top of page

GDPR Statement

Commitment to Your Privacy

I believe that protecting your personal information is an essential part of creating a safe therapeutic space. Trust is at the heart of our work together, and that includes being open with you about how I handle your data. This statement explains what information I collect, why I need it, and how I keep it safe.

What Information I Collect

When you work with me, I may collect and hold the following information about you:

  • Your name and contact details (phone number, email address, postal address)

  • Emergency contact details

  • Information about your presenting concerns and reasons for seeking therapy

  • Notes from our sessions together

  • Relevant medical or mental health history that you share with me

  • Payment information and records of transactions

  • Any correspondence between us (emails, messages)

Why I Collect Your Information

I need to process your personal data to provide you with therapy. The legal bases for this are:

For general personal data: Article 6(1)(b) UK GDPR — processing is necessary for the performance of the therapeutic contract between us. In plain terms, I need your contact details and other information to fulfil my commitment to provide you with counselling or psychotherapy.

For sensitive health information: Article 9(2)(h) UK GDPR — processing is necessary for the provision of health or social care treatment by a health professional. The additional condition under DPA 2018 Schedule 1, Part 1, paragraph 2 (health or social care) also applies. This recognises that therapy involves discussing sensitive personal matters, and allows me to process this information appropriately as a qualified practitioner bound by professional confidentiality.

Professional Supervision

As part of maintaining high professional standards, I discuss my clinical work in supervision. This is a normal and important part of ethical therapeutic practice.

Your identity is always protected. I do not share any identifying details with my supervisor. My supervisor receives only anonymised case material — enough to help me reflect on my practice, but nothing that could identify you. My supervisor is also bound by their own professional body's confidentiality obligations.

Clinical Will Arrangements

I have appointed a Clinical Executor — a trusted fellow therapist — who would step in to manage my practice should I become seriously ill or die unexpectedly. Their role would be to:

  • Contact you sensitively to let you know what has happened

  • Help you find alternative therapeutic support if you wish

  • Handle your records confidentially and securely in accordance with this statement

This arrangement ensures you would be looked after and your information protected, even in unforeseen circumstances.

Who Else May See Your Information

Beyond myself, the following people or services may have limited access to your data:

Clinical supervisor — As explained above, my supervisor sees only anonymised case material. Your identity is not disclosed.

Service providers — I use certain third-party tools to run my practice:

  • Wix — hosts my website

  • MS Teams — for online sessions

  • WhatsApp — for client communication where agreed

These providers process limited technical or scheduling data. For details on how each handles data, please refer to their own privacy policies.

Statutory authorities — In rare circumstances, I may be legally required to share information with authorities such as the police or courts (see below).

When I Might Need to Break Confidentiality

Confidentiality is fundamental to therapy, and I take it very seriously. However, there are limited circumstances where I may need to share information without your consent:

  • If I believe there is a serious risk of harm to you or someone else

  • If there are safeguarding concerns involving a child or vulnerable adult

  • If I receive a court order requiring disclosure

Wherever possible, I will discuss any concerns with you first and keep you informed about what I am doing and why.

How Long I Keep Your Records

I retain your records for 7 years after our last session. This period is in line with the Limitation Act 1980 and standard professional indemnity insurance requirements.

If you were under 18 when we worked together, I keep your records until you reach the age of 25, or for 7 years after our last session — whichever is longer.

How I store your records:

  • Electronic records are encrypted and password-protected

  • Paper records are kept in a locked filing cabinet in a secure room

  • Only I have access to your records

At the end of the retention period:

  • Paper records are shredded

  • Electronic records are permanently deleted using secure deletion software

Your Rights

Under UK GDPR and the Data (Use and Access) Act 2025, you have important rights over your personal data:

You can ask to see your records. You have the right to request a copy of the information I hold about you. I will respond within one month.

You can ask me to correct mistakes. If any information I hold is inaccurate, please let me know and I will put it right.

You can ask me to delete your data. In some circumstances, you can request that I delete your records. However, I may need to keep certain information for legal, insurance, or safeguarding reasons — I will always explain if this applies.

You can object to processing or ask me to restrict it. If you have concerns about how I am using your data, please talk to me.

You can withdraw consent. Where processing is based on your consent, you can withdraw it at any time — though this does not affect the lawfulness of processing before withdrawal.

Making a Complaint

If you are unhappy with how I have handled your personal data, please contact me first so I can try to resolve your concerns:

maria@allseasonscounselling.co.uk

I will acknowledge your complaint within 7 days and aim to resolve it within 28 days.

If you are not satisfied with my response, you may escalate your complaint to the Information Commissioner's Office (ICO):

  • Website: ico.org.uk

  • Telephone: 0303 123 1113

  • Address: ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

bottom of page