top of page

Privacy Policy

A legal disclaimer

I am the data controller responsible for your personal data. I am registered with the Information Commissioner's Office (ICO), registration reference: ZB855654

This privacy policy explains what personal data I collect, how I use it, where I store it, and your rights under GDPR.

What Personal Data Do I Collect?

When you first contact me:

  • Name, email address, phone number, brief details of your enquiry

When you become a client:

  • Full name, date of birth, contact details

  • GP name and contact details

  • Emergency contact information

During therapy:

  • Brief session notes

  • Email and text correspondence

  • Appointment records

Why Do I Collect This Data?

  • To provide you with effective therapy

  • To manage appointments and communicate with you

  • To ensure your safety and wellbeing

  • To comply with professional standards (COSRT guidelines)

  • To discuss your case in clinical supervision (your identity is protected)

  • To maintain accurate records in line with insurance requirements

How Do I Store Your Data?

Digital storage:

  • Encrypted Dell computer (password-protected)

  • Encrypted external hard drive backup

  • iPhone (Face ID and PIN-protected)

  • iCloud email and calendar (password-protected)

Online platforms:

  • Google Meet / Microsoft Teams(for remote sessions only - no data stored after sessions)

Security: All devices are stored securely and protected by encryption and passwords.

Data Sharing

I will not share your data without your consent, except when:

Required by law: Risk of serious harm, safeguarding concerns, court orders

Clinical supervision: Your case may be discussed (anonymously - first name/initials only)

Third-party services: iCloud (email/calendar), Microsoft Teams/Google Meet (video sessions), website analytics.

All third-party services are GDPR-compliant.

Wherever possible, serious concerns will be discussed with you before any breach of confidentiality.

How Long Do I Keep Your Data?

Session notes: 7 years after therapy ends (COSRT guidelines)

Initial enquiry information: Deleted when therapy ends or if you don't proceed

All data: Permanently deleted after 7 years

Your Rights

You have the right to:

  1. Access your data - Request a copy of the data I hold about you

  2. Rectification - Correct inaccurate or incomplete data

  3. Erasure - Request deletion (subject to legal retention requirements)

  4. Data portability - Receive your data in a portable format

  5. Object - Object to processing in certain circumstances

  6. Complain - Lodge a complaint with the ICO or COSRT

To exercise any of these rights, contact me in writing. I will respond within one month.

Subject Access Requests

To request a copy of your data, please submit your request in writing. Each request will be considered individually in consultation with my professional body and insurers. There is no charge unless the request is excessive or unfounded.

Data Breaches

In the unlikely event of a data breach:

  • I will report it to the ICO within 72 hours if there is a risk to your rights

  • I will notify you directly if there is a high risk

  • I will keep a record of all breaches and actions taken

Website Cookies

My website uses cookies and analytics (e.g., Google Analytics) to understand visitor behaviour and improve the website. You can control cookies through your browser settings.

Complaints

If you are unhappy with how I handle your data, you can complain to:

Information Commissioner's Office (ICO)

Tel: 0303 123 1113 | Website: www.ico.org.uk

College of Sexual and Relationship Therapists (COSRT)

Website: www.cosrt.org.uk

Contact Me

If you have questions about this privacy policy:

Email: hilton.counselling@gmail.com

Last updated: March 2026

This privacy policy complies with the General Data Protection Regulation (GDPR) and UK data protection laws.

bottom of page