get to know me better.
I ensure I maintain your confidentiality in accordance with current data protection laws (GDPR, 2018) and the ethical guidelines of the British Association for Counselling and Psychotherapy. These guidelines were created to protect your confidential information and to ensure that I conduct myself with professionalism and integrity.
To provide a good service, I will hold your contact details and records of your therapy sessions. Below is information concerning how this information will be stored and used.
Your personal information
When you book your first appointment or initial telephone assessment with me, I will ask for your contact information like your name, email address and telephone number and some brief details of the issues you are seeking help with. This information is stored in a locked filing cabinet that only I have access to.
In your first session or initial telephone assessment, I will complete a client file for you which includes your contact information, date of birth and an elected emergency contact’s name and telephone number along with the brief details of the issues you are seeking help with and any other information you choose to provide during the session/assessment that I record. These files are stored in a locked filing cabinet that only I have access to.
The basic personal information I collect, such as your contact details and emergency contact details will be held for the duration of your therapy after which your information will be confidentially destroyed.
Please be aware that I will need to keep a record of your name and any notes I keep for seven years after the end of your therapy, so that I can respond effectively to any potential requests regarding your clinical notes and treatment.
I will never pass your contact details to any third parties for the purpose of sales, marketing or research and will never use your personal information for purposes other than the administration of the counselling services I am providing to you. For example, to arrange, cancel and rearrange appointments and collect payments for sessions.
When you make a booking, I add your appointment to my calendar and send you a confirmation email/text message. This process uses your first name, last name and email address or phone number.
Your payment details
All payments made via bank transfer will only show on my private bank statement as a payment made by; your name, reference, account number and sort-code. This limited information is only visible to me and is stored securely.
Your therapy sessions
Everything that you discuss with me is confidential. Confidentiality will only be broken if there is concern about your safety or the safety of someone else or I am instructed to do so by a Court of Law. I will always endeavour to discuss this with you first.
I discuss my clinical work with a supervisor to ensure that I am offering you the best service possible. These conversations are bound by confidentiality and you will only be referred to by your first name.
I will also keep notes of each session. These are anonymised and stored in a locked filing cabinet. These notes are for my use only and help me to a track of everything that we are discussing. In line with industry guidelines, these notes must be kept securely for seven years after your therapy finishes. After this time, they will be confidentially destroyed.
In the instance that your sessions are paid for or arranged by someone else – like your employer or a family member, other than payment requests, invoices or receipts, your counselling information will never be shared.
Details about what is discussed in your sessions will remain confidential between you and me. Any other information can only be shared if you give me written consent to do so.
Your communications with me
My email account uses the secure G-Suite server hosted by Google and is double password protected. Only I have access to my email account. All our email communication remains in my email account as part of my records for the duration of your therapy, after which, all email threads associated with our work will be securely deleted.
All phones, tablets and laptops used to respond to your emails are password protected.
I will only use your email address and telephone number to contact you about payments, appointments and any information that I feel is pertinent to your therapeutic process.
Any personal data retained by me is kept in accordance with GDPR, 2018.
Under these guidelines you have the following rights
1. The right to request access to your data
You can request to view the information that I hold about you at any time. If during therapy you wish to see your session notes, please let me know. If you require a copy of you notes after your therapy has ended you can make this request by emailing me at
2. The right to rectification
At any point during your therapy or in the seven years thereafter, while I retain your records, you have the right to request amendments to your contact details or session notes. This right can be exercised by contacting me at or speaking to me in person.
3. The right to be forgotten
You can request that I delete and confidentially destroy the information I hold about you and your sessions at any time. This request can be made by emailing me at
Instances where I would not be able to comply with your request are as follows:
a) It is necessary for me to retain these records in order to continue providing an effective service
b) I am compelled to retain these records by a Court of Law.
c) I require these records in order to establish, exercise or defend legal claims
At the end of your initial consultation, I will ask you to sign a consent form stating that you understand and agree to my terms and conditions and the privacy agreement outlined above. In doing so, you give me permission to store, access and use your personal contact details and session notes within the legitimate remit of providing a counselling service to you.
You are entitled to withdraw this consent at any time and can do so by contacting me at
Breaches of data protection
In the event of any breach of my data protection policies, I will notify you and the Information Commissioner’s Office (ICO) within 72 hours of the breach and will seek to rectify this immediately.
Should you have any concerns about my data protection practices, you can raise these with me directly or by email at email@example.com. You can also notify the Information Commissioners Office (ICO). I am a registered Data Controller with the ICO as Karl Alexander and my registration number is: ZA298067.