top of page

Confidentiality & Privacy Policy for The Ivy Room Counselling

At the Ivy Room Counselling, your privacy and confidentiality are at the heart of the therapeutic relationship. We are committed to protecting your personal information in Accordance with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and guidance from the Information Commissioner’s Office (ICO) and the British Association for Counselling and Psychotherapy (BCP).


This policy explains:

  • What personal data we collect

  • Why we collect it

  • How it is stored and protected

  • When and why it may be shared

  • Your rights regarding your data

  • What to do if you have concerns

Who we are
The Ivy Room Counselling is an independent counselling practice founded by Natalie Jackson (MBACP), offering therapeutic support in a safe, compassionate environment. We are registered with the ICO as a data controller.


Confidentality
Your sessions are held in strict confidence. I will never share your information without your written consent, except in rare cases where:

  • There is a risk of serious harm to you or others.

  • I am legally required to disclose information.

  • There is a safeguarding concern involving a child or vulnerable adult.

Whenever possible, I will discuss this with you first.


What Information I Collect
We collect only the information necessary to provide safe, ethical, and effective Counselling. This may include:

  • Personal details: name, contact details, contact information and emergency contact.

  • Health & wellbeing information: what you share in sessions about your emotional, psychological, or physical health.

  • Administrative data: appointment records, invoices, payments.

  • Website data: limited technical data such as cookies (see below).


This is collected with your consent and used solely for therapeutic purposes.

Why we Collect and Use Your Data
Your information is used solely for professional purposes, including:

  • Providing counselling services.

  • Arranging and managing sessions.

  • Keeping records in line with ethical and legal requirements.

  • Responding to enquiries, safeguarding concerns, or complaints.

  • Meeting legal obligations (e.g. financial record keeping).

We do not use your data for marketing unless you have explicitly consented.


Legal Basis for Processing
Under GDPR, we process your data under the following lawful bases:

  • Contract: to provide counselling services.

  • Legal obligation: to retain certain records (e.g. tax).

  • Vital interests: to protect you or others from serious harm.

  • Consent: where you have given clear permission (e.g. for specific communications).

Confidentiality and When Your Data May Be Shared
Everything shared in counselling is treated with the utmost confidentiality. Information may only be shared in the following circumstances:

  • With your consent: e.g if you ask us to liaise with your GP.

  • Supervision: anonymised discussion with a qualified supervisor, as required by the BACP.

  • Legal/safeguarding obligations: if there is a risk of serious harm, disclosure of abuse, acts of terrorism, or a court order.

  • Service providers: limited data shared with GDPR - compliant providers (e.g payment processors).

We never sell or share your data for commercial purposes.
How Your Data Is Stored and Protected

  • Client notes are stored securely in encrypted digital files.

  • Personal data is stored separately from session notes.

  • Any paper records are locked securely.

  • Devices are password-protected and use up-to-date security software. Data Retention

  • Counselling records: kept for up to 7 years after our work ends (in line with insurance and professional guidance).

  • Financial records: retained for at least 6 years for HMRC purposes.

After these periods, all records are securely deleted or destroyed.


Cookies and Website Use
Our website may use cookies to improve your browsing experience (e.g. remembering preferences, monitoring traffic). You can disable cookies in your browser settings.
We do not use cookies to collect sensitive personal data.

Your Rights
You have the right to:
● Access your personal data.
● Request corrections to inaccurate information.
● Request erasure of your data (in certain circumstances).
● Restrict or object to processing.
● Request data portability.
● Withdraw consent at any time (where consent was the legal basis).


To exercise your rights, please contact: natalie@theivyroomcounselling.com.
We will respond within 30 days.


Data Breaches
If a data breach occurs that risks your rights or freedoms, we will notify both you and
the ICO within 72 hours, in line with GDPR.


Concerns or Complaints
If you have concerns about how your data is being handled, please contact: natalie@theivyroomcounselling.com.
If unresolved, you can raise a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk


Policy Updates
This policy will be updated from time to time. Any changes will be posted on our website, and where appropriate, we will notify you directly.


Questions or Concerns
If you have any questions about this policy, I welcome you to get in touch.
Your safety, autonomy , and trust matter deeply here.
Thank you for taking the time to read this policy,
Natalie


Founder, The Ivy Room Counselling
Effective date: 17/10/2025

bottom of page