For Sole-Practitioner Counselling Services

Last updated: 15/9/25

This Privacy Policy explains how I collect, use, and protect your personal information in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and professional confidentiality standards.

I, Ruth Chaloner/Clevedon Counselling, act as the Data Controller for all personal data processed in connection with my counselling practice.

• Contact details: ruth@clevedon-counselling.co.uk  81 Old Church Road, Clevedon BS21 6PU

In the course of providing counselling services, I may collect and process the following information:

• Personal details: name, address, date of birth, phone number, email address, GP details, and emergency contact information.
• Health information: relevant medical and mental health history, current medications, and presenting concerns.
• Session records: brief notes summarising our work together.
• Administrative information: invoices, payment records, and correspondence.

As health information is classed as special category data, additional safeguards are applied.

Under UK GDPR, I rely on the following lawful bases for processing your information:

• Contract: to provide counselling services you have requested.
• Legal obligation: to comply with tax and professional regulatory requirements.
• Legitimate interests: to maintain records of sessions in order to provide a safe and effective service.
• Vital interests: if there is risk of serious harm to you or others, I may share information to protect life.
• Consent: where explicit consent is required (e.g., contacting your GP or other professionals), I will obtain this separately.

Your information is used only to:

• Arrange and deliver counselling sessions.
• Keep appropriate clinical records.
• Contact you regarding appointments or relevant information.
• Maintain financial and administrative records as required by law.

• Paper records (if any) are kept securely in locked storage.
• Digital records are stored on password-protected devices and/or encrypted cloud storage.
• Session notes are kept brief and anonymised where possible.

• Clinical notes are retained for 7 years after the end of therapy (in line with professional guidelines).
• Financial records are retained for 7 years for HMRC purposes.
• After this period, all records are securely destroyed.

I will not share your personal data with third parties unless:

• You give explicit consent;
• I am legally required to do so (e.g., court order, safeguarding duty);
• There is risk of serious harm to yourself or others;
• For supervision purposes: anonymised material may be discussed with my clinical supervisor, who is also bound by confidentiality.

Under UK GDPR, you have the right to:

• Access the personal data I hold about you.
• Request correction of inaccurate information.
• Request erasure of your data (subject to legal obligations).
• Restrict or object to processing.
• Data portability (to request your records in a structured format).

To exercise these rights, please contact me in writing.

If a data breach occurs that may compromise your personal information, I will inform you promptly and, where legally required, notify the Information Commissioner’s Office (ICO).

If you have concerns about how your data is handled, please contact me directly in the first instance.
If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO):

• Website: https://ico.org.uk
• Phone: 0303 123 1113

This Privacy Policy may be updated from time to time. The most recent version will always be available upon request.