I ensure I maintain your confidentiality in accordance with current data protection laws (GDPR, 2018) and the ethical guidelines of the British Association for Counselling and Psychotherapy. These guidelines were created to protect your confidential information and to ensure that I conduct myself with professionalism and integrity.
To provide a good service, I will hold your contact details and records of your therapy sessions. Below is information concerning how this information will be stored and used.
Your personal information
When you book your first appointment with me, I will ask for your contact information like your name, email address and telephone number and some brief details of the issues you are seeking help with.
This is stored in a password protected database that only I have access to. In your first session, I will complete a contact card for you which includes your contact information, date of birth and an elected emergency contact’s name and telephone number. These cards are stored in a locked filing cabinet that only I have access to.
This personal information will be held for the duration of your therapy after which your information will be deleted from my database and your contact card will be confidentially destroyed.
Please be aware that I will need to keep a record of your name for seven years after the end of your therapy, so that I can respond effectively to any potential requests regarding your clinical notes and treatment.
I will never pass your contact details to any third parties for the purpose of sales, marketing or research and will never use your personal information for purposes other than the administration of the counselling services I am providing to you. For example, to arrange, cancel and rearrange appointments and collect payments for sessions.
When you make a booking, I use Acuity Scheduling (an online booking system) to add your appointment to my calendar and send you an automatic confirmation email. This process uses your first name, last name initial and email address and this information is stored by Acuity Scheduling for this purpose only. This information is deleted from Acuity Scheduling when you finish counselling with me.
Your payment details
All payments made through my website elsieowen.com are made through the secure Stripe server. My website therefore does not hold your payment information. Where you have made payment for a session over the phone, I will never keep a record of your card details. This information is inputted directly into the Stripe payment processor and no written record will be taken.
Your therapy sessions
Everything that you discuss with me is confidential. Confidentiality will only be broken if there is concern about your safety or the safety of someone else or I am instructed to do so by a Court of Law. I will always endeavour to discuss this with you first.
I discuss my clinical work with a supervisor to ensure that I am offering you the best service possible. These conversations are bound by confidentiality and you will only be referred to by your first name.
I will also keep notes of each session. These are anonymised and stored in a locked filing cabinet. These notes are for my use only and help me to a track of everything that we are discussing. In line with industry guidelines, these notes must be kept securely for seven years after your therapy finishes. After this time, they will be confidentially destroyed.
In the instance that your sessions are paid for or arranged by someone else – like your employer or a family member, other than payment requests, invoices or receipts, your counselling information will never be shared.
Details about what is discussed in your sessions will remain confidential between you and me. Any other information can only be shared if you give me written consent to do so.
Your communications with me
My email account uses the secure GSuite server and is double password protected. Only I have access to my email account. All our email communication remains in my email account as part of my records for the duration of your therapy, after which, all email threads associated with our work will be securely deleted.
All phones, tablets and laptops used to respond to your emails are protected with anti-virus software and are password protected.
I will only use your email address and telephone number to contact you about payments, appointments and any information that I feel is pertinent to your therapeutic process.
Any personal data retained by me is kept in accordance with GDPR, 2018.
Under these guidelines you have the following rights
1. The right to request access to your data
You can request to view the information that I hold about you at any time. If during therapy you wish to see your session notes, please let me know. If you require a copy of you notes after your therapy has ended you can make this request by emailing me at
2. The right to rectification
At any point during your therapy or in the seven years thereafter, while I retain your records, you have the right to request amendments to your contact details or session notes. This right can be exercised by contacting me at or speaking to me in person.
3. The right to be forgotten
You can request that I delete and confidentially destroy the information I hold about you and your sessions at any time. This request can be made by emailing me at
Instances where I would not be able to comply with your request are as follows:
a) It is necessary for me to retain these records in order to continue providing an effective service
b) I am compelled to retain these records by a Court of Law.
c) I require these records in order to establish, exercise or defend legal claims
At the end of your initial consultation, I will ask you to sign a consent form stating that you understand and agree to my terms and conditions and the privacy agreement outlined above. In doing so, you give me permission to store, access and use your personal contact details and session notes within the legitimate remit of providing a counselling service to you.
You are entitled to withdraw this consent at any time and can do so by contacting me at
Breaches of data protection
In the event of any breach of my data protection policies, I will notify you and the Information Commissioner’s Office (ICO) within 72 hours of the breach and will seek to rectify this immediately.
Should you have any concerns about my data protection practices, you can raise these with me directly or by email at firstname.lastname@example.org. You can also notify the ICO. I am registered with ICO as Elsie Owen.