Effective date: 28.09.2025

At Clarus Counselling and Wellbeing (“Clarus”, “we”, “our”, “us”), your privacy is central to the trust between counsellor and client. We are committed to respecting and protecting your personal information in line with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and guidance from the Information Commissioner’s Office (ICO) and the British Association for Counselling and Psychotherapy (BACP).

This policy explains what data we collect, how we use it, how it is stored, your rights, and what you can do if you have concerns.

1. Who we are:

Clarus Counselling and Wellbeing is an independent practice founded by Claire Hinton (MBACP), providing counselling, workshops, and wellbeing services. Clarus Counselling and Wellbeing is registered with the ICO as a data controller.

2. What information we collect:

We collect and process personal information that is necessary for providing safe, effective counselling and related services. This may include:

• Identity data: your name, date of birth, gender, contact details.
• Health and wellbeing data: information you share in sessions that relates to your emotional, psychological, or physical health.
• Administrative data: records of appointments, payments, invoices.
• Website data: limited technical information such as cookies (see section 8).

We only collect information that is relevant and proportionate for our work together.

3. Why we collect and use your information:

Your data is used strictly for professional purposes, including:

• To provide counselling and wellbeing services to you.
• To arrange, schedule, and manage your sessions.
• To keep records in line with professional, ethical, and legal obligations.
• To respond to enquiries, complaints, or safeguarding concerns.
• To meet legal requirements, such as record keeping, safeguarding, or financial regulations.

We will not use your personal information for marketing unless you have explicitly consented.

4. Legal basis for processing:

Under GDPR, Clarus processes your personal data under the following lawful bases:

• Contract: providing counselling services as agreed with you.
• Legal obligation: retaining certain records (e.g. financial/tax information).
• Vital interests: sharing information where necessary to protect you or others from serious harm.
• Consent: where you have given clear consent (e.g. for specific communications).

5. Confidentiality and sharing of data:

Everything shared in counselling is treated as strictly confidential. Information may only be shared in limited circumstances:

• With your consent: if you request or agree for information to be shared (e.g. with your GP).
• Supervision: anonymised discussion with a qualified clinical supervisor, as required by the BACP Ethical Framework.
• Legal and safeguarding obligations: where there is risk of serious harm to you or others, disclosure of abuse, acts of terrorism, or court orders.
• Service providers: limited data (e.g. payment processors, IT systems) for administrative purposes, all GDPR-compliant.

We never sell your data or share it for commercial gain.

6. How your data is stored and secured:

• Client notes are kept securely in encrypted electronic files.
• Personal data is stored separately from session notes.
• Any paper records (if used) are locked securely.
• Computers and devices are password-protected, with up-to-date security software.

7. Data retention:

• Counselling records: retained for up to 7 years after the end of our work together (in line with insurance and professional body requirements).
• Financial records: retained for at least 6 years for HMRC purposes.
• After these periods, all records are securely deleted or destroyed.

8. Cookies and website use:

Our website may use cookies, small files placed on your device to help improve your browsing experience (e.g. remembering preferences, monitoring traffic). You can disable cookies in your browser settings.

We do not use cookies to collect sensitive personal data.

9. Your rights:

Under GDPR, you have the following rights:

• To access a copy of the personal data we hold about you.
• To request corrections if information is inaccurate.
• To request erasure of your data (in certain circumstances).
• To restrict or object to processing of your data.
• To request transfer of your data (data portability).
• To withdraw consent at any time (where consent was the legal basis).

Requests can be made by contacting hello@claruscounselling.co.uk. We will respond within 30 days.

10. Data breaches:

If there is a data breach that risks your rights or freedoms, Clarus Counselling and Wellbeing will notify both you and the ICO within 72 hours, in line with GDPR requirements.

11. Complaints:

If you have concerns about how your data is handled, please contact Clarus Counselling and Wellbeing at hello@claruscounselling.co.uk

If unresolved, you have the right to raise a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

12. Updates to this policy:

We may update this Privacy Policy from time to time. Updates will be posted on the Clarus Counselling and Wellbeing website, and where significant changes are made, we will notify you directly.

For questions about this policy, please contact: hello@claruscounselling.co.uk