Privacy Policy

Last updated: 20th June 2026

Introduction

This Privacy Notice explains how I collect, use, store and protect your personal information when you contact me, enquire about counselling, or engage in counselling services.

I am committed to protecting your privacy and handling your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Data (Use and Access) Act 2025.

Data Controller

If you have any questions about this policy or how we handle your data, please contact:
Louise Medhurst

Refresh Counselling & Psychotherapy

louise@refresh-counselling.co.uk

07973 287 424

The Eaves, Parklands, 3 Paris, Railton Road, Guildford Surrey GU2 9JX

ICO Registration Number: ZA642321

For the purposes of data protection law, I am the Data Controller of your personal information.

What Information I Collect

I may collect and process the following information:

Enquiries

When you contact me through my website, email, telephone or contact form, I may collect:

  • Name

  • Email address

  • Telephone number

  • Details of your enquiry

  • ·Client Information

If we begin counselling work together, I may collect:

  • Contact details

  • Date of birth

  • Emergency contact details

  • GP details (where appropriate)

  • Assessment information

  • Session notes

  • Risk assessments

  • Appointment records

  • Correspondence

  • Payment records

Special Category Data

As counselling involves discussing personal experiences and wellbeing, I may process special category data including information relating to:

  • Physical health

  • Mental health

  • Emotional wellbeing

  • Relationships

  • Family circumstances

  • Religious or spiritual beliefs

  • Sexual orientation

  • Ethnicity

  • Other sensitive personal information you choose to share

Why I Process Your Information

I process personal information in order to:

  • Respond to enquiries

  • Assess suitability for counselling

  • Arrange and manage appointments

  • Provide counselling services

  • Maintain clinical records

  • Ensure safe and ethical practice

  • Undertake professional supervision

  • Meet safeguarding responsibilities

  • Manage payments and administration

  • Comply with legal and professional obligations

Lawful Basis for Processing

Under UK GDPR, my lawful bases for processing are:

  • Enquiries

  • Legitimate Interests

  • To respond to requests for information and potential counselling services.

  • Provision of Counselling

  • Performance of a Contract

  • To provide counselling services requested by you.

  • Legitimate Interests

  • To maintain appropriate professional records and safely manage therapeutic work

Special Category Data

I process special category data under the provisions relating to counselling, health and social care, and safeguarding where applicable.

Confidentiality

Everything discussed within counselling is treated confidentially.

However, confidentiality may be broken where:

  • There is a serious risk of harm to yourself or another person.

  • There are safeguarding concerns relating to a child or vulnerable adult.

  • Disclosure is required by law or court order.

  • Information is necessary to prevent serious crime.

  • Disclosure of terrorist activity.

  • Disclosure of money laundering.

  • Professional ethical obligations require consultation.

Where possible, I will discuss any disclosure with you first.

Professional Supervision

As required by the NCPS Code of Ethics and professional good practice, I attend regular supervision.

Information discussed in supervision is anonymised wherever possible and shared only to support safe and effective practice.

How Your Information Is Stored

Client records are stored securely using:

  • Password-protected electronic systems

  • Secure email systems

  • Locked storage for any paper records

I use WriteUpp as my practice management system to securely store and manage client information.

WriteUpp acts as a data processor on my behalf and processes information in accordance with its contractual and data protection obligations.

I take reasonable technical and organisational measures to protect your information against loss, misuse, unauthorised access, disclosure or alteration.

Sharing Information

I will not sell or share your information for marketing purposes.

Information may be shared only where necessary with:

  • My clinical supervisor (anonymised wherever possible)

  • Professional indemnity insurers

  • Accountants or bookkeepers (financial information only)

  • Legal advisers

  • Emergency services

  • Safeguarding agencies

  • Courts where legally required

Only information necessary for the specific purpose will be disclosed.

International Transfers

Some technology providers may process information outside the United Kingdom.

Where this occurs, appropriate safeguards will be in place in accordance with UK data protection law.

Retention of Records

I retain information only for as long as necessary.

Typical retention periods are:

  • Initial enquiries that do not become clients: up to 12 months

  • Adult client records: 7 years after counselling ends

  • Financial records: 6 years after the end of the relevant tax year

  • Child and young person records: until the client’s 25th birthday, or longer where required by law or professional guidance

Records are securely deleted or destroyed when no longer required.

Your Rights

Under UK data protection law you have the right to:

  • Be informed about how your information is used

  • Access your personal information

  • Request correction of inaccurate information

  • Request erasure in certain circumstances

  • Restrict processing in certain circumstances

  • Object to processing in certain circumstances

  • Request data portability where applicable

  • Challenge certain automated decisions

To exercise any of these rights, please contact me using the details above.

Data Protection Complaints Procedure

If you have concerns about how I have handled your personal information, you have the right to make a data protection complaint directly to me.

You can do this by:

Emailing: louise@refresh-counselling.co.uk                

Writing to: 223 High Street, Old Woking, Woking Surrey GU22 9JH

Please include:

Your name
Contact details
Details of your concern
Any relevant supporting information

I will:

Acknowledge receipt of your complaint within 30 days;
Investigate the matter appropriately and proportionately;
Respond without undue delay; and
Inform you of the outcome of my investigation.

If you remain dissatisfied after receiving my response, you may complain to the Information Commissioner’s Office (ICO).

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

Website Use and Cookies

My website may use essential cookies required for the operation and security of the site.

If analytics tools are used, they collect anonymous information about website usage to help improve the website.

You can control cookies through your browser settings or by using the pop-up menu that appears the first time you visit the site.

Further information about cookies can be provided on request.

Changes to This Privacy Notice

I may update this Privacy Notice from time to time to reflect changes in legal, regulatory or professional requirements.

The most recent version will always be available on my website.