Your privacy is important to me. You can be confident that your personal information will be kept safe and secure and will only be used for the purpose for which it was provided.

I comply with current UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This Privacy Notice explains:

  • Why I collect and process your personal information

  • The lawful basis for processing your information

  • Whether you are required to provide personal information

  • How long I keep your information

  • Who your information may be shared with

  • Whether your information is transferred outside the UK

  • Whether automated decision-making is used

  • Your rights regarding your personal information

If you have any questions about this Privacy Notice, please contact me using the details below.

Data Controller:

The data controller is: Kitty Medlicott Counselling

ICO Registration Number: ZB846875

Telephone: 07984 638772

Email: kittymedlicottcounselling@gmail.com

Website: www.kittymedlicottcounselling.co.uk

  1. Lawful Basis for Processing Personal Information

Under UK GDPR, I must have a lawful basis for collecting and processing your personal information.

If you are making an enquiry

When you contact me regarding counselling services, I process your information under the lawful basis of legitimate interests, so that I can respond to your enquiry and determine whether my services are appropriate for your needs.

If you are a counselling client

If you enter into a counselling agreement with me, I process your personal information because it is necessary for the performance of a contract between us.

Special Category Data

Information relating to your physical or mental health is classified as special category data under UK GDPR.

The lawful basis for processing this information is:

  • Article 6(1)(b) UK GDPR – Performance of a contract.

  • Article 9(2)(h) UK GDPR – Provision of health care or treatment.

  1. How I Use Your Information

Initial Enquiry

When you contact me to enquire about counselling, I may collect:

  • Your name

  • Telephone number

  • Email address

  • Brief information about your reason for seeking counselling

  • Enquiry type (in person, online or other)

If you decide not to proceed with counselling, your information will be deleted within 3 months of our last contact unless I am legally required to retain it.

You may request earlier deletion of your information at any time.

During Counselling

Everything discussed during counselling is treated as confidential.

Confidentiality will only be broken where:

  • There is a serious risk of harm to you or another person;

  • There are safeguarding concerns involving a child or vulnerable adult;

  • I am required to do so by law or court order;

  • Disclosure is necessary to prevent serious crime.

Where possible, I will discuss any proposed disclosure with you first.

Client Records

I keep a record of:

  • Your contact details

  • Appointment information

  • Assessment information

  • Counselling notes

Electronic records are stored on password-protected and encrypted devices.

Paper records, where applicable, are stored in a locked cabinet accessible only to me.

Session Notes

Brief clinical notes are kept after each session to support safe and effective counselling practice.

These notes are stored securely and are not shared with third parties unless legally required.

Email and Text Messages

Emails and text messages are used primarily for arranging appointments and administrative purposes.

Text messages are deleted within 30 days unless they contain clinically relevant information that needs to be retained within your client record.

Emails are deleted within 12 months unless they form part of your client record.

After Counselling Ends

Client records are retained for 7 years following the end of counselling.

This retention period reflects professional practice recommendations and allows for legal, insurance, and professional obligations.

At the end of the retention period, records are securely destroyed.

3.Sharing Your Information

I do not sell, rent, or trade your personal information.

Your information may be shared only when necessary, including with:

  • Clinical supervisors (anonymised wherever possible)

  • Professional indemnity insurers

  • Legal or regulatory bodies where required by law

  • IT or administrative service providers who support my practice

Any third-party service provider used by me is required to comply with data protection legislation and process your information securely.

4.International Transfers

I do not routinely transfer your personal information outside the United Kingdom.

If I use a service provider whose servers are located outside the UK, I will ensure appropriate safeguards are in place in accordance with UK GDPR.

5.Automated Decision-Making

I do not use automated decision-making or profiling when processing your personal information.

6.Your Rights

Under UK GDPR, you have the right to:

  • Access your personal information

  • Request correction of inaccurate information

  • Request erasure of your information in certain circumstances

  • Restrict processing of your information

  • Object to processing where applicable

  • Request transfer of your information to another provider where appropriate

  • Withdraw consent where consent is the basis for processing

Please note that some rights may be limited where I am required to retain information for legal, professional, safeguarding, or insurance purposes.

To exercise any of your rights, please contact me at:

kittymedlicottcounselling@gmail.com

7.Making a Complaint

If you have concerns about how I handle your personal information, please contact me first so that I can try to resolve the issue. You can contactme via my website, or by email at kittymedlicottcounselling@gmail.com and I will respond within 30 days.

You also have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://ico.org.uk/make-a-complaint

8.Data Security

I take the security of your personal information seriously.

Measures I use include:

  • Password-protected devices

  • Encryption where appropriate

  • Secure email systems

  • Locked filing cabinets for paper records

  • Secure disposal of confidential records

  • Regular software and security updates

9.Website Privacy Information

Website Visitors

When you visit my website, I may collect standard internet log information and visitor behaviour data through website analytics services such as Squarespace and Google Analytics.

This information helps me understand how visitors use the website and improve its performance.

The information collected does not normally identify individual visitors.

My lawful basis for this processing is legitimate interests.

You can read the privacy policies of 

  1. Squarespace here: https://www.squarespace.com/privacy

  2. Google here: https://policies.google.com/privacy

Cookies

My website uses cookies to improve functionality and user experience.

Further information about cookies can be found in my Cookie Policy:

https://www.kittymedlicottcounselling.co.uk/cookie-policy

Contact Forms

If you submit information through a website contact form, your information will be securely transmitted to me and used solely to respond to your enquiry.

Privacy Notice Last Updated: June 2026

Close-up of a dark gray or black surface with slight texture and irregular shape

Privacy Policy