Introduction Your privacy is very important to me. You can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was provided. I adhere to all current UK data protection legislation, including the: General Data Protection Regulation (EU 2016/679 and UK-GDPR), Data Protection Act 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003 This privacy notice explains how I handle your personal data from your first point of contact through to after your counselling ends. It outlines: Why I am able to process your information and what I use it for Whether you are required to provide it How long I store it Whether it is shared with any other parties If it is transferred outside the UK Whether any automated decision-making or profiling is involved Your data protection rights If you have any questions, feel free to contact me via email. Who I Am The data controller is me, Linzi Morris, trading as Your True Counselling. I am registered with the Information Commissioner’s Office (ICO) under registration number ZB333552. Address: 26 Ladybank Rise, Nottingham, NG5 8QG Email: linzi@truecounselling.co.uk My Lawful Basis for Processing Your Data Under UK-GDPR, I must have a valid legal reason for collecting and storing your data. If you are in therapy or are in contact about starting therapy: I rely on the lawful basis of contract as the processing is necessary for the provision of counselling. If therapy has ended: I rely on legitimate interest to retain and store your data securely for a specified period. Special category data (e.g. health-related information) is processed under the lawful basis of: Provision of health care or treatment, and Contract with a health professional (as defined by the GDPR). How I Use Your Personal Data Initial Contact When you first contact me (by phone, email or website form), I collect basic personal information to respond to your enquiry. This may include: Name Contact details (email, phone number, address) Reason for seeking therapy If you do not proceed with therapy, I will delete your information within 14 days of our last contact. You can also request earlier deletion. If someone else contacts me on your behalf (e.g. GP, parent, trusted individual), I will still seek your consent to store or use your data. During Counselling While you are in therapy, I will collect and store information that supports our work together. This includes: Contact details and emergency contact Intake and assessment forms Session notes (brief, factual summaries) Any relevant correspondence (e.g. important emails) I keep this information: To provide effective therapy To ensure continuity of care To meet ethical and legal requirements Confidentiality and Exceptions Everything discussed in counselling is treated confidentially. However, confidentiality may need to be broken in the following circumstances: 1. Risk of harm to self or others If I believe you are at serious risk of harming yourself or others, I may need to involve appropriate support services (e.g. GP, emergency services). I will try to discuss this with you first, but it may not always be possible. 2. Legal and ethical obligations I may be required to disclose information: In safeguarding situations (involving children or vulnerable adults) To prevent or detect serious crimes (e.g. terrorism, serious financial offences) If required by a court order or police investigation 3. Pre-Trial Therapy If you are involved in a legal investigation or court proceedings, I may be asked to provide information or session notes as part of a pre-trial therapy disclosure process. I will always try to inform you of such requests and discuss the implications, unless legally prohibited. How Your Data is Stored Your records are stored digitally and securely. I use Microsoft 365 Business to store: Session notes Intake forms Contact information Administrative records Microsoft 365 is a UK-GDPR compliant platform with high-level encryption, secure cloud storage, and access limited to me alone. Additional protections include: Password-protected, encrypted devices Multi-factor authentication (MFA) Regular secure backups I do not store paper records. Emails or text messages exchanged between us are deleted once no longer needed (typically within 48 hours). If information is relevant, it will be added securely to your clinical notes. How Long I Keep Your Data After therapy ends, I will retain your records for 5 years in accordance with professional guidance (NCPS/BACP), after which they will be securely deleted. If you would like me to delete your data sooner, please ask — in most cases, I will be able to accommodate this unless required by law or insurance obligations to retain records. Third-Party Data Processors I may use third-party services (e.g. cloud storage, website hosting) to help run my practice. Any third parties I use are carefully selected and compliant with UK data protection law. They do not access your personal information for any other purpose. I do not sell, rent, or share your data with anyone for marketing or unrelated purposes. Your Rights You have a number of rights under data protection law, including: The right to access the personal data I hold about you The right to request correction or deletion of your data The right to restrict or object to how your data is processed The right to withdraw consent (where applicable) The right to data portability (where applicable) The right to lodge a complaint with the ICO if you believe your data is being handled unlawfully For more details about your rights, visit: www.ico.org.uk/your-data-matters If you wish to make a request or complaint, please contact me at: linzi@truecounselling.co.uk Data Security I take data security seriously and apply the following measures: Your contact details and session notes are stored separately All devices are encrypted and password-protected Devices are securely stored when not in use Access to client records is strictly limited to me All digital notes and files are securely backed up Visitors to My Website My website is hosted by Wix.com, which collects standard visitor behaviour data (e.g. page visits, time on site). This data does not personally identify you. I use this information to improve my website and services. Wix.com also temporarily stores any data submitted through contact forms before sending it to me. You can read Wix’s privacy notice here: Wix Privacy Like most websites, cookies may be used to improve site performance, but no personally identifiable data is collected by me through these. Updates to This Privacy Statement This privacy statement may be updated from time to time to reflect changes in data protection law or in the way I deliver my services. When significant changes occur, I will notify current clients and, where necessary, ask for renewed consent.