Privacy & Data Security Policy

Introduction & Data Controller

At Clear Conscience Counselling ltd your privacy is paramount. I am the data controller for any personal information you share with me through this website. I am a member of the British Association for Counselling and Psychotherapy (BACP) and registered with the Information Commissioner's Office (ICO), registration number ZA786441.

Website Hosting & Security

Our website is securely hosted by are own internal server. To ensure your data remains protected against unauthorized access, all administrative access to our hosting infrastructure is strictly controlled and secured using Two-Factor Authentication (2FA). We believe in minimizing risk by limiting the data we keep online. Our website does not store personal information, client files, or email addresses in a local online database.

What Information I Collect & Legal Basis

What I collect: When you use the enquiry form, I collect your name, phone number, email address, the service and consultation type you select, and, where provided, your gender or preferred pronouns and any message you choose to include.

Why I collect it: I use this information to respond to your enquiry and arrange counselling sessions, which is necessary for me to take steps at your request prior to entering into a contract for services. Because enquiring about counselling can itself reveal information about your mental or emotional wellbeing, this is treated as special category data under UK GDPR. Before submitting the enquiry form, you are asked to actively tick a separate consent box confirming you agree to this processing โ€” this is your explicit consent, and it is required to submit the form. You may withdraw this consent at any time by contacting me, though this will not affect anything already done on the basis of consent given beforehand.

Internal Data Storage & Protection

Once your information reaches me, it is handled with strict confidentiality and minimal digital exposure:

  • Physical Records: Client session notes and sensitive files are kept exclusively as physical, paper records. These are stored securely under lock and key within my practice.
  • Digital Records: The only digital data retained is general email correspondence used solely for booking, scheduling, and administrative back-and-forth.

Who I Share It With

Enquiry details are sent via email using Gmail (Google), which acts as my email service provider โ€” no other information is shared with Google or anyone else. This means enquiry emails may be processed by Google on servers in the US. Google is certified under the UK Extension to the EUโ€“US Data Privacy Framework, a mechanism recognised in UK law as providing an adequate level of data protection for this kind of transfer. I do not sell, rent, or otherwise share your information with any other third party, and I will not disclose the content of our sessions to anyone without your consent, except where I am required to do so by law โ€” for example, where there is a risk of serious harm to you or another person.

How Long I Keep It

In line with BACP guidance and standard professional practice, I retain client records for a minimum of 6 years following our last contact. If you were under 18 at the time of our contact, records are retained until you reach the age of 25. Enquiries that do not lead to ongoing sessions are kept only as long as reasonably necessary before being securely deleted.

Your Rights & Cookies

Your rights: Under UK GDPR, you have the right to ask me for a copy of the personal data I hold about you, to have inaccurate data corrected, to ask for it to be deleted or its use restricted, to object to my processing it, and to receive it in a portable format where applicable. You also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk) if you believe your data has not been handled appropriately.

Cookies: This website does not use tracking or advertising cookies. It loads fonts and styling from third-party services (Google Fonts and Tailwind CSS), which may receive your device's IP address as a normal part of how web pages load, but this is not used to track or identify you.

If you have any questions about how your information is handled, please contact me using the details below. This policy was last reviewed in 07/2026 and may be updated from time to time.