Email: dhbcounselling@hotmail.com Tel: 07421123500
Client Data Protection Agreement
This agreement explains how your personal information is collected, stored, protected, and used during and after our work together. It is written in line with UK GDPR, the Data Protection Act 2018, and the Data Protection and Digital Information Act (DUAA).
My intention is to be clear, transparent, and respectful of your privacy at every stage.
1. Why I hold your information (Lawful Basis for Processing)
I collect and use your information for the following lawful reasons:
Contract – so I can provide counselling safely and effectively.
Legitimate Interests – to maintain professional records, manage appointments, and ensure good clinical practice.
Vital Interests – if I need to share information to protect you or someone else from serious harm.
Consent – only for optional or additional sharing (e.g., liaising with a GP or another professional at your request).
For Special Category Information (health, identity, background, wellbeing), the lawful basis is:
Provision of health care
Vital interests
Explicit consent (only when you choose to give it)
2. What information I collect
I may hold:
Your name, contact details, and emergency contact
Background information shared during assessment
Session notes
Emails, letters, referral information
Any reports or documents you ask me to complete
Supervision notes relating to your care (anonymised where possible)
I only collect information that is necessary for safe therapeutic practice.
3. How your information is stored and protected
Paper Records
Stored in a locked filing cabinet in my private practice room.
Only I have access.
In the event of my death or incapacity, my appointed Contingency Counsellor will take responsibility for your records. They will contact you and manage your information in line with this agreement and UK GDPR.
Electronic Records
Stored on password‑protected, encrypted devices.
Email accounts are secured with multi‑factor authentication.
No information is stored outside the UK/EU.
Backups are encrypted and deleted securely when no longer needed.
4. Sharing your information
Your information is confidential. I will not share it unless:
You give explicit consent
There is a legal requirement (e.g., a court order)
There is a safeguarding concern involving serious risk of harm to you or someone else
I need to seek professional advice to ensure safe practice (information is anonymised wherever possible)
You will always be informed unless doing so increases risk.
5. How long your information is kept (Retention)
Adult counselling records: kept for 7 years after our work ends.
Children’s records: kept until the child reaches age 25 (or 26 if therapy ended at 17).
Complaints: kept for 6 years in line with DUAA and ICO guidance.
Emails and electronic communication are kept for 7 years, then permanently deleted.
After the retention period, paper records are destroyed using a cross‑cut shredder, and electronic records are securely erased.
6. Your rights
You have the right to:
Access your information
Correct inaccurate or incomplete information
Request erasure (in some circumstances)
Request restriction of how your data is used
Object to certain types of processing
Receive a copy of your data in a portable format
Withdraw consent at any time (for consent‑based sharing)
Be informed about how your data is used
Complain to the Information Commissioner’s Office (ICO)
These rights apply unless legal or safeguarding obligations prevent them.
7. Subject Access Requests (SARs)
You can request a copy of your information verbally or in writing. I will:
Respond within one month
Ask for proof of identity if needed
Provide the information free of charge unless the request is excessive or repeated
Explain if an extension is needed for complex requests
8. Data breaches
If a data breach occurs:
I will assess the risk immediately
You will be informed if the breach could affect your rights or safety
I will notify the ICO when legally required
Steps will be taken to prevent future breaches
9. Contingency arrangements
If I am unable to practise due to serious illness or death:
My Contingency Counsellor will contact you
They will manage your records safely and respectfully
They will follow UK GDPR, DPA 2018, and DUAA requirements
They will arrange secure destruction of your records when appropriate
10. Questions or concernsIf you have any concerns about how your information is handled, please speak with me so we can explore this together. If you remain unhappy, you can contact
Email: dhbcounselling@hotmail.com Tel: 07421123500
Client Data Protection Agreement
This agreement explains how your personal information is collected, stored, protected, and used during and after our work together. It is written in line with UK GDPR, the Data Protection Act 2018, and the Data Protection and Digital Information Act (DUAA).
My intention is to be clear, transparent, and respectful of your privacy at every stage.
1. Why I hold your information (Lawful Basis for Processing)
I collect and use your information for the following lawful reasons:
• Contract – so I can provide counselling safely and effectively.
• Legitimate Interests – to maintain professional records, manage appointments, and ensure good clinical practice.
• Vital Interests – if I need to share information to protect you or someone else from serious harm.
• Consent – only for optional or additional sharing (e.g., liaising with a GP or another professional at your request).
For Special Category Information (health, identity, background, wellbeing), the lawful basis is:
• Provision of health care
• Vital interests
• Explicit consent (only when you choose to give it)
2. What information I collect
I may hold:
• Your name, contact details, and emergency contact
• Background information shared during assessment
• Session notes
• Emails, letters, referral information
• Any reports or documents you ask me to complete
• Supervision notes relating to your care (anonymised where possible)
I only collect information that is necessary for safe therapeutic practice.
3. How your information is stored and protected
Paper Records
• Stored in a locked filing cabinet in my private practice room.
• Only I have access.
• In the event of my death or incapacity, my appointed Contingency Counsellor will take responsibility for your records. They will contact you and manage your information in line with this agreement and UK GDPR.
Electronic Records
• Stored on password protected, encrypted devices.
• Email accounts are secured with multi factor authentication.
• No information is stored outside the UK/EU.
• Backups are encrypted and deleted securely when no longer needed.
4. Sharing your information
Your information is confidential. I will not share it unless:
• You give explicit consent
• There is a legal requirement (e.g., a court order)
• There is a safeguarding concern involving serious risk of harm to you or someone else
• I need to seek professional advice to ensure safe practice (information is anonymised wherever possible)
You will always be informed unless doing so increases risk.
5. How long your information is kept (Retention)
• Adult counselling records: kept for 7 years after our work ends.
• Children’s records: kept until the child reaches age 25 (or 26 if therapy ended at 17).
• Complaints: kept for 6 years in line with DUAA and ICO guidance.
• Emails and electronic communication are kept for 7 years, then permanently deleted.
After the retention period, paper records are destroyed using a cross cut shredder, and electronic records are securely erased.
6. Your rights
You have the right to:
• Access your information
• Correct inaccurate or incomplete information
• Request erasure (in some circumstances)
• Request restriction of how your data is used
• Object to certain types of processing
• Receive a copy of your data in a portable format
• Withdraw consent at any time (for consent based sharing)
• Be informed about how your data is used
• Complain to the Information Commissioner’s Office (ICO)
These rights apply unless legal or safeguarding obligations prevent them.
7. Subject Access Requests (SARs)
You can request a copy of your information verbally or in writing. I will:
• Respond within one month
• Ask for proof of identity if needed
• Provide the information free of charge unless the request is excessive or repeated
• Explain if an extension is needed for complex requests
8. Data breaches
If a data breach occurs:
• I will assess the risk immediately
• You will be informed if the breach could affect your rights or safety
• I will notify the ICO when legally required
• Steps will be taken to prevent future breaches
9. Contingency arrangements
If I am unable to practise due to serious illness or death:
• My Contingency Counsellor will contact you
• They will manage your records safely and respectfully
• They will follow UK GDPR, DPA 2018, and DUAA requirements
• They will arrange secure destruction of your records when appropriate
10. Questions or concerns
If you have any concerns about how your information is handled, please speak with me so we can explore this together. If you remain unhappy, you can contact the Information Commissioner’s Office (ICO): 0303 123 1113
