top of page

General Data Protection Regulation (GDPR) Policy

The general data protection regulation bracket (GDPR) is concerned with the
personal information about you that I collect, store, and share. 


This section details my GDPR policy.


  • Name

  • Age

  • Date of Birth

  • Relationships

  • Occupation

  • Address

  • Telephone Number/ Mobile Number (Plus permission to send you a SMS and leave a voice mail.)

  • E-Mail address (Plus permission to send E-Mails)

  • Doctors Telephone Number

  • Doctors Surgery Address

  • Prescribed Medications in relevance to therapy

  • Counselling History

  • Difficulties/Concerns

  • How you sourced me. This is for anonymous use to evaluate any advertising I might have purchased and be advertised in. NB you van refuse this information.




  • Paper: written notes (described below)


  • Smart phone: I use a smart phone and will delete all correspondence once our time together has terminated. I regularly delete SMS, call logs and voice mails.


  • Email/WhatsApp/SMS and correspondence will be stored in my email account which is currently provided by Gmail by nature of you contacting me or vice versa with your permission to use your email address to remind you of any appointment times and to send invoices if necessary. I will use Gmail when responding to website enquiries. Gmail encrypts messages in transit using Transport Layer Security (TLS). This means that emails cannot be read by a third party in transit. Google servers are based in the United States (US). Gmail as part of google is covered by the US privacy shield (a protected, approved security to pass information from the UK to the US.)


  • SMS telephone number may be stored in my SMS or WhatsApp app should we exchange messages in this way. Electronic correspondence will also be held by the corresponding app (Gmail, phones SMS, WhatsApp)


  •  Website none of your personal information is stored on my website which is hosted by Other than to momentarily collect and send it to my Gmail account for the purposes of our initial contact. Electronic correspondence will also be held by the corresponding APP (Gmail and phone SMS) as stated above all correspondence will be deleted after our time together. Wix .com & google analytics collect non-personal data without your identity attached such as traffic and the number of page visits to assist in the evaluation of my website.

  • Please be aware that if you choose to pay for your therapy session by the means of card payment my banking provider will record this transaction.




  • Contact Sheet

  • Contract

  • Assessment Record

  • Brief Session Notes

  • GDPR Agreement

  • Client Code (Linking the documents)



  • Contact name & telephone

  • Email/SMS/WhatsApp

  • Client notes





I attend regular consultations with a qualified supervisor and psychotherapist. The reason for this is to maintain the quality and efficacy of my private practice. In order to protect your privacy, you will be identified by your own personal code and I may include vague, non-identifying details about you. This is so our work together is effective, professional and kept to a high standard so we can develop in your allocated time slot and to meet the standards of the BACP ethical framework.



In the event of my death or incapacity your details, should you still be in therapy with me will be shared with my therapeutic executor so that you can be notified.



If I feel that you are at risk of harming yourself and/or your health is in danger, I may share your contact information with

  • Emergency services

  • Your GP

  • Mental Health Crisis Team


If I feel or become aware that you have the intension of causing harm to others through violence (organised or single acts), terrorism or sexual abuse. The law may require that I contact the relevant organisation without your permission.



After we have finished working together, I will erase any electronically stored information and correspondence within one month.

I will hold onto any paper documentation for up to six years in accordance to my insurer. This is so that I have a reference of our time together should you return to therapy at a later date. After this time period I will shred as confidential waste.



  • Right to be informed

  • Right to access

  • Right to rectify any inaccuracies or incomplete personal information

  • Right to restrict processing

  • Rights to withdraw consent to me using personal information

  • Rights to request that your personal information be erased (NB I can decline whilst the information is needed for me to practice lawfully and competently.)

  • A printed copy of this policy


Please note that a copy of this policy will be given to you when we first meet for the initial therapy session. If we are both in agreement that we will continue working therapeutically together, we will both sign the printed policy to indicate our agreement.


Page copyright of Sophie Barker-Hill trading as The You Tree Counselling and Psychotherapy Service 2018.


Policy formulated from Dean Richardson’s website Havant Counselling. And Karen Emery’s website: Counselling In Notts- GDPR Made Easy for Counsellors:- which references the ICO’s pages on GDPR.



This policy will be reviewed regularly. Updated December 2020

bottom of page