous visitor statistics, which help me improve the site. You can disable cookies in your browser settings.
Your Rights
You have the right to see the information I hold about you, to request corrections, deletion, or limits on how it is used. You can also object to its processing in certain situations. Requests should be made in writing, and I will respond within 28 days. In rare cases where I cannot comply (for example, for legal reasons), I will explain why. If a request is excessive, I may charge a reasonable fee to cover the administrative cost.
Data Controller and ICO Registration
I am the data controller for your personal information. I am registered with the Information Commissioner’s Office (ICO), registration numberZB577433. If you have any questions about how your data is handled, please contact me or the ICO on Information Commissioner's Office.
Complaints
If you are concerned about how I handle your personal information, please speak with me in the first instance. If you wish to make a formal complaint, you can contact the ICO on Information Commissioner's Office or call 0303 123 1113.
Last updated: 02/09/25
This policy may be updated occasionally to reflect changes in law or practice. The latest version will always be available to you.