Privacy Policy

See also: Cookie Policy

Privacy Policy (Effective from 1 March 2025)

At the heart of my work is trust, and that begins with how I handle your personal information. This Privacy Policy serves as an extension of my relationship with clients, offering transparency into the types of data I collect, how it’s stored, and the purposes it serves. This policy is consistent with EU and UK Data Protection laws, as well as the British Association for Counselling and Psychotherapy’s (BACP) Ethical Framework.

What is Personal Data?

The term “Personal Data” refers to any information capable of identifying you as an individual. You can browse most sections of my website without revealing any personal information. However, to engage in a working relationship, you will need to provide certain types of data.

Types of Data Collected

  1. Identity Data: Includes your full name and date of birth.
  2. Contact Data: Includes your email address, physical and billing addresses, and phone numbers.
  3. Emergency Contact Data: Information about your General Practitioner (GP) and at least one other emergency contact.
  4. Sensitive Personal Data: This encompasses a broad range of information disclosed during our therapy sessions and may include, but is not limited to, your mental and physical health history, family background, lifestyle choices, personal relationships, experiences, and other relevant psychological and emotional factors.
  5. Supervisory Data: Includes anonymised case discussions, and non-identifying information related to therapists’ client caseloads.
  6. Financial Data: Your bank account details and transaction history.
  7. Service Usage Data: Includes appointment history, frequency of sessions, and cancellation records.
  8. Technical Data: Your IP address, browser type, and other technical metrics.
  9. Marketing and Communications Data: Includes your email address, opt-in status, and your interactions with communications (for example, email opens and clicks). This data is collected only when you have clearly and actively consented to receive marketing communications.

Consent for Marketing Data

You will never be automatically added to any marketing list without your explicit consent. You can withdraw this consent at any time by clicking the unsubscribe link included in every marketing email or by contacting me directly.

If you request certain materials (for example, a free PDF guide) as part of an offer that includes a subscription to my marketing emails, you will be clearly informed of this before providing your email address. You will need to actively consent to joining the marketing list. You can withdraw your consent at any time after subscribing.

Your Rights with Respect to Data

  • Right of Access: You can request a copy of your data.
  • Right to Rectification: You have the right to correct inaccurate data.
  • Right to Erasure: You have the right to request the deletion of your data under specific conditions.
  • Right to Object and Restrict Processing: You can object to data processing for certain uses.
  • Right to Data Portability: You can request your data to be transferred to a third party.

To exercise any of these rights, please contact me; my contact details are at the end of this Privacy Policy. I aim to respond to your request within one month. If your request is complex or I’m dealing with a high volume of requests, this period may be extended by up to two months. To validate your request, I may ask for proof of identity.

Limitations on Data Rights

It’s important to note that there are conditions under which I may need to refuse your request. These conditions may include but are not limited to:

  • Legal obligations that require me to retain or process the data.
  • Situations where your request is excessive or unfounded.
  • Cases where fulfilling the request would prevent the exercise or defence of legal claims.
  • Circumstances where it is not in the public interest to carry out such a request.

Lodging a Complaint Regarding Data Processing

If you have concerns that your data is being handled improperly, you have the right to lodge a complaint with the relevant Data Protection Authority.

  • For EU Citizens or Residents: If you believe that my processing of your personal data infringes the GDPR, you can file a complaint with the Data Protection Authority in your country of residence, your place of work, or the place of the alleged infringement. Further details can be found here.
  • For UK Citizens or Residents: If you have concerns that my processing of your personal data infringes the UK-GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can visit the ICO’s website here.

Data Storage and Security Measures

Your data is processed and stored using secure third-party platforms compliant with data protection laws.

Service NamePurposeLocation of ProcessingApplicabilityPrivacy Policy
GoogleMarketing, Website AnalyticsWorldwideAny website visitor, Any clientGoogle Privacy Policy
MailerLiteEmail and Marketing CommunicationEUAny client or individual who opts in to marketingMailerLite Privacy Policy
MetaSocial media presence, CommunicationWorldwideAny website visitor, Any clientMeta Privacy Policy
Zoho MailCommunicationEUAny client or contact via emailZoho Mail Privacy Policy
RevolutFinancial TransactionsUK & EUAny clientRevolut Privacy Policy
SignalCommunicationWorldwideAny clientSignal Privacy Policy
StripeFinancial TransactionsWorldwideAny clientStripe Privacy Policy
VosFacturesInvoicingEUAny clientVosFactures Privacy Policy
ZoomCommunicationWorldwideAny clientZoom Privacy Policy

Conditions for Data Sharing

There are scenarios under which limited personal data might be shared:

Therapy Services

  • Supervision: Some anonymised data may be shared with a qualified supervisor. Your identity will remain confidential in these discussions.
  • Training: As part of ongoing professional development, case studies or examples from my practice may be discussed in educational settings. Any information shared for training purposes will be thoroughly anonymised to protect your identity.
  • Risk Management: If there is a significant and immediate risk to your well-being or that of others, essential data may be disclosed to your GP, emergency contact, appropriate authorities or emergency services.
  • Legal Obligations: Compliance with the law may necessitate the sharing of your data, for example, in the case of reporting a serious crime or responding to a court order.
  • Complaints: Should you formally complain about me, I may need to share relevant details about our interactions with professional bodies, my insurer, and legal representatives for the purposes of addressing the complaint.

Supervision Services

  • Supervision: Anonymised case discussions may be part of my own supervision to ensure the quality and ethical compliance of my supervisory services.
  • Training: Similar to therapeutic services, case studies or examples from my supervision practice may be used for educational purposes.
  • Ethical and Legal Obligations: If a supervisee’s conduct raises serious concerns, I may share data with their professional body, employer, or training organisation, and in extreme cases, law enforcement, consistent with data protection laws and the BACP’s Ethical Framework.
  • Complaints: Should you formally complain about me, I may need to share relevant details about our interactions with professional bodies, my insurer, and legal representatives for the purposes of addressing the complaint.

Mentoring Services

  • Ethical and Legal Obligations: If a mentoring service user’s conduct raises serious concerns, I may share data with the organisation that referred them to me, their professional body, employer, or training organisation, and in extreme cases, law enforcement, consistent with data protection laws and the BACP’s Ethical Framework.
  • Complaints: Should you formally complain about me, I may need to share relevant details about our interactions with professional bodies, my insurer, and legal representatives for the purposes of addressing the complaint.

Data Retention Timelines

  • Identity, Contact, and Financial Data: 10 years, as required for legal, contractual, and financial auditing purposes.
  • Sensitive and Service Usage Data: 7 years, to comply with professional standards and to provide a basis for ongoing therapeutic work.
  • Emergency Contact and Technical Data: 1 year, to facilitate risk management and improve user experience.

Policy Updates

This policy may be updated periodically. Please revisit this page for the most current version.

Contact Information

For questions about this Privacy Policy, please contact me.