Privacy Policy
Coruscate Counselling Privacy Policy
Last updated 24/05/25
This privacy notice tells you what to expect, in terms of what I do with your personal information. The following policy is specific to my therapy practice and covers any initial contact and subsequent work we may do together.
For external sites associated with this website, please see the following site-specific privacy policies:
VSee video platform (individual therapy) - VSee privacy policy
Zoom video platform (community groups) - Zoom privacy policy
Group bookings via Ticket Tailor - Ticket Tailor privacy policy
Donations via Ko-Fi - Ko-fi privacy policy
Contact Information
Email: hello@coruscatecounselling.com
General Information
My practice is registered and fully compliant with the Information Commissioner's Office to ensure data privacy. I am a registered Data Controller and abide by the regulations imposed by such procedures.
My ICO registration number is: ZA767371
What data do I collect from you and why?
The data I request from you includes your contact information, your date of birth and the details of your GP or named contact. This information ensures I am working with people aged 18+ and ensures I have address details in case of a medical emergency during a session (this is particularly important for online work, so that I know where to direct an ambulance if needed). Please note that I will always discuss with you before contacting your GP or named contact. This information is stored using encryption and password protection, to ensure confidentiality.
What information do I record from our sessions?
I take very brief notes after each session of the general themes that have come up. I don’t include identifying information and notes are saved under a reference number, rather than a name. Under GDPR regulations, you are entitled to see any notes kept on you. Please allow 48hrs notice when requesting client notes.
I may also make what are called ‘process notes’. These notes are my own self-reflection on my practice, exploring things that might come up for me personally, in the work, and do not refer to or identify specific clients. These notes are for my personal use, although I may use them as a prompt for supervision. As such, these process notes are not covered by GDPR regulations.
How long do I keep your data?
I keep your personal data for a minimum period of 5 years, and/or 3 years after our work together has ended. This is in line with both BACP guidance, and the requirements of my insurance provider. After this time, I dispose of all identifiable data in line with GDPR requirements, using secure deletion software.
Who do I share your data with?
I do not actively share your data with third parties. As detailed above, I do collect your address details in case you have a medical emergency during an online session, and I need to arrange an ambulance.
However, I am required to adhere to the following codes of confidentiality, as part of my professional practice and legal requirements under UK law:
I may be legally bound to break confidentiality if clients are at serious risk of harm to themselves or to others. In such cases I would aim to discuss this with you first, so that we can navigate a plan together. This does not mean that you cannot discuss self-harm or suicidal thoughts in our sessions, but if I feel you are at serious risk, we will explore this in the session and agree a way forward together. This may involve seeking your consent to contact your GP, or other named contact.
There are certain other situations where I cannot maintain confidentiality. These circumstances include:
Where I am legally compelled by a court of law.
Where statutory law requires me to inform the relevant authorities (such as terrorist activities aimed at causing physical harm, drug trafficking, or abuse of a child or vulnerable adult).
If you are located outside of the UK, there may be additional legal requirements around confidentiality. Where these apply, it may be useful to make yourself aware of these prior to our work together, to make choices about what you bring to therapy.
Coronavirus clause: In the event of a situation like COVID19, the NHS may require a list of contacts for contact-tracing, should I become infected. If we are working in person at that time, I would be obligated to provide your contact details in that instance but please be assured that I would not disclose the nature of the relationship.
Supervision
All UK-based counsellors are required to be in monthly supervision, where they talk about their work with an experienced counselling supervisor. This process acts as a safeguard, ensuring that the counsellor is working in a safe and competent manner. Any issues I take to my supervisor/s are discussed in a way which preserves client anonymity. My supervisor/s details are available on request.
How I store your data
All material relating to client work is stored electronically, both on my main laptop and as a back-up on an external hard drive. Both devices use encryption and password protection and are stored in a locked cabinet when not in use.
I use a premium service encrypted password manager to ensure all electronic and online data is managed safely and securely.
I use the Clinical Will platform, where my chosen Clinical Trustees have remote access to my appointment schedule and basic client contact details, to enable them to contact clients in the event of an emergency, and I am incapacitated. Only basic information is stored here, my Clinical Trustees have no access to my notes or information about the work we do together. You can learn more about Clinical Will security policies here. I currently have two Clinical Trustees, both of whom are registered therapists who work to the same level of confidentiality as I do, are covered by insurance, and abide by the Ethical Framework of their own Membership Body. Clinical Trustee details are available on request.
For email communication I use Protonmail, which is an open source, encrypted email service (please note that ‘end-to-end’ encryption is only available where you are also using an encrypted email provider).
I use Two-Factor Authentication on all online platforms.
Insurance
I am fully insured with Holistic Insurance Services for Counselling & Psychotherapy. You can learn more about Holistic Insurance here.
This policy provides cover to work with clients worldwide. However, please note that this policy is subject to Scottish Law with the Exclusive Jurisdiction of the Courts of Scotland.
What this means for you, as a client, is that any claim you might make, must be brought to a UK court, for the policy to respond to the claim.
Disclosure and PVG
I hold a current PVG certificate, allowing me to work with vulnerable adults.
Complaints
I am always willing to hear any feedback you may have, during our work together, and it is always ok to tell me if my approach isn’t working for you. However, you are also legally entitled to access formal complaint procedures with my Membership Body, BACP. Please know that I fully support your right to pursue a formal complaints process.
The formal complaint procedure for BACP can be found at the complaints page of the BACP website.
If you are unhappy with how I have used your data, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
