• Home
  • About Me
  • How I work with clients
  • Is Counselling Effective?
  • Integrative Therapy
  • Useful Links
  • More
    • Home
    • About Me
    • How I work with clients
    • Is Counselling Effective?
    • Integrative Therapy
    • Useful Links
  • Sign In
  • Create Account
  • Bookings
  • My Account

  • Signed in as:

  • filler@godaddy.com

  • Bookings
  • My Account

  • Sign out

Signed in as:

filler@godaddy.com

  • Home
  • About Me
  • How I work with clients
  • Is Counselling Effective?
  • Integrative Therapy
  • Useful Links

Account

  • Bookings
  • My Account

  • Sign out

  • Sign In
  • Bookings
  • My Account

Privacy Policy

  

This Privacy Policy explains how Amanda Waring ("I", "me", "my"), a BACP-registered Counsellor, collects, uses, stores, and protects your personal data when you use my counselling services or interact with my website.

I am committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).


1. Who I Am (Data Controller)

Amanda Waring [Your Address - e.g., "A private practice based in [Your Town/City], UK"] [Your Email Address] [Your Phone Number (Optional)]

I am registered with the Information Commissioner's Office (ICO) as a Data Controller. My ICO registration number is [Your ICO Registration Number - You must obtain this if you don't have one].


2. Types of Data I Collect

I may collect and process the following types of personal data:

  • Identity      Data: Name, date of birth, gender.
  • Contact      Data: Email address, telephone number, postal address.
  • Therapy      Session Data: Notes from our sessions, assessment information,      progress updates, and any other information you choose to share during our      therapeutic relationship. This is considered Special Category Data     (health data).
  • Technical      Data: IP address, browser type and version, time zone setting and      location, browser plug-in types and versions, operating system and      platform, and other technology on the devices you use to access my      website.
  • Usage      Data: Information about how you use my website and services.
  • Communication      Data: Records of communications between us (e.g., emails, messages).

3. How I Collect Your Data

I collect data in the following ways:

  • Direct Interactions: You provide data directly when you enquire about my      services, book a session, complete forms, communicate with me via email or      phone, or during our counselling sessions.
  • Automated      Technologies or Interactions: As you interact with my website, I may      automatically collect Technical Data about your equipment, browsing      actions, and patterns. I collect this personal data by using cookies and      other similar technologies.
  • Third      Parties: I may receive personal data about you from third parties,      such as referral services, if you have consented for them to share your      details with me.


4. How I Use Your Data and Lawful Basis

I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:

  • To      provide counselling services: This includes scheduling, conducting      sessions, and maintaining professional records.
    • Lawful       Basis (General Data): Performance of a contract with you, or taking       steps at your request before entering into such a contract.
    • Lawful       Basis (Special Category Data - Health): Explicit consent, or for the       provision of health care or treatment (where necessary for the purposes       of preventative or occupational medicine, assessment of the working       capacity of the employee, medical diagnosis, the provision of health or       social care or treatment or the management of health or social care       systems and services).
  • To      manage my professional practice: This includes billing,      administration, and maintaining professional standards (e.g., for      supervision purposes, anonymised where possible).
    • Lawful       Basis: Legitimate Interests (e.g., running my business effectively       and professionally), or compliance with a legal obligation.
  • To      communicate with you: Responding to enquiries, sending appointment      reminders, or providing necessary information related to our work.
    • Lawful       Basis: Performance of a contract, or Legitimate Interests (responding       to your requests).
  • For      legal and ethical obligations: Including compliance with professional      body requirements (BACP), legal proceedings, or safeguarding duties.
    • Lawful       Basis: Compliance with a legal obligation, or legitimate interests       (protecting my business and clients).
  • To      improve my website and services: Through analysis of anonymous usage      data.
    • Lawful       Basis: Legitimate Interests (improving my services and website for my       clients).

Consent: Where my lawful basis for processing is consent, you have the right to withdraw that consent at any time by contacting me. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.


5. Data Retention

I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

As a general rule, for counselling records, I will retain your data for 7 years after our last session, in line with BACP ethical guidelines and professional insurance requirements. After this period, your data will be securely deleted or anonymised.

Technical data relating to website usage may be retained for shorter periods.


6. Data Security

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

  • Digital      Data: Stored on secure, password-protected devices. Online counselling      platforms used are encrypted and compliant with relevant privacy      standards. Email communications are sent via secure providers.
  • Paper      Records: Minimal paper records are kept. Any paper records are stored      in a locked cabinet.
  • Anonymisation:     Wherever possible, I anonymise data for supervision or professional      development.

I limit access to your personal data to myself. I will notify you and any applicable regulator of a data breach where I am legally required to do so.


7. Disclosure of Your Data

I will not share your personal data with third parties without your explicit consent, except in the following limited circumstances:

  • Clinical      Supervision: As part of my ethical obligations, I discuss my client      work with a qualified supervisor. These discussions are strictly      confidential, and I always ensure your identity remains anonymous unless      there is a specific and urgent ethical or legal requirement to disclose      it.
  • Legal      or Ethical Obligation: If I am legally compelled to disclose      information (e.g., by a court order), or if there is a serious risk of      harm to yourself or others, or if I am required to disclose information      under safeguarding legislation. In such rare circumstances, I will endeavour      to discuss this with you first, unless doing so would put you or others at      risk.
  • Professional      Advisers: Professional advisers including lawyers, bankers, auditors,      and insurers who provide consultancy, banking, legal, insurance, and      accounting services, where necessary for the purposes of their services to      me.
  • IT      and System Administration Services: Third parties who provide IT and      system administration services (e.g., secure video conferencing platforms,      website hosting). These third parties are bound by strict confidentiality      agreements.

I require all third parties to respect the security of your personal data and to treat it in accordance with the law. I do not allow my third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with my instructions.


8. International Transfers

I do not routinely transfer your personal data outside the UK. If, for any specific reason related to your service, this becomes necessary, I will ensure that the transfer is protected by appropriate safeguards in accordance with UK GDPR


9. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request      access to your personal data (commonly known as a "data subject      access request").
  • Request      correction of the personal data that I hold about you.
  • Request      erasure of your personal data. Note, however, that I may not always be      able to comply with your request of erasure for specific legal reasons      which will be notified to you, if applicable, at the time of your request.
  • Object      to processing of your personal data where I am relying on a legitimate      interest (or those of a third party) and there is something about your      particular situation which makes you want to object to processing on this      ground as you feel it impacts on your fundamental rights and freedoms.
  • Request  restriction of processing of your personal data.
  • Request      the transfer of your personal data to you or to a third party.
  • Withdraw  consent at any time where I am relying on consent to process your  personal data. This will not affect the lawfulness of any processing      carried out before you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact me at [Your Email Address].

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, I could refuse to comply with your request in these circumstances.

I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.

I try to respond to all legitimate requests within one month. Occasionally it could take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.


10. Complaints

If you have any concerns about my use of your personal data, you can make a complaint to me at [Your Email Address].

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact me in the first instance.


11. Changes to this Privacy Policy

I may update this Privacy Policy from time to time. The latest version will always be posted on my website with the effective date. I encourage you to review this policy periodically.

This Privacy Policy was last updated on: 24th May 2025

Copyright © 2025 Flourish Minds Counselling - All Rights Reserved.

  • Privacy Policy
  • Useful Links

www.flourishmindscounselling.com 2025

This website uses cookies.

We use cookies to analyse website traffic and optimise your website experience. By accepting our use of cookies, your data will be aggregated with all other user data. All information is confidential.

DeclineAccept