Effective date: [Insert Date]
Novara Counselling is committed to protecting your privacy and handling your personal information in a fair, transparent, and lawful way. This policy explains how I collect, use, store, and protect your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What Information I Collect
When you contact me, book a session, or work with me, I may collect:
- Your name, contact details (email, phone number, address if relevant)
- Date of birth and emergency contact information
- Information you choose to share in our sessions (including sensitive personal data about mental health, relationships, or life experiences)
- Relevant medical or GP details if you choose to provide them
- Notes I make after sessions (factual and minimal)
- Payment information (processed securely, I do not store full card details)
How I Collect Information
I collect information directly from you when you:
- Enquire via email, phone, my website, or social media
- Complete a client intake form
- In sessions (online or in person)
Why I Collect and Use Your Information
I use your information to:
- Provide counselling services to you
- Contact you about your appointments or related matters
- Keep appropriate records in line with BACP and legal requirements
- Process payments for services
- Fulfil my legal and professional obligations
Lawful Basis for Processing
Under UK GDPR, I rely on the following lawful bases:
- Contract – To provide the counselling service you have requested
- Legal obligation – To comply with UK law and insurance requirements
- Legitimate interests – For the safe and effective running of my practice
- Consent – Where you have given clear consent (e.g., for me to contact your GP in an emergency)
Confidentiality and When I May Share Information
Everything you share is kept confidential unless:
- You give me permission to share it
- I am legally required to disclose information (e.g., court order)
- I believe there is a serious risk of harm to you or others
- There is a safeguarding concern involving a child or vulnerable adult
- Where possible, I will discuss this with you first.
How I Store Your Information
- Digital records are stored on password-protected devices and encrypted storage
- Paper records are kept in a locked cabinet
- Session notes are kept minimal and separate from identifying details
- I keep client records for 7 years after our work ends, after which they are securely destroyed (in line with insurance and professional guidance)
Your Rights
Under UK GDPR, you have the right to:
- Access the information I hold about you
- Ask me to correct inaccurate information
- Ask me to delete your information (where legally possible)
- Restrict or object to how I use your information
- Data portability (receive a copy in a usable format)
- Withdraw consent (where applicable)
You can exercise these rights by contacting me directly.
Online Working
If we work online, I use secure, encrypted video platforms wherever possible. I recommend you ensure your own device and internet connection are private and secure.
Changes to This Policy
I may update this privacy policy from time to time to reflect changes in law or my practice. The latest version will always be available on request.
Concerns and Complaints
If you have concerns about how I handle your data, please contact me.
You can also complain to the Information Commissioner’s Office (ICO) at:
www.ico.org.uk | Tel: 0303 123 1113