Last Updated: 1/6/2026
I, Catherine Clare Diacono, am the Data Controller responsible for your personal information.
ICO Registration Number: C1911725
Email: clare@counsellingbath.uk
To provide counselling services, I may collect:
Personal information, including your name, date of birth, address, email address, and telephone number.
Emergency contact and GP details.
Information relating to your mental and physical health.
Anonymised clinical notes relating to our counselling sessions.
Payment and invoicing information.
Information you provide when contacting me through my website, email, or telephone.
During counselling, you may choose to share other sensitive personal information. I do not routinely collect or record such information unless it is relevant to the therapeutic work.
I use your information to:
Provide counselling services.
Maintain clinical records.
Arrange appointments and communicate with you.
Process payments.
Meet legal, professional, and insurance requirements.
Protect your safety where there is a serious risk of harm.
Under UK GDPR, I process your information under:
Article 6(1)(b) – Contract, where processing is necessary to provide counselling services.
Article 6(1)(c) – Legal Obligation, where required by law.
Article 6(1)(d) – Vital Interests, where necessary to protect life or prevent serious harm.
Article 9(2)(h) – Provision of Health or Therapeutic Services, for information relating to your mental and physical health.
Information shared within counselling is treated as confidential.
Information will only be shared where:
There is a serious risk of harm to yourself or another person.
There are safeguarding concerns involving a child or vulnerable adult.
Disclosure is required by law or court order.
Information is discussed anonymously in professional supervision.
I may also use trusted service providers, such as email, video conferencing, cloud storage, or accounting providers, who process data securely on my behalf. Where these providers process data outside the UK, appropriate safeguards (such as standard contractual clauses) are enforced to protect your privacy.
I take appropriate technical and organisational measures to protect your information.
Clinical notes are anonymised using a coding system. Identifying information is stored separately from clinical records. Written records are kept in a secure, locked filing cabinet. Electronic data is kept on password-protected and biometrically secured devices.
Online counselling sessions are conducted through secure encrypted platforms and are not recorded.
Counselling records are retained for seven years following the end of therapy.
Financial records are retained in accordance with HMRC requirements.
At the end of the retention period, records permanently deleted or written records are shredded.
Under UK GDPR, you have rights in relation to your personal information, including the right to access your data, request correction of inaccurate information, and, in certain circumstances, request that processing be restricted or that data be erased.
To exercise any of your rights, please contact me using the details provided above.
You also have the right to make a complaint to the Information Commissioner's Office (ICO).
If you have any concerns about how your information is handled, please contact me first.
You also have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk.
This Privacy Policy may be updated from time to time. The latest version will always be available on this website.