top of page

Privacy Notice 2025

Your privacy is very important to me. You can be confident that any personal information you share will be kept safe, secure, and used only for the purposes for which it was given.

​

I comply with the General Data Protection Regulation (EU/2016/679) (GDPR), the UK Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

​

This privacy notice explains how I collect, use, store, and protect your personal information throughout our contact — from your first enquiry to after your therapy ends.

​

1. Who I Am

Data Controller: Umaa (Counsellor and Therapist)
ICO Registration: ZA648353
Contact Email: umaa.counsellor@gmail.com

As the data controller, I am responsible for ensuring your personal data is handled in accordance with UK data protection laws.

​

2. What Personal Data I Collect

When you contact me or access therapy, I may collect:

  • Name

  • Email address

  • Phone number

  • GP details

  • Emergency contact (if required)

 

During therapy, I will also take one worded brief notes of our sessions and may collect any additional information you choose to share, which may include sensitive (special category) data related to your health or wellbeing.

​

3. Lawful Basis for Processing

Depending on your stage of contact, I rely on the following lawful bases under GDPR:

  • Contract: If you are currently receiving therapy or have arranged sessions, I process your data as part of our therapeutic agreement.

  • Legitimate Interest: If you have completed therapy, I may retain limited records for legal and professional obligations.

  • Special Category Data: Information related to health is processed as necessary for providing health treatment (counselling), under a contract with a health professional (me).​

​

4. Confidentiality and Safeguarding

Everything you share in therapy is confidential. I would only break confidentiality if:

  • You are at serious risk of harming yourself or someone else

  • You disclose a risk involving a child or vulnerable adult

  • I am required to do so by law

  • Where possible, I will always aim to discuss this with you first.

​

5. How Your Data is Stored and Protected

I take the security of your data seriously. I use the following measures:

  • Paper records (e.g., session notes) are stored in a locked filing cabinet in a secure home office.

  • Electronic data (emails, scanned forms) is stored on encrypted, password-protected devices.

  • Text messages are not retained longer than one month unless relevant; if important, they are saved securely.

  • Emails not relevant to ongoing therapy are deleted within one month.

I do not store client data in the cloud unless via a secure, GDPR-compliant provider.

​

6. How Long I Keep Your Data

  • Enquiries that do not result in therapy: Deleted within 1 month

  • Current clients: Data retained during the duration of therapy

  • After therapy ends: Records are kept for 7 years (or in line with guidance from your professional body or insurer), then securely destroyed.

You can request early deletion of your data at any time, unless legally or ethically required to retain it.

​

7. Sharing of Data with Third Parties

In general, I do not share your information with any third party.

The only exceptions may include:

  • Technology providers (e.g., Wix, Beehiiv) used to support my website or newsletter

  • Legal or safeguarding obligations

  • If I contract with another professional (e.g., accountant, web assistant), they are bound by strict confidentiality and data protection terms

 

8. Your Rights

Under data protection law, you have the right to:

  • Access the personal data I hold about you

  • Request corrections to inaccurate information

  • Ask for your data to be deleted (unless legally required to retain it)

  • Restrict or object to how your data is processed

  • Receive a copy of your data in a portable format

To exercise any of these rights, please email me at: umaa.counsellor@gmail.com.

If you’re not satisfied with how your data has been handled, you can contact the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint

​

9. Newsletter and Email Marketing (Beehiiv)

If you sign up for my newsletter to receive updates about workshops, events, or therapeutic resources, I will collect your name and email address through Beehiiv, my email service provider.

  • This data is separate from therapy records.

  • I use explicit consent as the lawful basis for sending newsletters.

  • You can unsubscribe at any time using the link in any email.

Beehiiv’s servers may be located outside the UK. They are committed to data security and GDPR-aligned practices.
Read Beehiiv’s privacy policy here: https://www.beehiiv.com/privacy

​

10. Website and Cookies (Wix)

My website is hosted by Wix. When you visit the site:

  • Standard visitor data (e.g. browser type, time of visit) is collected to analyse site performance.

  • This data is anonymised and not used to identify you.

  • If you fill out a form, that information is stored temporarily by Wix before being sent to me.

Wix uses cookies. For more information, see:

 

11. Contact

If you have any questions about this notice or your data, please feel free to contact me:

📧 Email: umaa.counsellor@gmail.com

bottom of page