Privacy Notice


General Data Protection Regulation (GDPR) is concerned with the personal information about you that I collect, store, and share. In accordance with GDPR, this privacy notice will inform you of what data I collect, why I need it, where I store it and how I destroy it.

My name is Beth Whiting, and I am registered with the Information Commissioner’s Office (ICO) as a Data Controller. Registration number: ZB318982. Data controller is the term used to describe the person that collects, stores, and has personal responsibility for people’s personal data.

The type of personal information I collect and why

Initial contact

When you contact me to enquire about my counselling service, I will collect information to help me satisfy your enquiry. This will include: your name, your telephone number, and your email address.

If you decide to continue with me after your first session, I will ask you to read and sign our counselling agreement and to complete a ‘contact details’ form providing me with the following personal information:

This information helps me to provide a counselling service to you and to help that service run smoothly.

I ask for your GP details to use if I felt there was an immediate and real risk to you or somebody else. If you were unable to call your GP, I may need to call them on your behalf.

This information helps me to work safely with you and may help if you were to become unwell during a session and needed medical care. It may also be relevant information for me to be aware of as part of the process of meeting for your therapy sessions.

In an emergency where you became unwell or had an accident during a session with me, I would contact your emergency contact if you have provided one.

If you choose not to continue with me after your first session, I will delete our counselling agreement form and your contact details form within 1 month.

During your first session I will complete a form in discussion with you requesting the following information:

I ask if you have received counselling before and what might have felt helpful or unhelpful. This can help us to decide the type of counselling approach you are looking for and whether I work in a way that can be a good fit for you.

I will keep notes of each session which are stored electronically on my personal computer which is password protected. Your notes are kept in an encrypted and password protected drive and are not shared with anyone unless I am required by law.

How I may use or share your personal information

While you are accessing counselling with me.

The content of your sessions is confidential unless I feel there is an immediate and real risk to you or somebody else, where I may need to involve your GP or another professional. I would try to discuss this with you beforehand if possible.

If I become aware of your involvement in any acts of terrorism, drugs trafficking or money laundering, I am legally required to inform the police.

I receive regular supervision from an experienced psychotherapy supervisor. This allows me to discuss client work to help protect and ensure the best interests of my clients. Your full identity is not disclosed in these sessions.

I will not share notes of your sessions unless I am legally required to do so.

Your name and contact details will be shared with my clinical executor who is a psychotherapy colleague. I have a clinical will which ensures that you will be contacted by my executor in the event of my death, serious illness or accident should you still be in therapy with me.

After your counselling has ended your counselling agreement, the form which I complete in your first session, and notes of sessions will be kept by me for 7 years from the end of our contact with each other. After 7 years I will securely delete these records.

I will not retain text messages, WhatsApp messages or emails once we finish working together unless they contain something important; in which case I shall print the message and rescan it so it can be stored electronically. I will shred the paper copy immediately. I will not retain your contact details form, and this will be securely deleted.

My lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data:

If you are currently in contact with me to consider therapy or are having therapy with me, I will process your personal data where it is necessary for the performance of our contract.

If you have ended your therapy with me, I will use legitimate interest as my lawful basis for holding and using your personal information.

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information.’ The lawful basis for me processing any special categories of personal information is that it is for provision for health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).

How I store your personal information

Personal Computer

The following documents and personal information are stored on my personal computer in encrypted drives and are password protected:

Your contact details, counselling agreement, first session form and session notes are stored under a unique code. Your contact details and counselling agreement are kept separately from your first session form and session notes. My client list is kept entirely separately.

Your first name, contact preference and corresponding contact details are stored in an encrypted document held on Microsoft Onedrive which can be accessed with a password by my clinical executor in the event of my death, sudden illness, or accident.

Personal tablet

My personal tablet is password protected.

Mobile smartphone

My mobile phone is used purely for my counselling work and is secured with a passcode.

Data backups

All the above electronic devices are backed up to a mixture of my UK based hosting provider, Microsoft One Drive and Google Drive. These backups are encrypted, and password protected.

Your data protection rights

Your right of access

You have the right to ask me for copies of your personal information (free of charge for the initial request).

Your right to rectification

You have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.

Your right to erasure

You have the right to ask me to erase your personal information in certain circumstances. I can refuse to do this whilst the information is needed for me to practice lawfully and competently.

Your right to restriction of processing

You have the right to ask me to restrict the processing of your personal information in certain circumstances.

If you make a request, I have 1 month to respond to you.

Please contact me at if you wish to make a request.

How to complain

If you have any concerns about my use of your personal information, you can make a complaint to me at

You can also complain to the ICO if you are unhappy with how I have used your data:

Information Commissioner’s Office
Wycliffe House
Water Lane
Helpline number: 0303 123 1113
ICO website:

I may amend this Privacy Notice without notice to you, in which case a copy is always available upon request at or by viewing it on my website