Privacy Notice for Clients 

Paisley Counselling 

Introduction 

Paisley Counselling is committed to protecting your privacy and handling your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the ethical framework of the British Association for Counselling and Psychotherapy (BACP). 

This privacy notice explains how your personal information is collected, used, stored, and protected when you access counselling services through Paisley Counselling. 

 1) Data Controller

Paisley Counselling is the data controller for the personal information you provide. 

Contact details: 

Paisley Counselling 
Studio 55,  
Old Embroidery Mill,  
Seedhill,  
Paisley  
PA1 1TJ 

Email: [email protected] 

Telephone:  07534 375530 

Website: https://paisleycounselling.com

2) The Information We Collect

We may collect and process the following personal information: 

  • Name 
  • Address 
  • Telephone number 
  • Email address 
  • Date of birth 
  • Emergency contact / next of kin details 
  • GP details 
  • Session notes and assessments 
  • Appointment and attendance records 
  • Payment and invoicing information 
  • Information relating to your physical or mental health 
  • Information shared during counselling sessions 

Some of this information is classified as special category data under UK GDPR because it relates to health and wellbeing.

3) Why We Collect Your Information

We collect and use your information to: 

  • Provide counselling and psychotherapy services 
  • Communicate with you about appointments 
  • Maintain professional clinical records 
  • Ensure safe and ethical practice 
  • Manage safeguarding concerns where necessary 
  • Meet legal, regulatory, insurance, and professional obligations 
  • Undertake professional supervision in accordance with BACP (or equivalent professional body) ethical requirements 
  • Maintain business and financial records 

Emergency contact or next of kin details are collected solely for use in situations involving significant concern for your safety or welfare.

4) Lawful Basis for Processing

Under UK GDPR, the lawful bases relied upon for processing your personal information are: 

Article 6 UK GDPR 

  • Performance of a contract – where processing is necessary to provide counselling services requested by you. 
  • Legitimate interests – for maintaining clinical records, professional supervision, and managing the safe and effective operation of the practice. 

Article 9 UK GDPR (Special Category Data) 

As counselling involves processing health-related information, the following condition applies: 

  • Article 9(2)(h) – processing necessary for the provision of health or social care or treatment. 

In limited circumstances, explicit consent may also be relied upon where appropriate.

5) Confidentiality

Everything discussed within counselling sessions is treated confidentially. 

However, confidentiality may be broken where there is a legal or ethical obligation to do so, including where: 

  • there is a serious risk of harm to you or another person; 
  • there are safeguarding concerns involving children or vulnerable adults; 
  • disclosure is required by law or court order; 
  • there are legal obligations relating to terrorism, money laundering, or serious crime. 

Where possible and appropriate, confidentiality concerns will be discussed with you before information is shared.

6) Supervision

As part of professional and ethical practice, counsellors engage in regular clinical supervision. 

Client work may be discussed in supervision in an anonymised or pseudonymised form. Supervisors are also bound by professional confidentiality and data protection obligations. 

 7) How Your Information Is Stored

Paisley Counselling takes appropriate measures to protect your personal information. 

Security measures may include: 

  • locked filing cabinets for paper records; 
  • password-protected devices; 
  • encrypted electronic storage where appropriate; 
  • encrypted emails; 
  • restricted access to records; 
  • secure destruction of records when no longer required. 

Records may be stored electronically and/or in paper format.

8) How Long Information Is Kept

Your information will only be retained for as long as necessary. 

Typical retention periods are: 

  • Initial enquiries where therapy does not proceed: up to 3 months 
  • Contracts and consent forms: 7 years after counselling ends 
  • Clinical notes and assessments: 7 years after counselling ends 
  • Financial records: retained in accordance with HMRC legal requirements 

At the end of the retention period, records will be securely destroyed or permanently deleted. 

Retention periods may be extended where legally necessary, for safeguarding reasons, insurance requirements, or ongoing complaints or disputes. 

9) Sharing Your Information

Your information will not be sold or shared for marketing purposes. 

Information may be shared where necessary with: 

  • professional supervisors; 
  • legal or regulatory authorities where required by law; 
  • safeguarding services; 
  • insurers or professional advisers; 
  • secure service providers involved in practice administration. 

Website and digital service providers may process limited technical data, including: 

  • website hosting providers; 
  • email providers; 
  • analytics providers such as Google Analytics; 
  • spam filtering or security services. 

These providers act as data processors and are required to protect your information appropriately. 

10) International Data Transfers

Some electronic service providers may store or process data outside the United Kingdom. 

Where this occurs, appropriate safeguards will be used to ensure your information remains protected in accordance with UK GDPR requirements.

11) Your Rights

Under UK GDPR, you have rights including: 

  • the right to access your personal information; 
  • the right to request correction of inaccurate information; 
  • the right to request erasure in certain circumstances; 
  • the right to restrict processing; 
  • the right to object to processing; 
  • the right to data portability where applicable. 

Some rights may be limited where legal, ethical, safeguarding, or professional obligations apply.

12) Subject Access Requests

You may request access to the personal information held about you by contacting Paisley Counselling using the details above. 

Requests are normally responded to within one month in accordance with UK GDPR requirements. 

Proof of identity may be requested before information is released. 

13) Complaints

If you have concerns about how your information is handled, please contact Paisley Counselling in the first instance. 

You also have the right to complain to the: 

Information Commissioner’s Office 

ICO Website 

Telephone: 0303 123 1113

14) Website Cookies and Analytics

The Paisley Counselling website may use cookies and analytics tools to improve website performance and user experience. 

Analytics cookies will only be used where appropriate consent has been obtained through the website cookie banner. 

You can manage cookie preferences through your browser settings. 

 15) Changes to This Privacy Notice

This privacy notice may be updated periodically to reflect legal, professional, or operational changes. 

The latest version will always be available on the Paisley Counselling website.