Privacy Policy

Introduction

I am committed to protecting and respecting your privacy and handling your personal information in accordance with UK data protection law.
This Privacy Notice explains how I collect, use, store and protect your personal information when you contact me, enquire about counselling services, or engage in therapy with me.

Data Controller

The Data Controller responsible for your personal information is:
Emma Harrop
Trading as Thoughts Allowed Counselling
Email: thoughtsallowedcounselling@gmail.com

Information I Collect

I may collect and process the following personal information:

  • Name
  • Address
  • Telephone number
  • Email address
  • Date of birth
  • Emergency contact details
  • Information contained in emails, messages, contact forms and other correspondence
  • Payment information and records of transactions

Why I Collect Your Information

I collect and process personal information to:

  • Respond to enquiries about counselling services
  • Arrange and manage appointments
  • Provide counselling services safely and effectively
  • Maintain appropriate clinical records
  • Manage payments and accounting obligations
  • Comply with legal, ethical and professional responsibilities

Lawful Basis for Processing

I process personal information under one or more of the following lawful bases:

  • Performance of a contract
  • Legitimate interests
  • Compliance with legal obligations
  • Explicit consent where required
Special category information relating to health and wellbeing is processed where necessary for the provision of counselling services and in accordance with applicable data protection legislation.

Confidentiality

Information shared during counselling sessions is treated confidentially.
However, confidentiality may need to be broken where:

  • There is a serious risk of harm to you or another person.
  • There are safeguarding concerns involving a child or vulnerable adult.
  • Disclosure is required by law or court order.
    Where appropriate, I will discuss any necessary disclosure with you unless doing so would
    increase risk.

Storage and Security

I take reasonable steps to protect personal information.
Measures may include:

  • Password-protected electronic systems
  • Password-protected documents
  • Secure email communication where appropriate
  • Locked storage for paper records
  • Restricted access to client information

Retention of Records

Client records are retained for five years following the end of therapy and are then securely
destroyed.
Financial records may be retained for longer where required by law.

Sharing Information

Your information will not normally be shared with third parties unless:

  • You have provided consent.
  • Disclosure is necessary to protect you or another person from serious harm.
  • Disclosure is required by law.
  • Professional supervision is undertaken in accordance with professional ethical requirements, with identifying details minimised wherever possible.

Your Rights

Under UK data protection law, you may have the right to:

  • Request access to your personal information.
  • Request correction of inaccurate information.
  • Request erasure of information where applicable.
  • Request restriction of processing.
  • Object to certain processing activities.
  • Request transfer of information where applicable.
  • Withdraw consent where consent is the lawful basis for processing.

Some rights are subject to legal and professional limitations.

Data Protection Complaints Procedure

If you have concerns about how your personal data has been collected, stored, used, shared or otherwise processed, you may make a data protection complaint.

How to Make a Complaint

Please submit your complaint in writing by email, providing:

  1. Your name and contact details.
  2. Details of your concern.
  3. Any relevant dates or correspondence.
  4. The outcome you are seeking.

Complaints should be sent to:

  1. [Emma Harrop]
  2. Data Controller
  3. Email: [thoughtsallowedcounselling@gmail.com]

What Happens Next

1. Your complaint will be acknowledged within 30 days of receipt.
2. Your concerns will be reviewed and investigated.
3. Further information may be requested if required.
4. A written response will be provided as soon as reasonably possible.

If You Remain Dissatisfied

If you are not satisfied with the outcome of your complaint, you have the right to complain to
the Information Commissioner’s Office (ICO).

Website: https://ico.org.uk

Record Keeping

A record of data protection complaints and actions taken will be retained for compliance and accountability purposes.  

Changes to This Privacy Notice

This Privacy Notice may be updated from time to time. The most recent version will always be available on request and, where applicable, on the practice website.
Last updated: June 2026