Privacy Policy

I am registered with the ICO (Information Commissioners Office).

Under the GDPR rules I am the Data Controller.  Because we have a contract I will need to collect certain data to fulfil our contract.  Therefore, I need to inform you of what data I collect and what I intend to do with it.  The paper documents I hold are:

  • Contact sheet
  • The counselling agreement between us
  • Brief session notes 
  • GDPR Agreement (this document)

 The electronic details I may hold are:

  • Email address
  • Telephone number (SMS) 
  • Any Facebook messages
  • Data included on WriteUpp (see below)
  • Bank details (if paying by BACS). 

 What data do I keep and why do I need it?

Name and age – this basic information helps me get to know you.  Your birthday is your NHS identifier should you become ill during session.   

Address, email address, phone number – I use this as a way of contacting you regarding your sessions.   We will discuss which method of communication suits you best in our initial session.  

GP details – If I was worried that you were at risk of serious harm, then I may need to contact your GP.  If I can, I will tell you that I am going to do this.  If you were to become ill within our session, then I may also need to contact your GP or 111. 

Counselling and brief family history – This information is gathered to help me gauge how to work with you effectively.

Current medical conditions/medication/disabilities/suicidal ideation – Again this information helps me work safely with you.  

Session notes – I keep very brief anonymous notes of our sessions.  The notes will contain your unique client code and not your full name. 

Will I share your data and if I do, who will I share it with and for what purpose?

It is extremely unlikely that I will share your data.  I will never sell it on or use it for unethical reasons.  If you pay via BACS your name will appear on my statements and this may be seen by financial services. I may have to share it if my notes are subpoenaed by court or if you tell me you are at serious risk of harm.   Here I will do everything I can to gain your consent.  If I have become aware of your intent to cause harm to another person/organisation the law may require that I inform an authority without seeking your permission.  In such a situation the law may require that I share your personal information without your knowledge. If you disclose that you are acting illegally, eg. Involved in money laundering the law requires me to inform an authority.  I also have regular supervision.  This is where I take my client work to a qualified supervisor. It is an ethical obligation for me to do this to ensure that I am working safely with you. You are not identifiable.

How will I store your data?

The details I take from you in our initial session are locked away in a filing cabinet.  In addition I use a cloud-based application, WriteUpp, for diary management and duplicates the manual notes I have in my filing cabinet.  WriteUpp is extremely secure.  I have a personal URL, which requires a username and password.  The data is never stored on my computer, I do not have to install any software.  WriteUpp uses Microsoft’s Azure cloud infrastructure, which is trusted by government agencies.  The data that I send to WriteUpp is encrypted using 256-bit encryption and is fully GDPR compliant. 

If we are conducting counselling online I will recommend that we use Zoom.  Zoom app will only store my basic information such as my email address, user password, my name and phone number.  Zoom will also require you to download the app to use.  The Zoom room is where we will meet and for online video counselling communications are established using 256-bit TLS encryption.  Clients are entered into the room via me and the client’s unique password.

Your phone number will be kept on my phone with your first name and surname initial and your email address on my computer and/or phone.  Both the phone and computer are password protected and only I have access.  

How long will I store your data and how will I dispose of it?

Your session notes, contact/assessment sheet, this privacy policy, contract agreement and unique code will be kept for 5 years, which is the time frame my insurance company requests.  If I cannot keep your data in this way, unfortunately I will not be insured to work with you. I will delete your phone number and emails and any messages on social media 1 month after our work finishes.

Your Rights:

Right to be informed – to be informed about what information I hold (eg this document).

Right to rectify any inaccurate or incomplete personal information.

Right to withdraw consent to me using your personal information – your personal information will never be passed on, it will only be used lawfully for your safety, with your permission (excluding immediate risk).  

Right of access – At any time you can ask for a copy of the data I keep.  This will be provided to you within one month of the date of asking.

Right to data portability – You have the right to take your data and share it with another party.

Right of erasure – to request your personal information to be erased (I can decline this whilst the information is needed for me to practice lawfully and competently).

A printed copy of this statement will be given to you when we first meet for counselling or with online therapy, it will be emailed to you.  

By consenting to this document you agree for us to work in this way.  

Privacy Policy:
I am registered with the ICO (Information Commissioners Office), which means I need to tell you what data I am collecting from you and what I intend to do with it.

The paper documents I hold are:

  • Assessment sheet
  • The agreement between us
  • Brief session notes
  • GDPR Agreement (this document)
  • Client code document (linking documents)

The electronic details I may hold are:

  • Email address
  • Telephone number (SMS)
  • Website – no information is stored on here
  • Any Facebook messages

If you decide you would like to work with me then at our initial session you will receive a copy of my full privacy policy, which includes full details on the following:
What data do I keep and why do I need it?
Will I share your data and if I do, who will I share it with and for what purpose?
How long will I store your data and how will I dispose of it?
How will I store your data?

Your Rights:
Right to be informed
Right to rectify any inaccurate or incomplete personal information.
Right to withdraw consent to me using your personal information
Right of access
Right to data portability
Right of erasure

Last updated: 23/07/2021

Put Your Company Name Here (“us”, “we”, or “our”) operates the Put Your Company Name Here website (the “Service”).

This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at

Information Collection And Use

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information (“Personal Information”) may include, but is not limited to:

  • Name
  • Email address
  • Telephone number
  • Address

Log Data

We collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.


Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.

Compliance With Laws

We will disclose your Personal Information where required to do so by law or subpoena.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us.