MSc Counselling and Psychotherapy
Data & Privacy Policy
Your privacy matters
I am committed to protecting your personal data and respecting your privacy. This privacy policy explains how your personal information is collected, used, and stored in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
I am the data controller (the person responsible for managing and protecting your personal information) for the personal data I process.
What information do I collect?
I may collect and process the following personal information:
-
Name
-
Email address
-
Telephone number
-
Information you choose to share when making an enquiry
-
Information necessary for the provision of counselling services
-
Brief therapy notes
-
GP and emergency contact details
If you contact me via my website, email, or telephone, I will only collect the information necessary to respond to your enquiry.
How your information is collected
Your personal data may be collected when you:
-
Contact me via my website contact form
-
Email or telephone me directly
-
Book or enquire about counselling sessions
-
Engage in counselling sessions
Information submitted through my website is processed by the website provider, who will have their own privacy and data protection policies.
How your data is used
Your personal data is used solely for the purpose of:
-
Responding to enquiries
-
Providing counselling services
-
Managing appointments and communication
-
Maintaining professional records
-
Meeting legal, ethical, and insurance requirements
Your information will not be used for marketing purposes or shared unnecessarily.
Lawful basis for processing
Under UK GDPR, I process personal data on the basis of:
-
Consent
-
Contract (to provide counselling services)
-
Legal obligation
-
Legitimate interests (to manage my practice safely and ethically)
Special category data (for example, mental health information) is processed solely for the purpose of providing counselling services.
How your data is stored
-
All records are stored electronically on password-protected devices and secure cloud-based storage
-
Access to personal data is restricted to me only
-
I do not keep paper records
-
Reasonable steps are taken to protect data from unauthorised access, loss, or misuse
Third-party services
I use trusted third-party services to support my practice, including:
-
Online platforms (such as Zoom or Outlook) for sessions and communication
-
My website provider for handling enquiries
-
My bank for processing payments
-
These providers process data in accordance with their own privacy policies. No therapeutic content is shared with my bank.
How long will I keep data for?
Client records are retained for seven years after the end of counselling, in line with professional, legal, and insurance requirements. After this period, data is securely deleted.
Your rights
Under data protection law, you have the right to:
-
Request access to your personal data
-
Request correction of inaccurate or incomplete data
-
Request deletion of your data, where appropriate
-
Raise concerns about how your data is processed
In some circumstances, data may not be deleted where there is a legal, ethical, or insurance requirement to retain it.
Requests regarding personal data should be made in writing and will be responded to within the required legal timeframes.
All personal information is treated as confidential, subject to legal and ethical limits. Full details about confidentiality and its limits are outlined in my counselling contract.
Confidentiality
Contact details
If you have any questions or concerns about this privacy policy or how your data is handled, please contact me directly.
Updates to this policy
This privacy policy may be reviewed and updated from time to time. Any significant changes will be reflected on this page.