Privacy Policy

Introduction

I understand how important your privacy is. I handle all personal and therapy information in accordance with UK data protection law (GDPR, 2018) and the ethical guidelines of the BACP. These guidelines are in place to protect your confidential information and ensure professional, ethical practice.

This policy explains how I collect, store, use, and protect your personal information when you work with me or use my website.

Information I Collect

To provide counselling, I may collect the following information:

  • Personal details: Name, date of birth, email, phone number, address.
  • Therapy-related information: Session notes, personal history, mental health and wellbeing details.
  • Emergency contacts: Contact information for your GP and an emergency contact person, collected at your first session for your safety.
  • Website information: If you use online forms or email me, basic contact details may be collected securely.

How I Use Your Information

Your information is used only for the purposes of:

  • Providing counselling services tailored to your needs
  • Managing and confirming appointments
  • Communicating with you regarding sessions or therapeutic information
  • Meeting professional or legal obligations (e.g., safeguarding, supervision)

I will never use your information for marketing purposes or share it with third parties outside of professional or legal requirements.

How I Store and Protect Your Information

I take the security of your information very seriously:

  • Digital records: Stored securely in Kiku (wearekiku.com), a password-protected and encrypted platform.
  • Physical records: Session notes and any hard-copy information are kept in a locked cabinet.
  • Retention: Session notes are kept for up to seven years after therapy ends, in line with BACP guidelines, and then confidentially destroyed. Basic identifiers, such as your name and client reference number, are retained for the same period for administrative purposes.

Sharing Information

Information may be shared in limited circumstances:

  • With my clinical supervisor in a confidential and anonymised form
  • When legally required, such as concerns about safety or court orders

Otherwise, your session information remains confidential. If your sessions are paid for or arranged via a third party (e.g., employer or family member), only the necessary administrative details will be shared; session content remains private unless you give written consent.

 

Your Therapy Sessions

All information shared during therapy is confidential. Confidentiality will only be broken if:

  • There is a concern for your safety or the safety of someone else
  • I am required to do so by law

Remote sessions are conducted in a private, secure environment using encrypted video platforms. While every effort is made to maintain privacy, I cannot accept responsibility for breaches outside my control.

Communications

  • Emails are sent and received securely; only I have access to these communications.
  • All devices used for communication are encrypted, password-protected, and protected with antivirus software.
  • Your email and phone number will be used only to contact you about appointments or therapeutic matters. Text reminders may also be sent.

Your Rights

You have the following rights under GDPR:

  1. Right of access: You can request to see the information I hold about you, including session notes.
  2. Right of rectification: You can request corrections to any inaccurate information.
  3. Right to be forgotten: You can request deletion of your personal data. Exceptions may apply if records are required for ongoing therapy, legal obligations, or to defend legal claims.

Requests can be made at any time by contacting me at sally@sallyturnercounselling.co.uk or 07902 139302.

Consent

During your initial consultation, you will be asked to confirm your consent to the storage and processing of your personal information for the purpose of counselling. You may withdraw consent at any time by contacting me.

Data Breaches

In the unlikely event of a data breach, I will notify affected clients and the Information Commissioner’s Office (ICO)within 72 hours and take immediate steps to address the issue.

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.