Privacy policy
Richard Greenwood Counselling client privacy notice
Updated: 7th November 2025
This privacy notice tells you what to expect us to do with your personal information.
· What information we collect, use, and why
· Lawful bases and data protection rights
· Where we get personal information from
· How long we keep information
Contact details
Telephone
07938185598
contact@richardgreenwoodcounselling.co.uk
What information we collect, use, and why
We collect or use the following information to provide client care:
· Name, address and contact details
· Emergency contact details
· Health information (including medical conditions, allergies, medical requirements and medical history)
· Information about care needs (including disabilities, home conditions, medication and dietary requirements and general care provisions)
We collect or use the following information for safeguarding or public protection reasons:
· Name, address and contact details
· Emergency contact details
· Health information (including medical conditions, allergies, medical requirements and medical history)
· Information about care needs (including disabilities, home conditions, dietary requirements and general care provisions)
· Records of meetings and decisions
· General Practitioner's address and telephone number
We also collect the following special category information for safeguarding or public protection reasons. This information is subject to additional protection due to its sensitive nature:
· Health information
· General Practitioner’s address and telephone number
Lawful bases and data protection rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
· Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
Read more about the right of access.
· Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
Read more about the right to rectification.
· Your right to erasure - You have the right to ask us to delete your personal information.
Read more about the right to erasure.
· Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.
Read more about the right to restriction of processing.
· Your right to object to processing - You have the right to object to the processing of your personal data.
Read more about the right to object to processing.
· Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
Read more about the right to data portability.
· Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.
Read more about the right to withdraw consent.
Requesting data:
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for the collection and use of your data
Our lawful bases for collecting or using personal information to provide client care are:
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Our lawful bases for collecting or using personal information for safeguarding or public protection reasons are:
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Where we get personal information from
· Directly from you
How long we keep information
· Adequate Information will be stored for 7 years in line with GDPR and Insurance purposes.
Duty of confidentiality
We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:
· you’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses);
· we have a legal requirement (including court orders) to collect, share or use the data;
· on a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime)
Third party recipients of personal data
I sometimes share personal data with third parties, for example, where I have contracted with a supplier to carry out specific tasks. In such cases I have carefully selected which partners I work with. I take great care to ensure that I have a contract with the third party that states what they are allowed to do with the data I share with them. I ensure that they do not use your information in any way other than the task for which they have been contracted. The third parties are as follows, and each third party has a link to their data processing agreements:
>Google meet – I may use Google meet for video messaging to conduct therapy sessions.
“To help ensure data security and privacy, Meet supports the following encryption measures:
• All data in Meet is encrypted in transit by default between the client and Google for video meetings on a web browser, on the Meet Android and Apple® iOS® apps, and in meeting rooms with Google meeting room hardware.
• Meet adheres to Internet Engineering Task Force (IETF) security standards for Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Google Cloud (which offers Meet) does not use customer data for advertising. Google Cloud does not sell customer data to third parties.
• Customer data is encrypted in transit and Meet recordings stored in Google Drive are encrypted at rest by default.
• Meet does not have user attention-tracking features or software.
• Google does not store video, audio, or chat data unless a meeting participant initiates a recording during the Meet session.
• Compliance—Our products, including Meet, regularly undergo independent verification of their security, privacy, and compliance controls, achieving certifications, attestations of compliance, or audit reports against standards around the world.”
Google Meet Security & Privacy for users - Google Meet Help
> Zoom – I may use Zoom for video messaging to conduct therapy sessions.
“Zoom employees do not access or use Customer Content including meeting, webinar, messaging, or email content (specifically, audio, video, files, in-meeting whiteboards, messaging, or email contents), or any content generated or shared as part of other collaborative features (such as out-of-meeting whiteboards), unless authorized by the account owner hosting the Zoom product or service where the Customer Content was generated, or as required for legal, safety, security or support reasons.”
Zoom Privacy Statement | Zoom
> Google Analytics/Squarespace – are plug ins used in the maintenance and hosting of this website.
> Supervisors – I have supervision to ensure the quality, ethics, and safety of my clinical work which is an ethical requirement of my accrediting body. I do not disclose identifiable details of my clients in supervision other than first name, and mostly use supervision to focus on my process with clients. My supervisors uphold the same level of confidentiality as me and have their own data processing agreements.
> Balens Limited– provide my personal indemnity insurance. I need to contact them if a claim is brought against me with details of the claim.
> Microsoft 365 –MS Word and Excel which I use for monitoring, logs, and invoicing.
> Information Commissioning Office – I will notify them if I breach confidential information but not pass across your information
>Referral Agencies – If you have been referred by an agency, they may require me to send certain information to them according to their individual privacy policy. I am happy to discuss this in more detail. For example, Balens may require invoices for sessions and details in the event of a complaint
> Further Training – If I am undertaking further training, they sometimes require information for course completion. If this arises, I will discuss this with you and seek consent. Likewise, I am working towards accreditation with the British Association for Counselling and Psychotherapy which requires client and supervision logs as well as some information on my learnings.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113