Data Policy & Security
Private Practice Name: Henzy Tanrien-Sawyer Counselling Service
Effective Date: 17 June 2026
Review Date: 17 June 2028
Introduction:
Your privacy is important to this counselling practice. This Privacy Notice explains how personal information is collected, used, stored, shared and protected in accordance with UK data protection legislation. I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure in a locked filing cabinet and use of passwords. Please read below:
Data Controller:
The Data Controller responsible for your personal information is: Henzy Tanrien-Sawyer.
The Data Protection Act 1998
It was developed to give protection and lay down rules about how data about people can be used. The 1998 Act covers information or data stored on a computer or an organised paper filing system about living people. The basic way it works is by: setting up rules that people have to follow. Source taken from www.gov.com. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). GDPR came into effect across the EU on 6 Mar 2018; May 25, 2018. The GDPR is Europe's new framework for data protection laws. It replaces the previous 1995 data protection directive. The new regulation started on 25 May 2018. It is enforced by the Information Commissioner's Office (ICO). The principle of integrity and confidentiality requires me to handle personal data “in a manner [ensuring] appropriate security”, which include “protection against unlawful processing or accidental loss, destruction or damage”. Source taken from gov.uk.
In summary, my understanding of GDPR is that it allows citizens the right to privacy and to access information held about them. It also allows them to update or delete information and the right to be forgotten. This helps me to inform clients during contracting that their personal data is kept confidential within my practice, but would request consent if information of their data is to be shared for referral purposes or as a result of limits to confidentiality. In order to respect your privacy, I have included some information below for you to read carefully. It is important to me that you feel confident that your personal information and data is kept safe and secure and used appropriately for the purpose you have consented to expect for limits of confidentiality where you and others may be at risk.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended:
Information I collect from you:
Personal Information
- First names, date of birth, full address, telephone number, ethnicity, marital status
Counselling information:
- Assessment forms, session notes, email correspondence, risk assessments, safeguarding information, clinical supervision notes
Financial information:
• Invoices
• Payment records
• Transaction references
Website Information
• IP address
• Browser information
• Website usage statistics
• Cookie information
How and where I collect your information
When clients contact me with an enquiry about my counselling service, I will collect their personal information and sensitive data from them to help me satisfy their enquiry. This may include communication done verbally, written, electronically or by telephone.
Why Information Is Collected
Information is collected to:
• Provide counselling services
• Maintain accurate records
• Arrange appointments
• Manage payments
• Comply with professional obligations
• Protect safety and wellbeing
• Meet legal and regulatory requirements
Legal Basis for Processing
The practice relies on Article 6 UK GDPR
• Contract
• Legal obligation
• Legitimate interests
• Vital interests
The GDPR also makes sure that I look after any sensitive personal information you may disclose to me, appropriately. The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:
- If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
- If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
- I require your consent to process your information and you also have the right to withdraw your consent.
Article 9 UK GDPR
• Provision of health and counselling services
• Protection of vital interests
• Legal claims where applicable
Data Storage
Electronic records are protected through:
• Password protection
• Encryption where available
• Secure cloud storage
• Anti-virus protection
• Multi-factor authentication
Paper records are stored securely in locked cabinets
What I use your personal information for
- I use personal information clients provide with their consent to work with them during therapy in an agreed verbal or written contract and to refer unto appropriate services with their informed consent or in the event of safe guarding issues.
- I make client notes during sessions and keep records of sessions to assist me remember what the sessions was about so I can refer to it during sessions or when appropriate to do so within counselling service if you choose to return in future.
Confidentiality
-
Information shared during counselling is treated as confidential.
Confidentiality may be broken where:
• There is a serious risk of harm to yourself
• There is a serious risk of harm to another person
• Safeguarding concerns arise
• Disclosure is required by law
• A court order requires disclosure
- Clients information are stored on electronic devices and secured with a password. Written or paper documents and records are stored in a locked filing cabinet in my practice office. For security reasons I do not retain text messages for more than 48 hours. If there is relevant information contained in a text message, a photocopy shall be taken, printed out and stored securely under client’s name.
- At the end of therapy, client personal data will remain locked up in a filing cabinet in my practice office. Any contracts and consents to record sessions the clients have signed would be kept also and client’s agreement whether or not it can be released to a third party.
- If you contact me to start therapy and provide you data and decide not to proceed, I will ensure all your personal data is deleted within 90 days and everything you discussed will still remain confidential. However, if you disclosed harm to yourself or others or any other safeguarding issues, I will keep a record of your personal details to help the third party that may help prevent this.
Data Sharing
Information may be shared with:
• Clinical supervisors
• Safeguarding agencies
• Emergency services
• Professional advisers
• Legal representatives
• Insurers
• Regulatory bodies
Only information necessary for the purpose will be shared.
Data retention
Adult records are generally retained for seven years after counselling ends.
Children's records are generally retained until age twenty-five or seven years after counselling ends, whichever is longer.
Financial records are retained for six years.
Your Rights
You have the right to:
• Access your information
• Request correction of inaccurate information
• Request restriction of processing
• Object to processing where applicable
• Request data portability where applicable
• Lodge a complaint
Access request
Requests for copies of personal information should be made in writing by completing a request form.The practice will normally respond within one calendar month. Details of how to contact the practice can be found on Contact Us menu bar or use the e-contact form.
Third Party
- It may sometimes be necessary to share personal data with third parties, for example, for referral purposes of to seek information on your behalf with your informed consent.
Only appropriate information would be shared with a third party and ensuring they only use client information with purpose stated.
Data Breaches
- Any personal data breach will be investigated and managed in accordance with legal requirements.
Data Protection Complaints
If you have any concerns about how your personal information has been collected, used, stored, or shared by this practice, please contact me in the first instance so that I can investigate and try to resolve the matter. You can make a complaint by using the e-contact form on the menu bar. I will acknowledge your complaint within 30 days and will investigate and respond without undue delay welcoming any constructive suggestions for improving my data protection procedures. However, if after receiving my response you remain dissatisfied with how your personal data has been handled, you have the right to raise your concern with the Information Commissioner's Office (ICO), the UK's independent authority for data protection.
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
www.ico.org.uk/make-a-complaint
Visitors to my website
When someone visits my website, I use a third-party service, Webhealer to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Webhealer to make, any attempt to find out the identities of those visiting my website. I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website. I use Webhealer so that I can continually improving my service to you. Like most websites we use cookies to help the site work more efficiently - find out about our use of cookies by scrolling to the bottom of the home page.
No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me and deleted.
