Eleni Henderson MBACP (Accred.)
Counselling & Psychotherapy

Eleni Henderson MBACP (Accred.) Counselling & PsychotherapyEleni Henderson MBACP (Accred.) Counselling & PsychotherapyEleni Henderson MBACP (Accred.) Counselling & Psychotherapy
  • Home
  • About Me
  • About Therapy
  • Contact
  • FAQ
  • More
    • Home
    • About Me
    • About Therapy
    • Contact
    • FAQ

Eleni Henderson MBACP (Accred.)
Counselling & Psychotherapy

Eleni Henderson MBACP (Accred.) Counselling & PsychotherapyEleni Henderson MBACP (Accred.) Counselling & PsychotherapyEleni Henderson MBACP (Accred.) Counselling & Psychotherapy
  • Home
  • About Me
  • About Therapy
  • Contact
  • FAQ

Counselling Privacy Policy

I am committed to protecting your privacy and handling your personal data in a lawful, transparent and secure way. This privacy policy explains how I collect, store and use your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant professional and ethical obligations.


As a therapist, I am also bound by the ethical framework of the British Association for Counselling and Psychotherapy (BACP), which includes responsibilities around confidentiality, record-keeping and safeguarding.


I am registered with the Information Commissioner’s Office (ICO) as a data controller.


What Information I Collect


When you contact me or engage in therapy, I may collect and process the following personal information:


· Name

· Address

· Date of birth

· Email address

· Telephone number

· Emergency contact details

· GP details

· Relevant medical information

· Current medication

· Mental health history

· Family and relationship information

· Sexuality, gender identity and pronouns (where you choose to provide this)

· Substance use history

· Session notes and clinical observations

· Invoices and payment records


I may also collect information through my website contact form when you make an enquiry.

If you contact me but do not proceed with therapy, I may still retain relevant correspondence and assessment information in accordance with my retention policy.


Why I Collect Your Data


I collect and use your data for the purpose of:


· Responding to enquiries

· Assessing suitability for therapy

· Providing counselling and psychotherapy

· Maintaining clinical records

· Managing appointments

· Communicating with you about sessions

· Invoicing and receiving payment

· Risk management and safeguarding

· Professional supervision

· Legal, ethical and insurance obligations


Lawful Basis for Processing


Under UK GDPR, the lawful basis for processing your personal data is:


Article 6:

· Contractual necessity (to provide therapy)

· Legitimate interests (to run my practice safely and effectively)


Because therapy records may contain health-related and other sensitive personal information, I also process special category data under:


Article 9:

· Article 9(2)(h): provision of health or social care

· Where necessary, I may also rely on:

· Article 9(2)(f): establishment, exercise or defence of legal claims

· Article 9(2)(c): protecting vital interests where there is serious risk of harm


How Your Information Is Stored


Client records are stored electronically on a password-protected laptop. Access is restricted to me except where explicitly outlined in this policy.


Client records, documents and contact details may also be securely stored and synchronised via Apple iCloud. This allows continuity of access and secure backup of clinical records and administrative information.


I use Google Workspace for email communication and Google Meet for online sessions. Each online session uses a unique meeting code created specifically for that client.


I may also communicate with clients via SMS text message or WhatsApp where appropriate for practical purposes such as arranging or amending appointments.


Reasonable steps are taken to ensure all systems, devices and records remain secure and confidential.


Confidentiality and When Information May Be Shared


Everything discussed in therapy is treated confidentially. However, there are some circumstances where confidentiality may need to be broken.


This may include:

· Where there is serious risk of harm to yourself

· Where there is serious risk of harm to others

· Safeguarding concerns involving children or vulnerable adults

· Legal obligations, including court orders

· Prevention or detection of serious crime


Where possible, I will aim to discuss this with you first.


If I believe there is serious risk, I may contact your GP, or relevant services without your consent where necessary to protect life or safety. Wherever possible, I will inform you if I am doing so.


Professional Supervision


As part of ethical practice, I attend regular clinical supervision.


Client material may be discussed in supervision to support safe and effective practice. This is anonymised wherever possible, and identifying details are removed unless clinically necessary.


Therapy Will


In the event of my death or incapacity, I have a professional therapy will in place.

This means a trusted therapist colleague holds limited access to essential client contact information so they can inform clients and support the appropriate ending of therapy.


This information may include:

· Name

· Address

· Email address

· Date of birth

· GP details


This information is stored securely, password-protected, and is accessible only by that therapist for this purpose. Copies may be held securely within their protected email account and on a password-protected device.


Retention of Records


In accordance with professional, legal and insurance requirements, I retain client records for 7 years after therapy ends.


This includes:

· Enquiry forms

· Assessment information

· Clinical notes

· Correspondence

· Payment records


If a prospective client does not proceed to therapy, any personal information provided during the enquiry or assessment stage may still be retained for up to 7 years in accordance with my insurance requirements.


After the relevant retention period, records are securely destroyed.


Retention may be extended where there is a legal, safeguarding or insurance requirement.


Subject Access Requests


You have the right to request access to the personal data I hold about you. Requests should be made in writing.


I will respond within one calendar month unless the request is complex, in which case I will inform you of any extension.


There is usually no fee for this unless the request is manifestly unfounded or excessive.


Some information may be withheld where legal exemptions apply, where third-party confidentiality would be breached, or where disclosure may cause serious harm.


Your Rights


Under UK GDPR, you have the right to:


· Access your personal data

· Request correction of inaccurate data

· Request restriction of processing

· Request erasure of your data (where legally applicable)

· Object to processing in certain circumstances

· Request data portability where applicable

· Lodge a complaint


Please note that the right to erasure does not override my legal, ethical or insurance obligations to retain certain records.


Website Cookies and Third Parties


My website is hosted and managed through GoDaddy, which acts as my website hosting provider, domain registrar and website builder.


When you use my website, GoDaddy may process limited technical information such as IP addresses, browser information and website usage data for security, hosting and website functionality purposes.


My website may also use cookies and security tools to improve website function and protect against spam or misuse.


I also use Google services, including Google Workspace for email communication and Google Meet for online sessions.


These third-party providers may process limited personal data in accordance with their own privacy policies and data protection obligations.


International Data Transfers


Some third-party providers I use may process or store data outside the United Kingdom.

Where this happens, I take reasonable steps to ensure appropriate safeguards are in place in accordance with UK GDPR to protect your personal information. This may include relying on adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms where appropriate.


Use of Artificial Intelligence (AI)


At present, I do not use artificial intelligence (AI) tools to process, store, analyse or generate client material.


Should this change in future, any use of AI in connection with client data will be carefully considered to ensure compliance with UK GDPR, professional ethical standards, and confidentiality requirements.


This would include ensuring that any third-party AI provider operates under appropriate data protection safeguards and does not use client information for training or any unauthorised purpose.


Clients will be informed of any significant changes to how their data is processed through updates to this privacy policy.


Complaints About Data Use


If you have concerns about how your personal information is handled, you can contact me directly in the first instance.


I aim to acknowledge data protection complaints within 30 days and respond without undue delay.


If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO).


Contact

If you have any questions about this privacy policy or your personal data, please contact:

E. Henderson Counselling

eleni@ehendersoncounselling.com  

Information Commissioner’s Office (ICO): www.ico.org.uk

ICO Registration Number: ZA841027


Copyright © 2026 Eleni Henderson Therapy Practice - All Rights Reserved.

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept