Privacy Policy
Data Controller: Nicola Townsend
Basis for Holding and Processing Personal Data
As part of our counselling contract, I will collect and process personal data about you — including sensitive personal information — almost always provided directly by you. Under the Data Protection Act 2018 (incorporating the UK GDPR), you have specific rights concerning how your data is held and used.
I am responsible for ensuring that your personal data is processed lawfully, fairly, and securely. I only collect and use your data in order to provide counselling services as agreed between us.
What Data I Hold
I may hold the following types of personal information:
Your name and contact details (e.g. phone number, email address)
Records of our appointments
Our signed counselling contract
Payment information for accounting purposes
Please note that I do not keep clinical notes unless carrying out work for EAPs in which case the notes are stored by the EAP company concerned
Confidentiality and Third Parties
Your information is treated in strict confidence. I do not share, sell, or use your data for marketing or group communication purposes. Any communication with you is done individually and privately.
There are very limited circumstances under which I may need to break confidentiality, as outlined in our counselling contract. These include:
If I believe you are at serious risk of harming yourself or others
If I am required by law or a court order
If you request an onward referral and consent to information sharing
In such cases, I will aim to share only the minimum information necessary, and where possible, I will discuss this with you first.
Supervision
As required by the National Counselling and Psychotherapy Society (NCPS) Code of Ethics, I attend regular clinical supervision. In supervision, I may discuss aspects of our work to ensure I’m providing you with the best possible support. However, clients are referred to by first name only, and no identifiable information is disclosed. My supervisor is also bound by strict confidentiality and professional ethics.
How Your Data Is Stored
Your personal information is stored securely:
Paper records are kept in a locked cabinet.
Any electronic communication is stored using password-protected systems.
Retention and Deletion
I retain your records during the time we are working together and for three years after the end of our work. This is to allow for continuity if you return to therapy, and to comply with professional and legal requirements. After that time, all records will be securely destroyed or permanently deleted.
You have the right to request that your data be deleted at any time, and I will comply with such requests unless I am legally required to retain it for a specific reason.