Privacy Policy

Last Updated: 01/07/2025

 

1. Introduction and purpose

This privacy policy explains how I, Claire Hastings, trading as InnerMe Counselling, collect, store, use, and protect your personal information. It is written in line with the UK General Data Protection Regulation (UK GDPR) and guidance from the Information Commissioner's Office (ICO).

 2. ICO Details, Contact Address, Information Requests.

I am registered with the Information Commissioner’s Office, registration number ZB929401.

The email address is inmeco@proton.me.

 3.What do I use your information for?

I collect and use your information to engage in my work with you as a therapeutic Counsellor. This includes providing you with a professional counselling service, offering suitable counselling appointments, notifying you about changes to your appointments and any other changes, administering the handling of payments, accounting and other financial controls, forward documentation to you relating to your counselling.

       a) Telephone calls, telephone counselling and text messaging.

             I will use my mobile phone to make calls or send text messages relating to your sessions.

When using telephone or SMS (text) communication:

• Your phone number will be stored on my phone under a client code or first name only (not full name)

• Call logs and text message metadata (e.g. time, date, number) may be automatically stored by the mobile provider as part of the service

• I do not record any phone calls

• I will only send essential messages (e.g. appointment reminders or changes) and will not discuss sensitive content via text unless agreed with you

Please avoid sending sensitive personal information by text unless we’ve agreed it’s appropriate, as SMS is not fully secure.

   b) Online video platforms

When sessions take place online, I may use a secure third-party video platform such as Microsoft Teams, VSee, or TrueConf. These platforms require basic information (such as your name, email address, and IP address) to function, and may collect metadata such as session times and device type. I do not record sessions, and I do not enable any features that allow this.

These platforms are chosen for their security and privacy protections, but your data is also subject to their own privacy policies. Please avoid sharing personal information through chat or file-sharing features unless necessary.

     c) Clinical will

As part of my professional duty of care, I have a Clinical Will in place. This ensures that, in the unlikely event of my serious illness or death, a trusted nominated colleague can access client contact information in order to notify you and support continuity of care or provide appropriate closure.

For this purpose, I securely store client contact details within the Clinical Will App, a GDPR-compliant platform designed for this specific use. Only your name, phone number and/or email address, and start date of therapy are included. No sensitive session notes or health information are shared.

Please see section 10  for more information about third party processing and section 11 for data retention information

  4.What Information I collect and why.

  a)Initial enquiry: When you make an initial enquiry by text, telephone or email I will only collect information to help me satisfy your enquiry, including your name, age and contact details.

If you contact me via a contact form on my website (when available), I may collect your name, email address, and the content of your message. This information is used solely to respond to your enquiry and is not shared with third parties, except as required for website hosting or email services under strict confidentiality agreements.

 b) First appointment: I collect more detailed personal information to help me to decide about my offer of counselling. This may include: -

• Personal information, name, marital status, dob, age,

• Contact information, GP and emergency contact details

• Personal history, current circumstances, and mental health information.

• Information classed as special category data (e.g. health, gender identity) for therapeutic purposes.

  c) During Counselling: As our work progresses, you may share additional personal or sensitive information. I keep brief anonymised session notes to support our work, and relevant information disclosed in sessions may be included if necessary to maintain the continuity, safety, and quality of your care.

  d) Telephone and Online Counselling (Safety and Location)

If we are working remotely by phone or video, I may ask for your current location at the start of our sessions together. This is to help ensure that, in the unlikely event of an emergency, I would be able to direct emergency services to your location if needed.

I may check during later sessions whether you remain in the same location, but I do not record your location at every session. I will only store this information for as long as it is relevant to your safety, and it will not be shared unless required by law (e.g. in a safeguarding situation).

You are not required to provide your location, and I will respect your decision if you choose not to share it. Please note, however, that this may limit what I can do to help in an emergency.

5. Legal Bases for Using Your Data.

The GDPR states that I must have a lawful basis for processing your personal data and any special category information. Depending on the stage of our work, I rely on one or more of the following lawful bases:

• Consent: You agree to me using your information after being fully informed.

• Contract: Needed to deliver counselling services to you.

• Legal Obligation: To comply with UK law.

• Vital Interests: If someone is at risk of serious harm.

• Legitimate Interest: After counselling ends, I retain records to meet ethical and legal responsibilities.

 6. Confidentiality and your personal information

All information relating to your counselling is confidential. However, there are circumstances where I will share relevant information.

 These are where:

  a) You have provided me with your consent and request I share information

   b) I am required to do so by a court order.

For legal and ethical reasons - where you disclose information to me relating to safeguarding issues serious crime, and risk of harm to yourself or others.

 

  7. Your Rights: You have the right to:

Access your data- There are some exemptions which may mean you do not receive all the information you ask for.

• Correct inaccurate or incomplete information

• Ask for your data to be deleted- (in certain situations).

• Limit how your data is used – (in certain circumstances).

• Object to processing

• Request that we transfer your personal information to another organisation, or to you – in certain situations.

• Withdraw consent at any time – (note: Counselling will need to end if you withdraw your consent while actively working with me).

 For full details visit: https://ico.org.uk/your-data-matters/

 

 8. Where do I get your personal information from?

• Directly from you.
• From Others. Occasionally I may receive information from the others on your behalf, but they should ask for your consent first. This might include: -

       b)Your GP or other health care professional when making a referral.

       c) A trusted individual, when making an enquiry on your behalf.

 

 9. Data Storage and Security

I take the security of the data I hold about you very seriously and I take every effort to make sure it is kept secure.

• Paper records are kept in a locked filing cabinet.

• Personal information is stored electronically on a laptop I use exclusively for my counselling practice. This laptop is password protected as are the separate computer files on the laptop.

• I do not upload to cloud storage options.

  • Back-ups are saved to an encrypted external hard drive.

• I keep brief handwritten session notes. These are anonymised and kept separately to your personal information.

• Texts and emails are deleted regularly unless needed for record-keeping.

• Phone numbers are stored in a way that does not identify you.

 

  10. Third Parties:

 I only share data with third parties when essential and under strict agreements that protect your confidentiality. These third parties are involved in helping me run my counselling practice securely and effectively. I will never sell your data or share it for marketing purposes.

The third parties I may use include:

Email service provider:

I use email to manage enquiries and ongoing communications. This is securely hosted and access controlled.

Provider:  ProtonMail

Privacy Policy:  Privacy Policy | Proton

Website hosting provider and contact form:

My website may be hosted by a provider that stores submitted form data or logs website activity.

Webador have confirmed to me that they do not retain your personal information from contact forms.

Provider: Webador

Privacy Policy:  Privacy statement | Webador

Banking/payment services:

If you make payments by bank transfer or card, your details are processed by the relevant financial institutions. I do not store card or banking details myself.

Provider: NatWest

Privacy Policy:  Our privacy policy | NatWest

Clinical Will storage provider:

In the event of serious illness or death, I have a clinical will in place to ensure appropriate professional handling of your records. The appointed professional will access your contact information via the clinical will app to let you know that I am no longer able to practice and to offer support in making alternative arrangements. I use:

Provider: The Clinical Will App

Privacy Policy  ClinicalWill.app | Privacy Notice

 

Each third-party provider I use is GDPR-compliant or subject to equivalent legal safeguards. I regularly review these services to ensure your data is protected.

Mobile phone network:

The network provider may process data such as your phone number and call details in line with their own privacy policy and UK telecom regulations.

Provider: 1p mobile

Privacy Policy: 1pMobile Terms and Conditions

Online Digital Platforms:

I use the following video conferencing platforms to be able to conduct counselling sessions online:

• Microsoft Teams

• Vsee

• Trueconf

These services are used for real-time sessions only. I do not record sessions, and I do not enable any recording features. The platform we use will be agreed with you in advance.

When joining a session, the platform may process basic technical information to allow the video call to function. This may include:

• Your name or display name (if entered)

• Your email address (if used to invite you)

• Your IP address and device/browser type

• Connection information (such as session time and network speed)

These platforms do not store or access session content unless recording is enabled (which I do not permit).

While all reasonable measures are taken to protect client privacy, once information leaves the counsellor's systems (e.g., data shared during video sessions over third-party platforms), complete control cannot be guaranteed. As the client you are encouraged to review the privacy settings and terms of the communication platform used.

You are encouraged to review the platform’s own privacy policy for full details:

Provider: Microsoft Teams: Security, Compliance, and Privacy | Microsoft Teams

Provider: VSee: /privacy-feb-8-2024

Provider: TrueConf: Privacy Policy

 

11.Data Retention and Categories

 I will keep some of your personal data after we have finished working together for the following reasons:

• To comply with the policy of the BACP

• To comply with the requirements of my public liability insurer

• To respond to any questions, complaints or claims made by you or on your behalf.

• To keep records required by law.

The table below gives details: -