Privacy Statement

I am registered with the ICO (Information Commissioners Office) and adhere to the General Data Protection Regulation (GDPR) which means I need to tell you what data I am collecting from you and what I intend to do with it.


Collection and usage of your personal data

  • I collect personal and sensitive information about clients (including name, address, email address, telephone numbers, GP/emergency details, date of birth, gender, ethnicity, religion, sexual orientation, medical and mental health information).
  • I use the information to provide an effective counselling services, to contact clients regarding sessions and to send receipts and/or invoices.
  • I keep short factual notes of sessions and a record of attendance.


Sharing of client data

  • I might share data if required by law, or if ordered to by a court or if a client tells me about risk of serious harm to themselves or someone else.
  • I have clinical supervision where I talk about my work, but I only use a client's first name. Supervision is also confidential.
  • All payments are recorded in my accounts using a client's name and might be shared with HMRC if I am audited.
  • If an Employee Assistance Programme (EAP) or insurance company has referred you, factual notes and attendance details might be provided to the EAP or insurance company.


Storage and disposal of data

  • Most of my records are stored securely using WriteUpp which is a fully encrypted cloud based online system for counsellors. My financial accounts, email, mobile phone and diary system are all electronic and password protected. Any paper records are stored securely in a locked cabinet.
  • My insurer requires me to keep counselling session notes and client personal information for a period of five years. After this time data will be destroyed.
  • I will delete any data related to clients from my business mobile phone and email no later than one month after ending  the therapy.


Access to or change of client data

  • A client can make a subject access request in respect of their personal information held by me by making a request in writing. Once I receive the written request, I will respond within 14 days. If a client were referred by an EAP or insurers, they might need to address the request directly to them.
  • If during counselling information is provided by more than one individual (couples counselling) I will only release information if consent has been given by both individuals involved.
  • A client may also request that inaccurate personal data is amended.



If a client has any concerns about how I have handled their data, a complaint can be made to the Information Commissioner’s Office (ICO):