Privacy Notice

Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure, and will only be used for the purpose it was given to me. This privacy notice tells you what I will do with your personal information.

I am happy to talk through any questions you might have about my privacy policy and you can contact me via the contact form.

I am registered with the Information Commissioner’s Office (ZB270213).

When you contact me with a question about my services I will collect information to help me to answer your question. This will include your name and email address and/or phone number. Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted person may give me your details when contacting me on your behalf.

If you decide to have therapy, I will keep a record of your personal details. This includes a personal information form, with your name, address, telephone number, GP details and emergency contact. I also keep a record of our working agreement, which has your name and signature. These details are kept securely on a computer and are not shared with any third party.

I will keep brief written notes of our work. These are kept in a locked filing cabinet and are kept separately from the rest of your personal details. I do not use identifying details in these notes, such as real names or places. These notes are therefore anonymised and not traceable to you.

Why do I collect data?

Before therapy

I keep information in order to communicate with you.

During therapy

I keep information in order to perform my contract with you, i.e. so that the therapy services run smoothly.

After therapy

I have a legal obligation to keep personal information about clients I have worked with (for up to 7 years) due to financial regulations and to comply with my professional registration and insurance.

How do I store your data?

I take the security of the data I hold about you very seriously and I take every effort to make sure it is kept secure. Any paper-based information is fully anonymised and kept in a locked filing cabinet. Electronic information is always password-protected and stored on secure IT systems.

How do I protect data?

I only use good quality IT services and secure IT systems. I also anonymise information about our work together.

How do I transfer data?

I use an email tool (FairEmail) to receive emails. Any data is received on password-protected devices.

Who do I share data with?

Everything you share with me is confidential. That confidentiality will only be broken if I have reason to think that you or someone else is at risk of serious harm. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this. I also discuss my casework with a clinical supervisor, monthly. I do not use full names, to preserve anonymity. Furthermore, my supervisor is bound by a professional code of ethics.

As a small organisation, I have limited control over where IT services transfer data in their global services. However, I make every effort to check the security practices of software providers I work with and only use reputable products.

How long do I keep data?

Initial enquiries

If you make contact with me but then decide not to have therapy, I will ensure all of your data is deleted within 12 weeks. If you would like me to delete this information sooner, just let me know.

Waiting list

If we decide to work together but my services are currently full, I may offer you a place on a waiting list. If you accept a place on the waiting list, I will keep your details for up to 6 months, unless you ask me to delete them sooner than this.

After therapy has ended

Once counselling has ended your personal information will be kept for 7 years from the end of our contact with each other and will then be securely destroyed. This is in order to comply with financial laws and regulations. If you are under 18 when our therapy contract ends, your data will be kept for 7 years from the point that you turn 18. If you want me to delete your information sooner than this, please tell me.

For security reasons I do not retain text messages for more than 4 weeks. If there is relevant information contained in a text message I will transfer this to a password protected computer. Likewise, any email correspondence will be deleted after 4 weeks if it is not important.

How do I get rid of data?

All paper-based information is shredded. Electronic information is deleted and back-up copies are removed.

Your rights

You have a right to ask me to:

  • delete your information
  • explain how I use your information
  • limit how I use your information
  • give you a copy of your personal information
  • amend/change your information if there are any inaccuracies in it
  • stop using your information.

You can read more about your rights at ico.org.uk/your-data-matters.

To make a request for any personal information I may hold about you, please write to me via the contact form.

If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. If we cannot sort this out this together, you can contact the ICO, which is the organisation that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.

Data security

Visitors to my website

When someone visits my website, I use a third party service, Kualo Limited to collect standard internet log information (IP address) and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. I do not make any attempt to find out the identities of those visiting my website.

If you fill out a contact form on my website, I use legitimate interests as the lawful basis for holding and using your personal information in this way.

No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.