top of page
trans, friendly, Counselling, therapy, UK, man, woman, non-binary, queer, bi, bisexual, online counselling, online therapy, intersectional, neurodivergent, Autistic, Autism, ADHD, DID, intersection, AuDHD, kink, stress, depression

Privacy Notice
January 2025

I am based in the UK and governed by UK jurisdiction.

Counselling Professional Body


I follow the Codes of Ethics and Practice of the British Association of Counselling & Psychotherapy (“BACP”). A copy of the code can be accessed here: https://www.bacp.co.uk/events-and-resources/ethics-and-standards/ethical-framework-for-the-counselling-professions/ 
 


Client personal information GDPR


Your personal information is stored securely and confidentially, either electronically, using codes with password protection or in paper format which is stored in a locked cabinet, coded for protection. The data collected is used to enable effective communication during the therapeutic process, it is used in a safe and ethical manner in accordance with the BACP Ethical Framework and the EU General Data Protection Regulations (GDPR) 2018. I will only store any personal information which is relevant to our therapeutic relationship.
 


Confidentiality


I have a legal obligation to break confidentiality in compliance with a court order, drug trafficking, money laundering or acts of terrorism. You may choose to give me the contact details of a trusted person in your life to contact should the need arise. This could be a friend, partner, family member etc. Your GP details are provided so I can get in touch if needed. From time to time I will discuss our work with my clinical supervisor. This is standard practice for psychotherapists at all levels of experience and it supports me to work as well as I can with you. My clinical supervisor is bound by the same confidential and ethical practice as I am.

Personal information I hold
You have the right to know what personal information I hold, why I hold it, how it is stored, who has access to it, and for how long I hold it. I will keep the following personal information so that I can work safely and professionally with you, in line with the guidelines of the BACP.


  1. Your name, address, pronouns, phone number, email address, trusted person and GP details: I receive this information password protected digitally from you. Only I will see this. I will print this information, which will be kept in a locked filing cabinet. A unique client code will be assigned and used to identify you (removing your name from the document(s). I will delete the digital copy. I may store your telephone number/address/ GP details password protected on my Macintosh computer, if I practice away from my main site. I will delete emails once I have read them, unless necessary to keep for a period of time (examples could be if I am on holiday or sick and unable to check emails). I may add what I perceive as relevant information from emails to your clinical notes for our therapeutic work. I may access emails on my mobile phone which is locked with a passcode (and has finger print i.d. used on occasion but not exclusively) when I am not using it. Your email address is held in my Protonmail account, which is 2-factor authentication (password and Authy app). When reading or writing emails on my Macintosh computer, I use a password to be able to access it. I will keep your personal information for five years. After that time it will be destroyed. This is required by my professional liability insurer and by my professional organisation (BACP).

  2. Clinical session notes: May include, although not exclusively, dates and times of attendance, cancellations, brief notes on themes from the session. I do not keep detailed session notes. I keep these brief session notes in hardcopy which is store in a locked filing cabinet. I may reflect on my own experience, which is confidential to me. Your name or other identifying details are not kept with your session notes; only your client code is used (see 1). Notes are used to remind me of important points I want to be sure to remember and/or to discuss in supervision. The notes will be destroyed five years after our work finishes. Only I will see this information.

  3. Sharing and receiving of documents via email: Please password protect documents sent between us. Email 1.) send the document(s) in an email attachment password protected. Email 2.) Send me the password(s) for the document(s) separate from the email containing the documents. Do not send me the password protected documents and passwords in the same email. As an additional security measure, please do not title email subjects to me with words such as ‘therapy’ or ‘counselling’. You may choose to use more generic subjects such as, ‘inquiry', ‘information request’ etc. TIP: If you need support to understand how to password protect documents you can find this information via a search engine using terminology or words like ‘how to password protect a Word document’ (as example).

  4. Therapeutic email/instant messaging work: Anything written by myself within these therapeutic email/instant messaging exchanges is considered confidential to me. I require you to not share my writings with anyone, or on any type of platform online, in hard copy or any other format. This is a requirement for us to work in these sessions. By engaging in them you are consenting to this. I do not store these therapeutic exchanges, I will make clinical notes as per point 2. You will send me your therapeutic emails via a Protonmail account (encrypted and free service): https://account.proton.me/mail/signup?plan=free&ref=mail_plus_intro-mailpricing-2

  5. Payment information and invoices: I may make a note of payments you have made and invoices on a financial spreadsheet for my private practice and also in my paper diary. Your unique client reference code is used (as per point 1). Bank statements will show the name on account if you pay by bank transfer. I am required by law to retain certain financial information for tax purposes.  I keep financial information for 7 years as required by HMRC. Payment by BACS will be processed by my bank, transactions may be viewed by employees of the bank, tax HMRC and/or my accountant. When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. Please discuss alternative payment options with me if you need. Any other payment platforms used, please access their privacy information directly.

  6. My emails, texts (SMS) and WhatsApp messages to you, and yours to me: I may delete emails/texts/WhatsApp messages after I have noted the contents. Electronic correspondence will also be held by the corresponding application (Protonmail, Phone’s SMS, WhatsApp as examples). I may keep emails/texts/WhatsApp messages if I consider them necessary to our work. I may add them to your clinical notes.

  7. Online voice/video/instant messaging: You may choose to work with me online with voice/video/instant message, where we will use Zoom, a cloud platform using mobile devices. We may use Signal which is end-to-end encrypted, as is Zoom. Please check directly on their terms of services from time to time as they may make updates to their polices. I will not record any of our work using Zoom, Signal or any other recording systems and require you do not either.

  8. iCloud: I use a Macintosh computer, which uses iCloud, a cloud storage and cloud computing service from Apple Inc. iCloud provides the means to wireless back up iOS devices directly to iCloud. Please access their privacy information directly should you need.

  9. Website: My Wix website does not contain any personal information about clients. If you choose to make contact with me on my 'Get in Touch' page this is via 'Wix Forms' 1.) an automated message is sent by Wix with the Form content to my Wix message Inbox. 2.) an automated email from Wix with its content is sent to my Proton email account. I will delete this Wix Form message manually after reading it in my email/Wix inbox account. Please do not include personal and/or sensitive information in the Wix Form as an additional privacy/security measure. Wix automatically collects the contact details of the person filling the in Form if provided. I will delete this information collected by Wix manually when the message is read by myself.

  10. Client feedback/testimonials: Sent to me via my Wix website is confidential unless you tick the box consenting for me to use your client feedback/testimonial (please note the same processes as website/Wix Forms is used, as per point 9 above). Your name is not requested in the form and will not be used in any type of promotional materials. I will print this Form, storing as hardcopy if you consent to my using this information provided anonymously for promotional purposes. Promotional purposes may include (although not exclusively), publishing on my website and advertisements, both online and other. If you do not consent, the Form will be deleted and not used for any promotional materials. It will be used exclusively for my own understanding and learning.

  11. I use a personal mobile phone and may have my voicemail switched on. Please consider this in the information you leave in the voice message. All messages will be played and deleted daily, except during holiday or sick periods. Voicemails are accessed via a private PIN code.

  12. Whilst I make efforts to protect your data there may be incidents that occur which are out of my control.


Your Rights under GDPR:

To be informed what personal information I hold.
To see the personal information I hold about you (free of charge for the initial request).
To rectify any inaccurate or incomplete personal information.
To withdraw consent to me using your personal information.
To request your personal information be erased. Though I can decline if the information is needed for me to practice lawfully and competently.
To receive the personal information which you previously provided, and the right to transfer that information to another party.

Data Controller
For the purposes of the General Personal information Protection Regulations (GDPR) 2018, the personal information “controller” is Noosh Manduk-Cheyne. If you have any other questions regarding how your therapy client personal information GDPR is processed and handled, please do not hesitate to discuss with me.

The ICO website: https://ico.org.uk/
My ICO registration number: ZA545048

This notice may be updated from time to time, please check my website for updates.

bottom of page