Privacy Policy

Last updated: 10/04/2026

1. Introduction
Welcome to Rebecca Wilkinson Counselling (“I”, “Me” “My”). Your privacy is fundamental to me. This Privacy Policy explains how I collect, use, share and protect your personal data, in line with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.
This notice covers:
  • Who I am and how to contact me
  • What personal data I collect and why
  • My lawful bases for processing
  • How and with whom I share your data
  • How long I keep it
  • Your rights and how to exercise them
  • How I secure your information
  • Use of cookies on my website
 
2. Data Controller
Name: Rebecca Wilkinson Counselling
Responsible person: Rebecca Wilkinson
ICO registration no: ZB889860
Email: hello@rebeccawilkinsoncounselling.co.uk
 
3. Personal Data I Collect
a) Client & Therapy Records
  • Identity & contact details (name, address, email, phone)
  • Referral information (e.g. GP or other professional notes)
  • Clinical notes, session records, risk assessments, safeguarding disclosures
b) Website & Marketing
  • Enquiry form data (name, email, phone, message)
  • Cookies and analytics (IP address, pages visited, time spent)
4. Lawful Bases for Processing
  • Contractual necessity: to arrange and deliver counselling sessions.
  • Legal obligation: to comply with clinical record-keeping, safeguarding and tax rules.
  • Legitimate interests: for website maintenance, service improvements and marketing (you can object at any time).
  • Explicit consent: before sending newsletters or non-essential cookies.

Special category data (sensitive health information) is processed under Article 9(2)(h) GDPR (provision of health or social care).

5. How I Use Your Data
Purpose
  • To arrange appointments, respond to enquiries and deliver therapy
  • To keep accurate clinical records and notes, manage safeguarding concerns
  • To send administrative communications (appointment reminders, invoices)
  • To evaluate and improve my services and website usability

If you decide not to proceed with therapy, I’ll delete your initial enquiry data within 30 days unless you ask me to keep it longer.
 
6. Sharing & Disclosing Your Data
I’ll never sell your data. I may share it with:
  • Approved processors under data-processing agreements (e.g. our web host if using the contact form, practice-management software, JotForm for online forms).
  • Professional advisers/regulators(e.g. my accountant, ICO, HMRC) if legally required.
  • Safeguarding bodies(e.g. children or adult services) if there’s a risk to you or others.
 
Before sharing, I ensure all third parties meet strict security and confidentiality standards.
 
7. International Transfers
All personal data is stored and processed within the UK or EEA. If I ever transfer data elsewhere, I ensure adequate safeguards are in place (e.g. Standard Contractual Clauses).
 
8. Data Retention
Enquiry data: deleted within 30 days if no therapy takes place.
Active therapy records: kept securely for the duration of our contract.
Closed therapy records: retained for 5 years (adult clients) or until a client’s 25th birthday (for minors), then securely destroyed.
Website analytics: aggregated data retained for up to 26 months.
 
9. Your Rights
Under GDPR you have the right to:
  • Access your data and receive a copy
  • Rectify inaccurate information
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Withdraw consent at any time (for cookies or marketing)
  • Portability of your data in a structured format
To exercise any right or ask questions, email me at:
hello@rebeccawilkinsoncounselling.co.uk

If you’re unhappy with my response, you can lodge a complaint with the ICO: https://ico.org.uk/concerns..

10. Security Measures
I take appropriate technical and organisational measures, including:
  • Encrypted devices and back-ups
  • Secure, password-protected practice-management software
  • Locked filing cabinets for any paper records
  • Regular software updates and antivirus protection
 
11. Cookies & Website Tracking
  • My site uses:
  • Essential cookies for basic functionality (session-based, no consent needed).
  • Analytics cookies(e.g. Google Analytics) to understand site usage. We only place these with your consent via our cookie banner. You can withdraw consent at any time by deleting cookies or adjusting your browser settings.
 
12. Changes to This Policy
I may update this policy occasionally (e.g. when regulations change). The “Last updated” date at the top will reflect significant revisions. Please check back periodically.
Zoomed-in sage green leaf divider