GDPR Agreement

This agreement explains how any personal data I collect from you, or that you provide to me, will be stored and processed confidentially and in compliance with GDPR regulations.

How I gather your personal information:

  • Information that you provide by emailing, phone calls and when contacting through therapy directories (BACP, Counselling Directory).
  • The initial assessment session.
  • Brief session notes.
  • I offer counselling online and use the platforms Zoom and Proton Mail. These platforms are encrypted and secure. I do not record sessions on Zoom. Emails will be deleted regularly and are not stored long term. 

Where I store your personal data

  • Personal data collect from you will be kept securely.
  • The initial session form, your contact details, and brief session notes are stored on a computer and are password protected.
  • A backup of all data is made using Proton Drive, which is a secure, encrypted cloud service.
  • The session notes are anonymised, by using a number system and initial, and kept separately from your contact details.
  • I will do everything I can to make sure your data is managed securely and in accordance with this privacy policy.

How Your Information is Used:

  • I use your personal details to contact you relating to the counselling service I offer. This will include organising appointments, communication about rescheduling and for you to notify me of any changes you may request.
  • I use the session notes to briefly record each session. This helps me manage and guide the counselling sessions we have together and allows me to meet the counselling agreement statements.
  • I attend supervision regularly to monitor and improve my practice and offer the best support I can to you. Supervisors are also bound by their own professional confidentiality agreement.

How Long Do I Keep Your Personal Data:

  • I regularly delete emails and clear all saved number from my phone records, around once a month.
  • I will store your contact information and session record while we have sessions together. After therapy has finished, I will keep these documents for a further five years, as required by my insurance company. It also means I will be able to access your information if we work together again. After five years, your data will be deleted permanently.

Your rights/ Accessing Your Data:

  • You have the right to view, amend, or request deletion of the personal information I hold about you.
  • I will respond to any such request within one month.
  • To make a request, please email me at jamie@innerworking.co.uk.

In the event of a data breach:

  • I have a legal obligation to report a data breach to you and the Information Commissioners Office (ICO) within 72 hours.

Disclosure of our personal information:

  • In the event of my incapacity or death your personal contact information will be disclosed to my clinical executor so that they can notify you. In the event of my death my executor will also destroy all contact information and notes on my computer.
  • If I am under a duty to disclose or share your personal data to comply with any legal obligation. For example, if I am subpoenaed to court, or as a legal requirement such as safeguarding children or vulnerable adults, terrorism or money laundering.

Changes to the GDPR agreement:

  • I will notify you of changes I may make to this privacy policy in the future.

Consent to the GDPR agreement:

  • By using my counselling services, you agree to the terms of this agreement and consent to the collection, use, and storage of your personal information as outlined above. You have the right to withdraw your consent at any time.

Last Reviewed: This policy was last reviewed on 05/2025.