Privacy Policy

This policy explains how I collect, store, and use your personal information when you work with me for counselling or psychotherapy. I take confidentiality and data protection seriously. I follow the General Data Protection Regulation, the UK Data Protection Act 2018, and professional guidance issued by the BACP.

Who I Am

I am an independent counselling practitioner based in Gwynedd, North Wales. For data protection purposes, I am the Data Controller. You can contact me at any time to discuss how your data is handled.

What Information I Collect

I collect information that allows me to provide safe and effective therapy. This includes:

• Your name, contact details, and date of birth.
• Information you share in sessions.
• Notes that I write after sessions. These notes stay brief and factual.
• GP details and emergency contact information.
• Relevant medical, psychological, or medication information if you choose to share it.
• Any emails, texts, or messages you send to arrange sessions.
• Payment records.
• Website browsing data, such as cookies or analytics tools, if you use my website. These tools do not identify you personally.

I only collect information needed for therapeutic work or for lawful record-keeping.

How I Use Your Information

I use your information to:

• Provide counselling and psychotherapy.
• Arrange, reschedule, or cancel sessions.
• Keep clinical records.
• Maintain safety and fulfil my professional responsibilities.
• Manage payments and invoices.
• Meet my legal obligations.

I do not use your data for marketing.

Lawful Basis for Processing

I rely on the following legal grounds:

• Contract. I need certain information to provide therapy.
• Consent. You choose whether to share sensitive information, and you may withdraw consent for non-essential processing at any time.
• Legitimate Interests. I keep brief clinical notes to support safe practice.
• Legal Obligation. I may need to share information if required by law.
• Vital Interests. I may share information if I believe there is a serious and immediate risk of harm.

Confidentiality and When Information May Be Shared

Everything you share is confidential with a few clear exceptions. I may need to share information if:

• You disclose an immediate risk of serious harm to yourself or others.
• There is a safeguarding concern involving a child or vulnerable adult.
• I am required by a court order.
• You share information about terrorism, drug trafficking, or money laundering, which I am legally required to report.

I will always aim to discuss this with you first when possible.

I also attend professional supervision as required by the BACP. Your identity is protected in supervision. Supervisors follow the same confidentiality and data protection standards.

How I Store Your Information

• Clinical notes are stored in a secure encrypted system or locked cabinet.
• Emails and electronic records are protected by password and encryption.
• Payment details are processed through secure third-party providers.
• I do not store unnecessary information.

How Long I Keep Your Information

In line with BACP guidance and insurance requirements:

• I keep clinical notes for seven years after our work ends.
• Emails and administrative records are deleted sooner when no longer needed.
• If you are under 18 when therapy ends, I keep records for seven years after your 18th birthday.

After this time, records are securely destroyed.

Your Rights

Under GDPR, you have the right to:

• Access the information I hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your data, unless I must keep it for legal reasons.
• Restrict how your data is used.
• Request a copy of your data in a transferable format.
• Withdraw consent where consent was the legal basis.

To exercise your rights, contact me directly. I will respond within one month.

Your Right to Complain

If you have concerns about how your data is handled, please contact me first so we can resolve the issue. You also have the right to raise a concern with:

The Information Commissioner’s Office (ICO)
www.ico.org.uk

Website, Cookies, and Third-Party Services

If you visit my website (www.luke-sanders.com), the site may collect basic analytics data such as page views or device type. This information does not identify you. You can set your browser to refuse cookies.

I do not share your information with advertisers.

Online Therapy Platforms

If sessions take place online, I use platforms that offer end-to-end encryption. You are responsible for the privacy of your own device and internet connection.

Changes to This Policy

I may update this policy to reflect changes in law or clinical practice. The most current version will always be available on my website or on request.

Contact

If you have questions or want to discuss anything in this policy, please contact me (info@luke-sanders.com). I am happy to clarify how your information is used and protected.

Updated 05/12/2025