Privacy Statement
This Privacy Policy explains how I use and protect any information that you give me when you use my Counselling & Psychotherapy Service. For the purpose of the General Data Protection Regulations (GDPR), the data controller is Eva Horton.
In accordance with the guidelines for Data Protection, I only collect personal information that is necessary for the service I provide and destroy this information when it is no longer needed. I am committed to ensuring that your privacy is protected. If you provide me with information which could identify you, it will only be used in accordance with this privacy policy.
Only I have access to this information, however, in the event that I became unable to continue working and wasn’t able to contact my clients, my clinical executor has instructions to gain access to my clients' contact details in order to make contact with them. They will not be able to gain access to any other information, such as client notes.
​
Reasons for collecting data
To keep a record of the clients I am seeing
To effectively communicate with clients by email and phone
To make notes on sessions according to my professional body
​
Steps taken to secure data
• Electronic hardware is used exclusively by me
• E-communication platforms have the encryption and security available.
• Passwords and virus protection software are used on all electronic devices. Whilst I endeavor to keep our systems and communications
protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus-free.
​ • Paper information is in a locked or restricted area that only I have access to
• Any correspondence sent to me by letter, email, text or phone is deleted when no longer needed
Confidentiality Agreement
When using this service, the content of what you share with me will be kept confidential in all cases except where there is significant risk of harm to self or others. I have an ethical and legal obligation to disclose information to a third party in certain instances as part of my Safeguarding Policy and duty of care to service users and the general public. Wherever possible, such as when a disclosure is going to be made, I would discuss this with you first. I will be receiving individual and group supervision for the work that I do. The purpose of this is to ensure best practice. Any identifying details, such as your full name or address, will not be disclosed in my supervision sessions.
Information I may collect
You may give me information such as your name, address phone number and email address, by telling me, filling in forms and corresponding with me. If you access therapy sessions with me, I also make brief records of what we discuss in these sessions. This is a professional requirement of my membership with the National Counselling and Psychotherapy Society (NCPS).
Disclosure of your information
Any information that I hold about you is held in confidence. I have a legal obligation to disclose information regarding terrorism, money laundering, drug trafficking, radicalisation and when requested by a court of law. I also have a professional and an ethical obligation in the case of safeguarding children, young people, and adults with care or support needs.
Access to information
You can request access to the information that I hold about you. This is called a Subject Access Request (SAR). I will provide this information when lawfully permitted to do so. You may request amendments to any personal information that is inaccurate or out-of-date.
Disposal of information
In accordance with professional guidelines, I safely and securely dispose of client records 7 years after our work ends, except where I have a legal obligation to keep the information for longer. If I am incapacitated and unable to work or in the event of my death, clients will be contacted by my professional executor. Client records will then be unavailable and deleted.
I am registered with the Information Commissioner’s Office (ICO). Registration number: ZC040074.
​
Last updated: November 2025