Privacy Policy
Last updated: 04 February 2026
Introduction
Your privacy is very important to me. This privacy policy explains how I collect, use, store and protect your personal data from the initial point of contact (e.g. via my website, a referral or a directory) through to after your counselling has ended.
I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
About me
I am a person-centred counsellor working in private practice with individual clients aged 18 and over. I am a Registered Member of the BACP (British Association for Counselling and Psychotherapy). If you have any questions, I am happy to talk them through. You can contact me at: info@eleanoreyrecounselling.com
Data Controller
The data controller responsible for your personal data is:
Eleanor Eyre
Eleanor Eyre Counselling
Registered with the Information Commissioner’s Office (ICO)
ICO Registration Number: ZB599144
How I use your information
My lawful basis for processing your general personal data, such as contact details, is legitimate interests (to provide counselling services) and legal obligation (for accounting and professional requirements). Much of the personal data I process in my role as a counsellor is classed as special category personal data, as it relates to mental health and wellbeing. This type of data is subject to additional protections under UK GDPR. My lawful basis for processing special category personal data is the provision of health or social care and the management of health or social care systems, in accordance with Article 9(2)(h) UK GDPR.
Initial contact
When you contact me via the website form or email, I will collect basic personal data to respond to your enquiry. This may include your name, email address, and phone number. If you choose not to proceed with therapy, your data will be securely deleted within 4 months unless you request earlier deletion.
While accessing counselling
All information shared with me during counselling is treated as strictly confidential, except in the following circumstances where I have a legal or ethical obligation to break confidentiality:
If there appears to be a risk of serious harm to yourself or others
In cases of safeguarding concerns (children or vulnerable adults)
If I am required to do so by law (e.g., terrorism, drug trafficking or money laundering legislation)
In a medical emergency
If ordered by a court of law
Wherever possible, I will try to speak with you before breaking confidentiality, unless there are safeguarding issues that prevent this.
I keep brief notes relating to our sessions as per the BACP’s recommended guidelines. Session notes are pseudonymised (using client ID codes rather than names) and stored on a password-protected device. Clinical records will be kept for 7 years following the end of counselling for professional and insurance purposes. These will not include directly identifying details, such as names and contact information.
As a Registered Member of the BACP, I attend regular clinical supervision. Client information discussed in supervision is shared on a pseudonymised and need-to-know basis, with identifying details minimised.
Online therapy and communication
I offer online therapy using Zoom, a secure video conferencing platform that offers encryption and complies with UKGDPR. I do not record sessions. While no online platform can be guaranteed to be 100% secure, I take reasonable steps to select platforms with appropriate security measures in place. You are responsible for ensuring that you are in a private, secure space during sessions.
If you email me directly or contact me via my website form, your message is sent to my Proton Mail account, which uses end-to-end encryption.
Text messages are deleted within 28 days unless the content is clinically relevant—in which case, they may be securely stored with your records.
While I take all reasonable steps to ensure digital communication is secure, I cannot guarantee complete confidentiality via email or text message. Please avoid sending sensitive personal information via these channels where possible.
Payments
If you make payments to me, your name and payment reference may appear on my business bank statements and accounting records. These records are kept securely and may be accessed by my accountant for the purposes of financial administration and HMRC compliance. Financial records are retained for the legally required period (currently 6 years).
How I store your information
All digital records, such as contact details, personal data, client agreements, session notes and correspondence, are accessed only be me (though please see Clinical Will exception below). These are stored:
On 2 password-protected devices: a work laptop computer and a work mobile phone
In files with client ID codes (not full names)
Session notes are pseudonymised (using client ID codes rather than names) and stored on a password-protected device. These are kept separately from clients’ personal data. Every effort is made to keep digital records safe.
Data retention
In line with BACP guidance and insurance requirements, I retain client records for 7 years after the end of our work together. After this time, your data will be securely destroyed. If you wish to have your records deleted sooner, please make a written request. I will consider your request in line with legal and ethical obligations.
Clinical will
In the event that I am unexpectedly unable to continue providing therapy (for example due to a serious accident, sudden illness, incapacity or death), your data will be accessed by my clinical supervisor in order to inform and support you. In such cases, client records may be securely transferred to a new counsellor, if a referral is requested by the client.
Website visitors & cookies
When you visit my website, Squarespace (the hosting provider) collects standard internet log data such as IP address and pages visited. This is used to understand general website usage patterns and does not identify you personally. My website uses cookies to help the site function and improve your experience. You can control cookies through your browser settings. For more information, see Squarespace’s Privacy Policy.
Third parties
I use a small number of trusted third-party services (such as video-calling platforms or email providers) to support my work. These services are chosen for their compliance with UK GDPR and their approach to data security. They are only given access to personal data where necessary and are required to handle it appropriately. I do not allow third-party providers to use your data for marketing purposes. Some third-party services I use may process data outside the UK. Where this occurs, appropriate safeguards are in place to ensure your data remains protected in line with UK GDPR.
Your rights
Under the UK GDPR, you have rights regarding your personal data, including:
The right to access the information I hold about you
The right to request correction of inaccurate data
The right to request deletion of your data (under certain circumstances)
The right to object to or restrict how your data is processed
The right to withdraw your consent (where consent is used as a basis for processing)
The right to lodge a complaint with the Information Commissioner’s Office (ICO)
You can learn more about your rights here: ico.org.uk/your-data-matters
Data breach procedure
In the unlikely event of a data breach that may compromise your personal information, I will notify you as soon as possible and report it to the ICO where required.
How to contact me
If you have any questions, concerns, or requests about your data, please contact:
Eleanor Eyre
info@eleanoreyrecounselling.com
Complaints
If you are unhappy with how I handle your data, please contact me in the first instance. If we cannot resolve the issue, you can raise a complaint with the Information Commissioner’s Office:
Website: www.ico.org.uk/make-a-complaint
Tel: 0303 123 1113