Data Collection
- Personal data will be collected only for purposes directly related to counselling services, training, and practice management.
- Data collected includes contact details, health information, and session notes
Lawful Basis for Processing
Personal data will only be processed where there is a lawful basis, such as consent or contractual necessity.
Data Storage and Retention
- All personal data will be securely stored in line with GDPR requirements, using encrypted digital systems and locked physical storage.
- Data will be retained for a maximum of 7 years after the last session, unless otherwise required by law.
Client Rights
- Clients have the right to access, amend, or request deletion of their data.
- Requests will be handled within 30 days.
Data Sharing
Personal data will not be shared without explicit consent, except in cases where there is a legal obligation or safety concern.
Breach Reporting
Any data breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours.
