Complying with UK General Data Protection Regulation (UK-GDPR)
Privacy Policy
Last updated: 30th September 2025
This Privacy Policy explains how I collect, use, store, and protect your personal information when you use my counselling services and this website. I take your privacy seriously and am committed to handling your information in a safe, respectful, and lawful way.
1. Who I Am
I am a practising counsellor offering professional counselling services in the UK. I am registered with BACP and adhere to the ethical and legal requirements for data protection under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. I am registered with the ICO as a sole trader and data controller for the data I collect in the provision of counselling service.
2. Information I Collect
When you contact me or engage in counselling, I collect and keep the following types of personal data:
•
Contact details (name, phone number, email, address).
•
Emergency contact information.
•
Personal history and therapy notes relevant to counselling.
•
Payment information (where applicable).
•
Website usage information (e.g., cookies, IP address) if you use this website.
If you decide not to continue with counselling after contacting me, I will delete any emails we have exchanged.
3. How I Use Your Information
Your information is used to:
•
Provide safe and effective counselling services.
•
Communicate with you about appointments and services.
•
Keep necessary records for legal, ethical, and professional purposes.
•
Process payments.
•
Ensure website functionality and security.
I will not share your personal data with third parties unless:
•
You give explicit consent.
•
I am required by law (e.g., safeguarding concerns, risk of harm, or a court order).
•
It is necessary for professional supervision (where information is shared in anonymised form).
4. Confidentiality in Counselling
What you discuss in counselling is confidential. The only exceptions are if:
•
There is a risk of serious harm to yourself or others.
•
There are concerns about safeguarding a child or vulnerable adult.
•
Disclosure is required by law.
Where possible, I will always discuss any need to break confidentiality with you first.
5. How I Store Your Information
•
Electronic records are password-protected and access is secured via double-factor authentication.
•
Emails and phone messages are deleted regularly and not stored longer than necessary.
•
Records are kept for 6 years in line with professional guidance and insurance requirements, after which they are securely destroyed.
•
All personal information is kept on a secure online platform (bac-pac.co.uk). This platform complies with UK-GDPR requirements for safe storage of personal, sensitive information. This is the information from their parent company, Mayden:
"Mayden, the company behind bacpac has over a decade of experience
handling confidential patient data. We have reviewed our procedures and
policies in the light of the GDPR and the necessary steps to comply with
the new measures.
Mayden is ISO 27001:2013 accredited. This internationally recognised
information security management standard ensures that a business has
stringent processes in place to ensure data confidentiality and to identify,
manage and reduce risks to information security. "
6. Your Rights
You have the right to:
•
Access the personal information I hold about you.
•
Request corrections if your information is inaccurate.
•
Request deletion of your data (subject to legal and professional requirements).
•
Withdraw consent for me to contact you.
•
Complain to the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.
7. Cookies and Website Data
This website may use cookies to improve user experience and monitor website traffic. You can disable cookies through your browser settings if you prefer.