Privacy Policy 

Counselling is a confidential safe space and I am committed to holding any data about you securely, however, there are some legal and ethical limits to confidentiality. 



Your confidentiality and privacy are very important to me. Under the General Data Protection Regulations of 2018, I am required by law to inform you how I keep safe the data you provide me and I how I hold this data.  I also abide by the British Association for Counselling and Psychotherapy’s code of ethics. I will never sell your data to any other individual, company or organisation for any purpose and I am required to gain your explicit consent to my holding your data in certain ways.

Your data

I keep client data as part of providing a counselling service. Under GDPR you have the right to know what client data I hold, why I hold it, and for how long I hold it. Any contact information you provide (including the contact form on this site) is solely used for making contact or appointments.  It will not be used for any marketing purposes or given to any third party for marketing.

The therapy client data that I hold may include:


Name and address

Phone number/s and email address/es

GP name and contact details

Relevant medical information

Brief session notes

Payment information

Email correspondence

GDPR Consent Form


You also have the right to view your data, and to ask for changes to be made if is it incorrect. When sensitive data is to be destroyed, it will be shredded securely or deleted.


If I discover there has been a data breach of your personal information I am obliged to let you know. I keep your contact details in paper form in a locked filing cabinet.  Any session notes are stored separately and anonymously.  My computer and phone are pass code protected. My professional liability insurer advise I keep your session notes for 5 years.  After this time, they will be securely disposed of. 


Whilst we are working together, your phone number is held in my phone under your first name only. This is held in case I need to contact you, for example to reschedule a session, rather than for therapeutic work. 

GP contact data

I keep this data securely in paper form along with your name and contact details. I would not routinely contact your GP or inform them of your attendance or anything discussed unless we agree together that it was useful.  I reserve the right to contact your GP or another professional if I had a serious concern for your, or another persons welfare.


Medical Information

I keep this data securely in paper form along with your name and contact details.


Session Notes

I keep brief aide-memoire session notes. They are hand written and kept securely which may include dates and times of your attendance and themes discussed during a session. I may destroy all or part of any notes I do not consider necessary to retain.


Payment Data

I am required by law to retain certain financial information, primarily for tax purposes, and as advised by HMRC this is retained for seven years. Tax returns will  not include your personal information.  Payment by BACS will be processed by my bank. Any bank statement showing any identifiable details about you is kept in a locked filing cabinet. If this needs to be submitted for tax reasons I block out any identifiable details.


If you choose payment via BACS, an account name and your reference will show on my online and paper bank statements.  Banking transactions may be viewed by bank employees, my accountant, a financial advisor or HMRC employees who will all have their own GDPR policies.

Emails and Texts.

My phone and email account are password protected and not shared with anyone else. I may delete emails and texts after I have noted their content (for example, emails around scheduling). Any emails that I consider necessary to keep are held securely though I cannot be held responsible for any email/text/call/message you choose to send me where 3rd party providers hold responsibility.


If you have any other questions regarding how your therapy client data is used, please discuss this with me or contact me, as the Data Controller.  You can contact me at   I am registered with ICO as a data manager.