top of page

Privacy Policy

​

Privacy Policy

1. Introduction

This Privacy Policy explains how personal data is collected, used, stored, and protected when you engage with my counselling services or visit this website. I am committed to safeguarding your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy should be read alongside any consent forms or client agreements provided as part of the counselling process.

2. Data Controller

The data controller is:

Tamsin Ferrara-Mather – Adaptive Steps Counselling
Email: tamsin@adaptivestepscounselling.com
 

If you have any questions about this policy or how your data is handled, you may contact me using the details above.

3. Personal Data Collected

I may collect and process the following types of personal data:

a) General Enquiries

  • Name

  • Email address

  • Telephone number

  • Any information you choose to include in your enquiry

b) Counselling Clients

  • Name, address, email address, and telephone number

  • Date of birth

  • Emergency contact details

  • GP details (if provided)

  • Session notes and records

  • Information relating to your physical or mental health

Health information is classified as special category data under UK GDPR and is handled with particular care.

 

c) Website Use

  • IP address

  • Browser type and version

  • Pages visited and time spent on the website

(This information is typically collected via cookies or analytics tools, if used.)

4. How Personal Data Is Used

Your personal data is used for the following purposes:

  • To respond to enquiries

  • To provide counselling services

  • To arrange and manage appointments

  • To maintain accurate client records

  • To meet professional, ethical, and legal obligations

  • To improve the website and services (where applicable)

Your data will not be used for marketing purposes without your explicit consent.

5. Lawful Basis for Processing

Under UK GDPR, the lawful bases for processing your personal data include:

  • Consent – where you have given clear, informed consent

  • Contract – where processing is necessary for the counselling agreement

  • Legal obligation – where processing is required by law (e.g. safeguarding)

  • Legitimate interests – where processing is necessary for the safe and effective provision of counselling services, in line with professional standards

Special category data (including mental and physical health information) is processed on the basis of explicit consentand for the purpose of providing health-related support, in accordance with Article 9(2)(h) UK GDPR and the BACP Ethical Framework.

6. Data Storage and Security

Reasonable steps are taken to protect your personal data from loss, misuse, unauthorised access, or disclosure. This includes:

  • Secure storage of paper records

  • Password-protected and encrypted digital files

  • Limiting access to personal data to authorised persons only

Personal data is stored only for as long as necessary and in line with professional and legal requirements.

 

7. Data Retention

Client records are retained in line with BACP Ethical Framework and professional indemnity insurance requirements.

  • Counselling records are normally retained for at least 7 years after the end of therapy.

  • Where the client was under 18 at the end of therapy, records are retained until the client reaches 25 years of age.

After the retention period, records are securely destroyed in a manner that preserves confidentiality.

Enquiry data that does not lead to counselling is retained for up to 12 months and then securely deleted.

8. Sharing of Personal Data

Confidentiality is a fundamental part of counselling practice and is managed in accordance with the BACP Ethical Framework.

Your personal data will not be shared without your consent except in the following circumstances:

  • Where there is a serious risk of harm to you or to others

  • Where there are safeguarding concerns involving children or vulnerable adults

  • Where disclosure is required by law, court order, or statutory obligation

  • Where information is required by my professional body, clinical supervisor, or professional indemnity insurer (shared only where necessary and anonymised wherever possible)

Any disclosure will be limited to the minimum information necessary and, where appropriate, discussed with you in advance.

9. Your Rights

In line with UK GDPR and BACP guidance, you have the right to:

  • Access the personal data held about you

  • Request correction of inaccurate or incomplete data

  • Request erasure of your data (where this does not conflict with legal or ethical obligations)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time (where processing is based on consent)

  • Raise concerns about how your data is handled

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Information about data protection rights is available at: https://ico.org.uk

10. Cookies

This website [uses / does not use] cookies.

If cookies are used, they may be used to:

  • Ensure the website functions correctly

  • Collect anonymous usage statistics

You can manage or disable cookies through your browser settings.

11. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. The most recent version will always be published on this website.

Last updated: [January 2026]

bottom of page