Counselling by Nicola Stewart



Counselling by Nicola Stewart


As BACP accredited counsellor I follow ‘The Ethical Framework for the Counselling Professions’ which commits members to ‘respect our clients’ privacy and dignity’ (Good Practice, point 21). Client confidentiality and the prevention of unauthorised disclosure of information that could identify a client is therefore an obligation for all practitioners.


In light of the General Data Protection Regulation (GDPR), which came into force on 25th May 2018. I have prepared this statement for my clients, as their contractor.  This statement sets out how I handle the information of my clients.   I am registered with the ICO.



Description of processing


The following is a broad description of the way I process your personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices that I may have provided.



Reasons/purposes for processing information


I process personal information to enable me to provide mental health counselling, to advertise my services, to maintain my records.    



Type/classes of information processed


I process information relevant to the above reasons/purposes. This information may include:

  • personal details

  • family, lifestyle and social circumstances

  • employment and education details



I also process sensitive classes of information that may include:


  • physical or mental health details

  • racial or ethnic origin

  • religious or other beliefs of a similar nature


Who the information is processed about 


I process personal information about my

  • clients

  • suppliers

  • business contacts

  • professional advisers



Who the information may be shared with


I sometimes need to share the personal information I process with the individual them self and also with other organisations. This is only done with explicit consent.  The only exception to this is if I feel my client is at risk of significant harm and I have a duty of care to share this concern with the relevant body.  Where this is necessary I am required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations I may need to share some of the personal information I process with for one or more reasons.


Where necessary or required I may share information with:

  • healthcare professionals

  • social and welfare organisations 

  • central government

  • business associates

  • service providers

  • Local Safeguarding Children Board

  • educators



On termination of my contract I will:


  • return all information pertaining to the contract services

  • destroy electronic files relating to client records



I confirm I am fully responsible for:


  • making sure I comply with the Data Protection Act

  • being trained in how to handle personal information

  • When collecting personal information, I tell people how I will use it

  • Having a process in place so I can respond to requests for the personal information I hold (with the exception of client notes, which are subject to confidentiality)

  • Keep records of people's personal information up to date and don't keep it longer than necessary (6 years after termination of contract)

  • I have measures in place to keep the personal data I hold safe and secure.




Working with children


When working with children my privacy notices are clear, and presented in plain, age-appropriate language.


I use child friendly ways of presenting privacy information, such as: diagrams, cartoons, graphics and videos, dashboards, layered and just-in-time notices, icons and symbols.


I explain to parents that the information I collect will enable me to offer counselling services to children and why I require the personal data I have asked for.  I will never share this data with a third party unless the child is considered at risk, in this case I will share this information with the school's Designated Safeguarding Lead (DSL).  This is explained to parents and children at the start of our work together.  Data collected regarding a child referred for counselling will be held at the child's school in a secure environment and not shared with any other party without explicit consent of parents.



My website


The contact page of my website collects the enquirers email address and enquiry type. This information is emailed to me and I will respond to enquiry.  I will not pass your contact details to any third party.  This website is hosted by Wix.com - see their privacy statement here.



Links to other websites


My website contains links to other websites run by other organisations. This privacy policy applies only to my website‚ so I encourage you to read the privacy statements on the other websites you visit. I cannot be responsible for the privacy policies and practices of other sites even if you access them using links from this website.



Payments for services are made through a third party company 'Stripe' - their privacy policy can be viewed here.


Calendar bookings

Appointments are booked using a third party company 'Calendly' - their privacy policy can be viewed here.


Web based meetings / training / counselling

Web based on-line sessions are hosted via a third party company Zoom - their privacy policy can be viewed here.



Review of this Policy


I keep this Policy under regular review. This Policy was last updated in December 2021.



d374-ico logo