I am registered with the Information Commissioners Office, to provide counselling services, I may collect and store the following types of information:
- Identity data: Name, date of birth, and contact details (address, telephone, email)
- Emergency contact details
- GP or medical professional details (if relevant)
- Session records: Brief, factual notes about our sessions
- Referral information: How you found me or who referred you
- Administrative data: Appointment records, invoices, and payment information
- Communication data: Emails, text messages, or voicemails exchanged between us
I do not collect more information than is necessary to provide my service.
Under the UK GDPR, the lawful bases I rely on for processing your personal data are:
- Contract (Article 6(1)(b)) – Processing is necessary to deliver the counselling service you have requested.
- Legal obligation (Article 6(1)(c)) – To comply with legal or regulatory obligations (e.g. record-keeping, insurance, or court orders).
- Legitimate interests (Article 6(1)(f)) – For the proper administration of my practice.
- Vital interests (Article 6(1)(d)) – If it is necessary to protect your life or another person’s life.
- Special category data (Article 9(2)(h)) – Processing is necessary for the provision of health or social care treatment.
Your personal data is used for the following purposes:
- To arrange, provide, and manage counselling sessions
- To maintain accurate records of our work together
- To communicate with you about appointments or changes
- To comply with professional and legal obligations
- To ensure your safety or the safety of others (in exceptional circumstances)
Sharing of Information
I do not sell or share your data for marketing or any other purposes.
Data Storage and Security
- Paper records (such as session notes) are kept in a locked cabinet.
- Electronic records (emails, contact details) are stored on password-protected devices and, where applicable, encrypted.
- Backup data is securely deleted when no longer required.
- I take all reasonable steps to protect your information from unauthorised access, alteration, or loss.
Data Retention
In accordance with professional and legal requirements:
- I retain adult client records for 7 years after our last contact.
- For clients under 18, records are retained until the client reaches age 25.
- After this period, records are securely destroyed (shredded or permanently deleted).
Your Rights
Under the UK GDPR, you have the following rights:
- Access: To request a copy of the personal data I hold about you.
- Rectification: To correct any inaccurate or incomplete information.
- Erasure: To request deletion of your data, where legally possible.
- Restriction: To request that I limit how your data is used.
- Data portability: To request a copy of your data in a structured, commonly used format.
- Objection: To object to processing where I rely on legitimate interests as the lawful basis.
If you wish to exercise any of these rights, please contact me in writing at amandawrightcounselling@gmail.com.
Complaints
If you have concerns about how I handle your personal data, please contact me directly so I can address the issue.
If you remain dissatisfied, you have the right to lodge a complaint with:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: www.ico.org.uk
Helpline: 0303 123 1113