Data Protection & Privacy Policy

When you contact me you are consenting to my use of your data according to this policy, so please ensure to read the below. Any personal data you provide will be held and processed in accordance with the principles set out in the Data Protection Act 2018 (UK General Data Protection Regulation).

This policy refers to my collection, usage and storage of your data. Before contacting me via phone/email or engaging in video sessions, please consider how you will manage confidentiality on your own devices. For example, password protecting devices, removing saved logins on shared devices, and logging out of Zoom or clearing Doxy.me from your browser history after a video session.

Personal data held

  • Identifiable information is held for the purpose of communication and in accordance with my insurance policy. Beyond your name, phone number and email address, further information is optional. Intake forms received via email are printed and kept in a locked cabinet, then deleted from my email server.

  • Emails and phone calls/texts exist on electronic devices which are password protected.

  • Pseudonymised attendance records and brief session notes are kept electronically or on paper in a locked cabinet for the purpose of reflection, supervision, invoicing and insurance requirements.

  • Pseudonymised financial records are kept electronically for tax purposes. Please be aware that electronic records exist for any transactions made by bank transfer, cheque or card payment.

  • I use Microsoft Office to power my email account and electronic record-keeping, Wix for my website, SumUp for card payments, Bank of Scotland for client transactions, Surfshark VPN, Krisp noise cancelling software, and Doxy.me and Zoom for video sessions. Any collection and use of data by these companies is subject to their own privacy policies. Krisp processes voice audio data locally and this data never leaves my devices – see the Security section on their website for more information.

  • In line with my insurance requirements, personal data is kept for five years after counselling ends or our last contact after which time it is destroyed by shredding and deletion. I annually check the personal data I hold to correct any changes or inaccuracies, and to make sure data has been deleted at the end of its retention period.

Sharing of data

  • Under normal circumstances, no information about you will be passed to anyone without your consent. This includes information about your initial enquiry and content from our sessions.

  • For clients who are accessing The Next Chapter’s reduced fee service, pseudonymised information relating to attendance is provided to the organisation’s Director for invoicing purposes.

  • In certain circumstances, I may pass on confidential information. These circumstances may include where there is an imminent risk to you or someone else of serious harm, or if I am required by law, a professional membership body such as COSCA, the Information Commissioner’s Office (ICO), HMRC or my insurance company to do so in the event of a complaint, legal action or audit. Where possible I will first ask for your consent before sharing the required information.

  • In line with UK professional standards, I undertake regular supervision. Meeting regularly with a supervisor helps to maintain and support self-awareness, self-care and the managing of ethical issues. Supervision is confidential and I do not provide information or details which may identify my clients.

  • In the event of my incapacitation, a trusted colleague is nominated to contact my current clients and to support them in making alternate counselling arrangements where required.

Your rights under GDPR legislation

  • The GDPR (implemented as the Data Protection Act 2018) provides rights for individuals such as access to information held about them. See ico.org.uk/your-data-matters/ for more information about your rights. Please contact me in advance if you would like a copy of the information held by me in my records, or to correct any inaccuracies in your information. You have the right to complain to the ICO if you are concerned I may be mishandling your data.