top of page

GDPR policy

Vanessa Black – All Therapy

The collection and storage of personal information:


In accordance with the General Data Protection Regulation (GDPR) 2018, which regulates how personal information is collected, stored and shared, I (Vanessa Black) am registered with the Information Commissioners Office (ICO); I am responsible for the handling and processing of all data/information related to my business, All Therapy.  Any person accessing All Therapy services (referred to as the client below) is requested to read and consent to this GDPR policy. 


Please feel free to contact me with any questions you may have.     


Personal information I collect:

  • Name and date of birth – how you would like to be known and how old you are

  • Address – where you are currently living

  • Telephone number – permission to call and leave messages

  • E-mail address – permission to email

  • Online address – permission to call and leave messages should you wish to meet via video

  • Medical, background and assessment information

  • GP details and an emergency contact – in the event of a medical emergency


How I store and utilise personal information in my business:


Mobile phone:  my mobile phone is used solely by me and is password protected. 

Laptop computer:  my laptop is used solely by me and is password protected.

Paper documents:

  • Registration details, case sheet and session notes

  • Working agreement and GDPR agreement


Any initial case sheet that you complete and bring with you or send via email is printed out and allocated a reference code, your name is not on this document.  Any session notes I make are anonymised and allocated the reference code, your name is not on these documents.  Client’s names and contact and registration details are kept separate from case sheets and session notes.  All paperwork is stored in a lockable cabinet that is only accessible to me, or in the event of my death or incapacitation, my therapeutic executor (please see below). 




How I may process / share personal information:

Consultation - As a practitioner registered with the British Association for Counselling and Psychotherapy, I am ethically required to have clinical supervision.  Supervision supports, upholds and enhances best practice and professional standards, ultimately for the safety and well-being of the client.  Supervision is a confidential process, however, to augment privacy and confidentiality, I do not share client names or identifying features in supervision.   

Therapeutic will - In the event of my death or incapacitation secure access to client contact details would be transferred to a therapeutic executor who would assume data control.  The purpose of the transfer would be to ensure clients could be contacted and informed of the situation and support offered.  In the event of my death, client information and any session notes would be destroyed by the therapeutic executor.

Emergencies - I would seek client consent before sharing any information, however, if there was a serious risk to a person’s life/health, I may share some information with emergency/medical services, without client consent being given.  Practitioners are legally bound to share certain information with an authority, for example, terrorist activity, money laundering, drug trafficking and when information is requested by a court of law.    

Deleting information - I keep client data/information for up 7 years after the work has ended, it is then deleted/destroyed.     


Your rights   


You have the right to:

  • Be informed about how and why your information is held (this document).

  • Request to see any information held about you (please allow 30 days).

  • Withdraw consent to any information being used/held (although this may mean it is no longer possible to access counselling).

  • Request personal details to be changed, corrected, completed or erased (original case sheets and session notes need to be retained for legal reasons).



bottom of page