Privacy Policy Counselling North Devon

Last reviewed: 17 March 2026
 
​
​
Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose for which it was provided. I process personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where relevant, the Privacy and Electronic Communications Regulations 2003 (PECR).
​
This privacy notice explains what I will do with your personal information from your initial point of contact through to after your counselling has ended, including:
​

• why I am able to process your information and the purposes for which I use it;

• whether you have to provide it to me;

• how long I keep it for;

• whether there are other recipients of your personal information;

• whether I transfer personal information outside the UK;

• your data protection rights; and

• whether I carry out automated decision-making or profiling.

​
​
I am happy to discuss any questions you may have about this privacy notice, and you can contact me by email.
The term data controller describes the person or organisation that decides how and why personal data is processed. For the purposes of my private counselling practice, I am the data controller.
​
I am registered with the Information Commissioner’s Office (ICO) under registration number ZC103908.
 
My phone number is: 07550021592
 
My email address is: amandanewmancounselling@proton.me


 
My lawful bases for holding and using your personal information
 
The UK GDPR requires me to identify a lawful basis for processing your personal data. The lawful basis may differ depending on the stage of our contact and the purpose of the processing.

Initial enquiries -> legitimate interests:
When you first contact me to ask about counselling, I process your personal data because it is in my legitimate interests to respond to your enquiry, consider whether I can offer a suitable service, and manage my practice.

If you go on to have counselling with me -> contract + (mental) health provision:
I process your personal data where this is necessary to take steps at your request before entering into a contract, and/or where it is necessary for the performance of our contract for counselling services.

After counselling has ended -> legitimate interests / legal claims:
I may retain limited records where this is necessary for my legitimate interests, including maintaining appropriate professional records, responding to complaints, and establishing, exercising, or defending legal claims.

Some of the information I process is health information, which is special category personal data under the UK GDPR. Where I process special category data for the provision of counselling, I process special category (health) data under Article 9(2)(h) UK GDPR (health or social care provision) and Schedule 1, Part 1 of the Data Protection Act 2018.
Where necessary in a safeguarding or emergency situation, I may also process or share personal data to protect someone’s vital interests or to comply with a legal obligation. This may include situations involving risk of serious harm to yourself or others, safeguarding concerns, or where I am required by law

You are not under a statutory obligation to provide me with your personal information. However, if you do not provide information that I reasonably need in order to assess or provide counselling, I may not be able to offer or continue counselling services.
 
How I use your information
 
Initial contact:
When you contact me with an enquiry about my counselling services, I will collect information to help me respond to your enquiry. This may include your name, contact details, and brief details about why you are seeking counselling.

Alternatively, your GP or another health professional may send me your details when making a referral, or a parent or trusted individual may give me your details when making an enquiry on your behalf. If I have not obtained your personal data directly from you, I will let you know where I obtained it from, unless an exemption applies.

If you decide not to proceed, I will ensure that your personal data is deleted within 6 months. If you would like me to delete this information sooner, just let me know, unless I am required to keep it for a lawful reason.

While you are accessing counselling:
Everything you discuss with me is confidential. That confidentiality will only be broken where I am legally permitted or required to do so, including in line with the confidentiality and safeguarding section of the counselling agreement. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.

I keep a record of your personal details to help the counselling service run smoothly. This may include your name, contact details, GP details, emergency contact details, relevant medication information, appointment information, and brief written notes of each session. These details are kept securely on an encrypted and password-protected hard drive.

As part of my professional practice, I undertake regular supervision. In supervision, I may discuss aspects of my work with clients in an anonymised way to ensure safe and ethical practice

I may also use email, telephone, and text messaging services to communicate with you or to administer appointments.
For security reasons, I do not retain text messages for more than 90 days. If there is relevant information contained in a text message, I will keep a note of it in your file, which is stored securely on an encrypted and password-protected hard drive. Likewise, any email correspondence will be deleted after 90 days if it is not important. If necessary, I will keep a note of the relevant information in your file instead.

After counselling has ended:
Once counselling has ended, your records will be kept for 5 years from the end of our work together (or, for anyone under the age of 18, for 5 years after their 18th birthday) and are then securely destroyed. If you want me to delete your information sooner than this, please tell me. Please note that I may not always be able to do so where I need to retain records for lawful, regulatory, insurance, or legal reasons.


Third-party recipients of personal data
 
I do not routinely share your personal information with third parties. However, I may share information where necessary and proportionate with:
 

• your GP, where there is a clinical or safeguarding reason to do so;

• emergency services, where there is an immediate risk of serious harm or a medical emergency;

International transfers:
I do not routinely transfer your personal information outside the UK. However, if personal information is included in email correspondence, it may be processed by my email provider. I use Proton email which uses end-to-end zero-access encryption. Proton states that Proton Mail data is stored on servers located in Switzerland, Germany, or Norway. Where overseas processing takes place, I will ensure that appropriate safeguards are in place where required under UK data protection law.
 
Your rights
 
I aim to be as open as I can in giving people access to their personal information. Under data protection law, you have rights which may apply depending on the circumstances, including the right to:
 

• request access to the personal information I hold about you;

• ask me to correct inaccurate or incomplete personal information;

• ask me to erase your personal information;

• ask me to restrict the way I use your personal information;

• object to my processing of your personal information;

• receive your personal information in a portable format, where this right applies; and

• complain to the ICO.
   

These rights are not absolute, and there may be lawful reasons why I cannot comply fully with a request.
You can read more about your rights on the ICO website.

If I do hold information about you, I will:
 

• give you a description of it and, where relevant, where it came from;

• tell you why I am holding it, how long I will store it, and how I made this decision;

• tell you who it could be disclosed to; and

• let you have a copy of the information in an intelligible form, unless an exemption applies.

You can also ask me at any time to correct any mistakes in the personal information I hold about you. To make a request for any personal information I may hold about you, you can email me at amandanewmancounselling@proton.me.
Automated decision-making and profiling

I do not use automated decision-making or profiling in relation to your personal data.

Data security
 
I take the security of the data I hold about you very seriously and take every reasonable step to keep it secure. I use an encrypted and password-protected local hard drive. I do not use cloud backup. I also aim to limit access to personal data to what is necessary and to keep records only for as long as needed.

In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, I will notify the ICO and, where required, inform you without undue delay.
 
Complaints
 
If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me using the contact details above. I would welcome any suggestions for improving my data protection procedures.
If you want to make a formal complaint about the way I have processed your personal information, you can contact the ICO, which is the UK regulator for data protection. Information about how to complain to the ICO is available on its website.