I ensure I maintain your confidentiality in accordance with current data protection laws (GDPR, 2018) and the ethical guidelines of the British Association for Counselling and Psychotherapy. These guidelines were created to protect your confidential information and to ensure that I conduct myself with professionalism and integrity.
To provide a good service, I will hold your contact details and records of your therapy sessions. Below is information concerning how this information will be stored and used.
Your personal information
When you book your first appointment with me, I will ask for your contact information: your name, email address and telephone number.
I will ask you to sign a therapy agreement when we begin working together. I use a service called Docusign to get your digital signature. A copy of the signed agreement will be stored within my Docusign account which I will download and add to your client record on Kiku. The copy stored on my computer will be securely deleted when this process is complete, as well as the copy stored within my Docusign account. Docusign is secure, confidential and GDPR compliant.
Please be aware that I will need to keep a record of your name for seven years after the end of your therapy, so that I can respond effectively to any potential requests regarding your clinical notes and treatment.
I will never pass your contact details to any third parties for the purpose of sales, marketing or research and will never use your personal information for purposes other than the administration of the counselling services I am providing to you. For example, to arrange, cancel and rearrange appointments and collect payments for sessions.
In the event of my death or sudden illness that means I am unable to contact you, I have appointed a Therapeutic Executor who will take care of contacting you on my behalf. They are a qualified psychotherapeutic counsellor and adhere to the same ethical framework and confidentiality that I adhere to. They will only access your contact details in an emergency and discuss with you appropriate onward arrangements.
Visitors to the website.
Your payment details
All payments made through my website elsieowen.com are made through the secure Stripe server. My website therefore does not hold your payment information. Where you have made payment for a session over the phone, I will never keep a record of your card details. This information is inputted directly into the Stripe payment processor and no written record will be taken.
Your therapy sessions
Everything that you discuss with me is confidential. Confidentiality will only be broken if there is concern about your safety or the safety of someone else or I am instructed to do so by a Court of Law. I will always endeavour to discuss this with you first.
I discuss my clinical work with a supervisor to ensure that I am offering you the best service possible. These conversations are bound by confidentiality and you will only be referred to by your first name.
I will also keep notes of each session. These are anonymised and stored in a locked filing cabinet. These notes are for my use only and help me to a track of everything that we are discussing. In line with industry guidelines, these notes must be kept securely for seven years after your therapy finishes. After this time, they will be confidentially destroyed.
In the instance that your sessions are paid for or arranged by someone else – like your employer or a family member, other than payment requests, invoices or receipts, your counselling information will never be shared.
Details about what is discussed in your sessions will remain confidential between you and me. Any other information can only be shared if you give me written consent to do so.
Your communications with me
My email account uses the secure GSuite server and is double password protected. Only I have access to my email account. All our email communication remains in my email account as part of my records for 7 years after the end of your therapy, after which, all email threads associated with our work will be securely deleted.
All phones, tablets and laptops used to respond to your emails are protected with anti-virus software and are password protected.
I will only use your email address and telephone number to contact you about payments, appointments and any information that I feel is pertinent to your therapeutic process.
Any personal data retained by me is kept in accordance with GDPR, 2018.
Under these guidelines you have the following rights
1. The right to request access to your data
You can request to view the information that I hold about you at any time. If during therapy you wish to see your session notes, please let me know. If you require a copy of you notes after your therapy has ended you can make this request by emailing me at
2. The right to rectification
At any point during your therapy or in the seven years thereafter, while I retain your records, you have the right to request amendments to your contact details or session notes. This right can be exercised by contacting me at or speaking to me in person.
3. The right to be forgotten
You can request that I delete and confidentially destroy the information I hold about you and your sessions at any time. This request can be made by emailing me at
Instances where I would not be able to comply with your request are as follows:
a) It is necessary for me to retain these records in order to continue providing an effective service
b) I am compelled to retain these records by a Court of Law.
c) I require these records in order to establish, exercise or defend legal claims
At the end of your initial consultation, I will ask you to sign a consent form stating that you understand and agree to my terms and conditions and the privacy agreement outlined above. In doing so, you give me permission to store, access and use your personal contact details and session notes within the legitimate remit of providing a counselling service to you.
You are entitled to withdraw this consent at any time and can do so by contacting me at
Breaches of data protection
In the event of any breach of my data protection policies, I will notify you and the Information Commissioner’s Office (ICO) within 72 hours of the breach and will seek to rectify this immediately.
Should you have any concerns about my data protection practices, you can raise these with me directly or by email at firstname.lastname@example.org. You can also notify the ICO. I am registered with ICO as Elsie Owen.