Privacy Policy

This privacy policy explains how your personal information is collected, stored, and used in line with UK data protection law.

1. Personal information I collect

As a counsellor, I collect and store personal information that you choose to share with me. This may be provided verbally during sessions, in writing, or electronically. This can include:

  • Personal details such as your name and contact information

  • Information shared during counselling sessions

  • Correspondence via email, text message, WhatsApp, or other agreed communication platforms

  • Brief clinical notes relating to our work together

Information may be stored securely in the following ways:

  • Digital records

  • Paper notes stored in a locked and secure location

  • Secure email servers or the relevant communication platform used

All records are stored securely and handled in accordance with UK GDPR requirements.

2. How long I keep your information

I may delete your data at the end of our work together, or if we decide not to proceed with therapy. However, in line with professional, legal, and insurance requirements, records may be retained for up to 8 years after the end of therapy.

Reasons for retaining records include:

  • Professional indemnity insurance requirements

  • Legal and regulatory obligations

  • Complaints procedures

  • Tax and financial audits

After this period, records are securely destroyed.

3. Confidentiality and sharing information

Your information is treated as confidential and is not normally shared without your consent.

There are specific circumstances where I may be required to share information without consent, including:

  • If there is a serious risk of harm to you or others

  • Safeguarding concerns

  • Legal requirements such as court orders

  • Professional complaints, legal proceedings, or insurance matters

Where possible, I will aim to discuss this with you before any disclosure.

If you request information to be shared with another professional, this will usually be done with your consent. In most cases, clients are encouraged to share information themselves unless we agree otherwise for a specific purpose.

4. Supervision

I attend regular clinical supervision as part of ethical practice. Information from our work may be discussed in supervision, with identifying details kept to a minimum. Supervisors are bound by the same confidentiality and data protection obligations.

5. Lawful basis for processing data

Under UK data protection law, I must have a lawful basis for processing your personal data.

The lawful bases I rely on are:

  • Performance of a contract – processing your data is necessary to provide counselling services

  • Legitimate interests – keeping appropriate records for professional, legal, and ethical reasons

As some information processed is special category data (such as mental health or emotional wellbeing information), an additional condition applies:

  • Provision of health and social care under Article 9(2)(h) of the UK GDPR and Schedule 1, Part 1 of the Data Protection Act 2018

6. Data protection and your rights

I am registered with the Information Commissioner’s Office (ICO) and comply with UK GDPR.

You have the right to:

  • Access the personal data I hold about you

  • Request correction of inaccurate or incomplete data

  • Request deletion of your data where appropriate

  • Ask questions about how your data is used

If you have concerns about how your data is handled, you are encouraged to raise them with me first. You also have the right to complain to the Information Commissioner’s Office (ICO).

7. Contact details

For any questions about this privacy policy or how your personal data is handled, please contact:

Blossoming Mind Therapy

Email: Hello@blossomingmindtherapy.co.uk