Privacy Statement

Introduction
Your privacy is very important to me. You can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was provided. I adhere to all current UK data protection legislation, including the: General Data Protection Regulation (EU 2016/679 and UK-GDPR), Data Protection Act 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003

This privacy notice explains how I handle your personal data from your first point of contact through to after your counselling ends. It outlines:

Why I am able to process your information and what I use it for
Whether you are required to provide it
How long I store it
Whether it is shared with any other parties
If it is transferred outside the UK
Whether any automated decision-making or profiling is involved
Your data protection rights
If you have any questions, feel free to contact me via email.

Who I Am
The data controller is me, Linzi Truelove, trading as Your True Counselling. I am registered with the Information Commissioner’s Office (ICO) under registration number ZB333552.
Address: 18 Redwing Avenue, Exmouth. EX8 5FN
Email: linzi.truecounselling@outlook.com

My Lawful Basis for Processing Your Data
Under UK-GDPR, I must have a valid legal reason for collecting and storing your data.
If you are in therapy or are in contact about starting therapy: I rely on the lawful basis of contract as the processing is necessary for the provision of counselling.
If therapy has ended: I rely on legitimate interest to retain and store your data securely for a specified period.
Special category data (e.g. health-related information) is processed under the lawful basis of:
Provision of health care or treatment, and Contract with a health professional (as defined by the GDPR).

How I Use Your Personal Data
Initial Contact
When you first contact me (by phone, email or website form), I collect basic personal information to respond to your enquiry. This may include:
Name
Contact details (email, phone number, address)
Reason for seeking therapy
If you do not proceed with therapy, I will delete your information within 14 days of our last contact. You can also request earlier deletion.
If someone else contacts me on your behalf (e.g. GP, parent, trusted individual), I will still seek your consent to store or use your data.

During Counselling
While you are in therapy, I will collect and store information that supports our work together. This includes:
Contact details and emergency contact
Intake and assessment forms
Session notes (brief, factual summaries)
Any relevant correspondence (e.g. important emails)
I keep this information:

To provide effective therapy
To ensure continuity of care
To meet ethical and legal requirements

Confidentiality and Exceptions
Everything discussed in counselling is treated confidentially. However, confidentiality may need to be broken in the following circumstances:
1. Risk of harm to self or others
If I believe you are at serious risk of harming yourself or others, I may need to involve appropriate support services (e.g. GP, emergency services). I will try to discuss this with you first, but it may not always be possible.
2. Legal and ethical obligations
I may be required to disclose information:
In safeguarding situations (involving children or vulnerable adults)
To prevent or detect serious crimes (e.g. terrorism, serious financial offences)
If required by a court order or police investigation
3. Pre-Trial Therapy
If you are involved in a legal investigation or court proceedings, I may be asked to provide information or session notes as part of a pre-trial therapy disclosure process. I will always try to inform you of such requests and discuss the implications, unless legally prohibited.

How Your Data is Stored
Your records are stored digitally and securely. I use Microsoft 365 Business to store:
Session notes
Intake forms
Contact information
Administrative records
Microsoft 365 is a UK-GDPR compliant platform with high-level encryption, secure cloud storage, and access limited to me alone. Additional protections include:
Password-protected, encrypted devices
Multi-factor authentication (MFA)
Regular secure backups
I do not store paper records. Emails or text messages exchanged between us are deleted once no longer needed. If information is relevant, it will be added securely to your clinical notes.

How Long I Keep Your Data
After therapy ends, I will retain your records for 5 years in accordance with my insurance company, after which they will be securely deleted.
If you would like me to delete your data sooner, please ask — in most cases, I will be able to accommodate this unless required by law or insurance obligations to retain records.

Third-Party Data Processors
I may use third-party services (e.g. cloud storage, website hosting) to help run my practice. Any third parties I use are carefully selected and compliant with UK data protection law. They do not access your personal information for any other purpose.

I do not sell, rent, or share your data with anyone for marketing or unrelated purposes.

Your Rights
You have a number of rights under data protection law, including:
The right to access the personal data I hold about you
The right to request correction or deletion of your data
The right to restrict or object to how your data is processed
The right to withdraw consent (where applicable)
The right to data portability (where applicable)
The right to lodge a complaint with the ICO if you believe your data is being handled unlawfully

For more details about your rights, visit: www.ico.org.uk/your-data-matters

Formal process for complaint to me as the data controller if you believe your personal data has been processed in breach of data protection legislation. The formal process formal process if you wish to make a complaint, is to email me at linzi.truecounselling@outlook outlining full details of your complaint.  


I take data security seriously and apply the following measures:
Your contact details and session notes are stored separately
All devices are encrypted and password-protected
Devices are securely stored when not in use
Access to client records is strictly limited to me
All digital notes and files are securely backed up

Visitors to My Website
My website is hosted by Webador, which collects standard visitor behaviour data (e.g. page visits, time on site). This data does not personally identify you. I use this information to improve my website and services.

Like most websites, cookies may be used to improve site performance, but no personally identifiable data is collected by me through these.

Updates to This Privacy Statement
This privacy statement may be updated from time to time to reflect changes in data protection law or in the way I deliver my services. When significant changes occur, I will notify current clients and, where necessary, ask for renewed consent.

Last updated June 2026