Privacy Notice

The Ash Counselling Ltd is committed to protecting your personal data in line with the UK GDPR and the Data Protection Act 2018.

1. Who we are

The Ash Counselling Ltd is the data controller for the personal information we collect and process. We are committed to protecting your privacy and ensuring your personal data is handled safely and securely.

2. What information we collect

We may collect and process the following personal data:

• Contact information (name, email, phone number, address)
• GP information and medical details relevant to counselling
• Emergency contact details
• Session notes and therapeutic records
• Payment and billing information
• Communication records with our service

3. How we use your information

We use your personal data for:

• Providing counselling and therapeutic services
• Booking and managing appointments
• Processing payments
• Maintaining therapeutic records
• Ensuring duty of care and safeguarding
• Professional supervision requirements
• Responding to complaints or concerns

4. Legal basis for processing

We process your data under the following legal bases:

• Consent: For non-essential communications and marketing
• Contract: To provide counselling services you've requested
• Legal obligation: For safeguarding and professional requirements
• Vital interests: To protect health and safety in emergencies

5. Data sharing and disclosure

We may share your information only when:

• Required by law or court order
• Necessary for safeguarding purposes
• For professional supervision (anonymized where possible)
• With your explicit consent
• To protect vital interests in emergency situations

6. Data retention

We retain your personal data for:

• Therapeutic records: 7 years after last contact (as per professional guidelines)
• Financial records: 6 years for tax and accounting purposes
• Communication records: 3 years unless part of therapeutic record

7. Your rights

Under UK GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal requirements)
• Restrict processing: Limit how we use your data
• Data portability: Transfer your data to another provider
• Object: Object to processing for direct marketing
• Withdraw consent: Where consent is the legal basis

8. Data security

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted data transmission and storage
• Access controls and user authentication
• Regular security assessments
• Staff training on data protection
• Secure destruction of data when no longer needed

9. Contact us

For any data protection queries or to exercise your rights, contact us at: