Choosing to enter into a counselling relationship can provoke anxiety and be daunting for some clients, but however you feel about the counselling process, your privacy is very important to me. You can be confident that your personal information will be kept safe and secure, only to be used for the purpose it has been provided to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your counselling sessions have ended, including:
• Why I am able to process your information and what purpose I am processing it for
• Whether you have to provide it to me
• How long I store it for
• Whether there are other recipients of your personal information
• Your data protection rights.
I am more than happy to go through any questions you may have with anything contained in this privacy notice relating to my data protection policy and your personal data. You can email me on
‘Data controller’ is the term used to describe the person that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office No: A8619699. My postal address is: 28 Hoghton Street, Southport, PR9 0PA. My phone number is: 07592017030. My email address is:
My lawful basis for holding and using your personal information
GDPR states I must have a lawful basis for processing your personal data. There are different lawful bases dependent on stage at which your data is being processed. 1) If you have had counselling with me and it has now ended, I am required to retain your data for up to 7 years for adhering to insurance requirements and legal requirements, and I will use legitimate interest as my lawful basis for holding and using your personal information. 2) If you are currently in contact with me to consider counselling or having therapy with me, I will process your personal data that is required for the purpose of the counselling work and contract.
What Information and How I use your information
When you initially contact Stillwell Counselling I will collect information to help me satisfy your enquiry. This will include your name, telephone number and email address. Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf. If following your initial contact you decide you do not wish to proceed, I will ensure all your personal data is deleted within 7 days of either not hearing anything further from you or when you inform me you do not wish to proceed. If you would like me to delete this information sooner, please let me know.
Our work together is confidential and this confidentiality can only be broken if there is a risk of harm to self or others including vulnerable adults and children, acts of terrorism, drugs trafficking and money laundering. I will always try to speak with you about this first and seek to obtain to your consent, unless there are safeguarding issues that prevent this.
At your initial session I will request the following personal data: your name, address, email address and telephone number, your date of birth and GP details, contact details for emergency contact. While you are not legally obliged to provide this data, I request this information and keep a record of this personal data for the requirements of this counselling practice and to help our counselling relationship run smoothly. Personal data also includes; emails, voicemails, text messages and client session notes. These details are stored in password protected electronic format and for hard copied data in a locked filing cabinet and are not shared with any third party. I will keep written notes of each session, these are kept in a separate locked cabinet from all other personal identifiable data only linked to each other by a code number only. For security reasons, I do not retain text messages for more than 3 days. If there is relevant important information contained in a text message it will be retained it as long as is required in relation to our counselling work and thereafter deleted. Likewise, any email correspondence will be deleted within 3 days if it is not important, otherwise it will be retained until it is no longer required for the purpose of our counselling work and will then be securely deleted. After counselling has ended, your records will be kept for 7 years from the end of our contact and are then securely destroyed.
Information-Sharing of Personal Data
Your personal data will not be shared with third party recipients without your expressed informed consent. Any information sharing with or without your consent would be for the purposes of safeguarding that would dictate a necessity that only personal data that is relevant for the purpose is shared.
With working online, my recommended platform is Doxy.me which is a secure platform where sessions are protected using encryption software. You do not have to download any software to use this platform. Doxy.me is used for online video sessions and these sessions have end to end encryption and is a recommended secure platform. You do not have to download this nor provide any details about yourself. As with any online/telephone platform, security and privacy cannot be 100% guaranteed, however I endeavour to use platforms which are known to have secure connections. With the ever changing cyber world this is constantly being updated. For telephone counselling, your contact number is not stored into any device and the call log is deleted following each session.
COVID-19 and confidentiality
For the purposes of NHS Track and Trace in relation to COVID-19. Your name and contact number would be required to be passed on to this service if I or anyone in the counselling practice office tests positive for COVID-19. This can be up to 2 weeks of your last session. No further information would be provided.
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.
For information I do hold about you I will:
Give you a description of it and where it came from.
Tell you why I am holding it and tell you how long I will store your data and how I made this decision.
Tell you who it can be disclosed to.
Let you have a copy of the information in an intelligible form.
You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you. To make a request for any personal information I may hold about you please put this request in writing and email to
If you have any complaint about how I handle your personal data please you can contact me in writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.