GDPR Information
This Privacy Policy explains how I use and protect any information that you give to me when you use my service.
I am committed to ensuring that your privacy is protected. Should I ask you to provide certain information by which you can be identified when using my services, this will only be used in accordance with this privacy statement.
This policy may change from time to time. You are requested to please check this page to ensure that you continue to be comfortable with the measures that I take to protect your privacy. This policy is effective from : 02 June 2025
By visiting this website you are accepting and consenting to the practices described in this policy.
By continuing to use this site, you are agreeing to the use of cookies as described below.
For the purpose of the Data Protection Act 1998 (the Act) and GDPR, the data controller is: Laura Britton
What is GDPR?
On the January 31, 2020 the General Data Protection Regulation (UK-GDPR) legislation came into effect alongside the Data Protection Act 1998.
It is designed to give individuals control back over personal information and to simplify regulation for business.
The 6 Principles of GDPR
Information is:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to
ensure that personal data that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including
protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The controller shall be responsible for and be able to demonstrate compliance with all of these principles.
Information that may be collected
You may give information about you such as name, address and phone number, by filling in forms on the website or by corresponding by phone, e-mail or otherwise. Received information about you from other sources, such as Google Analytics, may also be collected.
With regard to each of your visits to the website, we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Information about your visit, including the full Uniform Resource Locators (URL) through and from our site (including date and time); services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Any personal information such as name, postal address, telephone number, and email address given via the website will only be used to provide a requested service, and will not be disclosed to any other third party without your prior permission, or unless required to do so by law, such as terrorism, money laundering, drug trafficking, radicalisation or safeguarding concerns.
How your information is used
Information may be used to:
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us.
- To notify you about changes to our services;
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To operate our business efficiently including financial records
Links
The website may have links to third party sites we have no control over. If you visit those sites you should check you are happy with their own privacy policies and terms of use before providing any personal information. In addition, if you are linked to our website from a third party, we cannot be responsible for the privacy policies and practices of that third party site.
Where your data is stored
The data collected will be stored securely online, presently hosted by EU and UK based servers.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Should you choose to contact us using an email link, or our contact form none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors.
Instead the data will be collated into an email and sent to us over the Transport Layer Security (TLS).
This website is hosted by 3rd party servers located in the UK and EU which are compliant with EU legislation.
Website Legal Disclaimer
The information contained in this website is for general information purposes only. Whilst we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Access to information
You can request access to the personal information that we hold about you.
You may request amendments to the personal information we hold about you that is inaccurate or out-of-date. If you request that we delete your personal information, we will take all reasonable steps to do so unless we need to keep it for legal, auditing or internal business purposes.
Your acceptance
By using the website, you consent to the collection and use of the information by us in accordance with our privacy policy.
Your rights
Any personal information submitted via our website is treated in accordance with the data protection Act 1998, including compliance with GDPR 2018. To find out more about your entitlements under this legislation, visit the Information Commissioner’s website at https://ico.org.uk/
Privacy Policy
I understand how important your privacy is. I take care to maintain your confidentiality in accordance with current data protection laws (GDPR, 2018) and the ethical guidelines of UKCP. These guidelines have been set up to protect your confidential material and ensure that your therapist always conducts themselves with professionalism and integrity.
In order to provide you with the best service possible, I will hold your personal contact details and records of your therapy sessions. Please find below important information about how this information will be held and used.
Your personal information
I use the secure, encrypted and password protected practice management platform, Zanda Health to collect and store your personal data. At the point of booking your initial consultation with me, you will be asked for your personal contact information, for example your name, address, email address and telephone number and you may also choose to share details of the issues you are looking for help with.
Your contact information is stored securely in Zanda Health and can only be accessed by me.
In order to be able to fulfil my duty of care to you, in your initial consultation or first treatment session, I will ask you for contact information for your GP and elected Emergency Contact person. These details will be stored securely in Zanda Health and will only be accessible to me.
Please note that I will need to keep a record of your name and client reference number for seven years after the end of your therapy, so that I can respond effectively to any potential requests regarding your clinical notes and treatment.
I will never pass on your contact details to any third party organisations for the purposes of sales, marketing or research and will never use your personal data for any purposes other than the administration of the counselling service I am providing to you i.e. to arrange, cancel and rearrange appointments and collect payment for sessions.
Your therapy sessions
Everything that you discuss with me is confidential. Confidentiality will only be broken if there is concern about your safety or the safety of someone else or I am instructed to do so by a Court of Law. I will always endeavour to speak to you about this first.
During remote working I will ensure that I am conducting online sessions in a quiet, private and confidential setting. I have selected the video calling platform Zoom that offers end to end encryption to ensure maximum privacy. Please note however that I cannot be held responsible for any breaches that occur due to failures in this technology.
I discuss my clinical work with a supervisor. This is to ensure that I am providing you with the best service possible. These conversations are bound by confidentiality and you will only be referred to by your first name.
I keep notes of each session. These are anonymised and are stored in a locked filing cabinet (if paper-based) or within the password protected Zanda Health system. These notes are for my use only and help to keep a track of everything that is being discussed. In line with industry guidelines, these notes will be kept securely for up to seven years after your therapy comes to an end. After this time, they will be confidentially destroyed.
If your sessions are paid for or are arranged via a third party, (e.g. your employer, a friend, or a family member), other than payment requests, invoices or receipts your counselling information will not be shared. Details about what is discussed in your sessions will remain confidential between us. Any other information can only be shared if you provide your written consent.
Your communications with me
My protonmail email account is end-to-end encrypted and password protected. If you send an email to my email address, only I will have access to it.
All phones, tablets and laptops used to respond to your emails are encrypted, fully protected with anti-virus software and password protected.
Data Usage
I will only use your email address and telephone number to contact you about your appointments. I may also contact you directly via email in order to share information with you that is pertinent to your therapeutic process.
Your phone number may also be used to issue appointment reminders via text message.
Your rights
Any personal data retained by me is kept in accordance with the GDPR, 2018.
Under these guidelines you have the following rights
- The right to request access to your data
You can request to view the information that I hold about you (contact details, appointment logs etc.) at any time. If during therapy you would like to see your session notes, please [let me know. Should you require a copy of your notes after your therapy has come to an end you can make this request by emailing
- The right of rectification
At any point during your time using my service or during the seven years thereafter, while we retain your records, you have the right to request amendments to your contact details or session notes. This right can be exercised either by speaking directly to me or by contacting me in writing.
- The right to be forgotten
You can request that I delete and confidentially destroy the information that I hold about you and your sessions at any time. This request can be made by contacting me at
Instances where I would not be able to comply with your request are as follows:
- a) It is necessary for me to retain these records in order to continue providing an effective service
- b) I am compelled to retain these records by a Court of Law
- c) I require these records in order to establish, exercise or defend legal claims
Consent
When you book your first session with me, you will be asked to provide a digital signature and tick a checkbox to confirm that you consent to the storage and processing of your personal data for the purposes of providing therapeutic services.
You are entitled to withdraw this consent at any time and can do so by emailing me at
Breaches of data protection
In the event of any breach of my data protection policies, I will notify you and the Information Commissioner’s Office (ICO) within 72 hours and will seek to rectify this immediately.
Raising concerns
Should you have any concerns about my data protection practices, you can raise these directly with me. You can also notify the Information Commissioner’s Office. I am registered with ICO under the reference number ZA326387
