Privacy & Data Protection
Novara Counselling Service is registered with the Information Commissioner’s Office (ICO).
- Registration reference: ZC000894
- Date registered: 28 September 2025
- Registration expires: 27 September 2026
Novara Counselling is committed to protecting your privacy and handling your personal information in a fair, transparent, and lawful way. This policy explains how I collect, use, store, and protect your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What Information I Collect
When you contact me, book a session, or work with me, I will collect:
- Your name, date of birth, contact details (email, phone number, address for online sessions)
- Emergency contact information
- Relevant medical and GP details
- Notes I make after sessions (factual and minimal)
How I Collect Information
I collect information directly from you when you:
- Enquire via email, phone, my website, or social media
- Client assessment and counselling contract
- In sessions (online or in person)
Why I Collect and Use Your Information
I use your information to:
- Provide counselling services to you
- Contact you about your appointments or related matters
- Keep appropriate records in line with BACP
- Fulfil my legal and professional obligations
Lawful Basis for Processing
Under UK GDPR, I rely on the following lawful bases:
- Contract – To provide the counselling service you have requested
- Legal obligation – To comply with UK law and insurance requirements
- Legitimate interests – For the safe and effective running of my practice
- Consent – Where you have given clear consent (e.g., for me to contact your GP in an emergency)
Confidentiality and When I May Share Information
Everything you share is kept confidential unless:
- You give me permission to share it
- I am legally required to disclose information (e.g., court order)
- I believe there is a serious risk of harm to you or others
- There is a safeguarding concern involving a child or vulnerable adult
- Where possible, I will discuss this with you first.
How I Store Your Information
- Digital records are stored on password-protected devices and encrypted storage
- Paper records are kept in a locked cabinet
- Session notes are kept minimal and separate from identifying details
- I keep client records for 7 years after our work ends, after which they are securely destroyed (in line with insurance and professional guidance)
Your Rights
Under UK GDPR, you have the right to:
- Access the information I hold about you
- Ask me to correct inaccurate information
- Ask me to delete your information (where legally possible)
- Restrict or object to how I use your information
- Data portability (receive a copy in a usable format)
- Withdraw consent (where applicable)
You can exercise these rights by contacting me directly.
Online Working
If we work online, I use secure, encrypted video platforms wherever possible. I recommend you ensure your own device and internet connection are private and secure.
Changes to This Policy
I may update this privacy policy from time to time to reflect changes in law or my practice. The latest version will always be available on request.
Concerns and Complaints
If you have concerns about how I handle your data, please contact me.
You can also complain to the Information Commissioner’s Office (ICO) at:
www.ico.org.uk | Tel: 0303 123 1113