Privacy policy

Last reviewed: June 2026

Next review due: June 2027

Introduction

Your privacy is important to me. This Privacy Notice explains how I collect, use, store and protect your personal information when you contact me or engage in counselling services.

I am committed to handling your personal information lawfully, fairly and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and my professional obligations as a Registered Member of the British Association for Counselling and Psychotherapy (BACP).

Data Controller

Gemma Capocci Counselling & Psychotherapy

Website: www.gemmacapoccicounselling.com

Email: hello@gemmacapoccicounselling.com

ICO Reference Number: C1352299

I am the Data Controller responsible for deciding how your personal information is collected, stored and used.

Professional Membership

I am a Registered Member of the British Association for Counselling and Psychotherapy (BACP) and work in accordance with the BACP Ethical Framework for the Counselling Professions.

Part of my professional responsibility includes maintaining appropriate records, protecting client confidentiality and attending regular clinical supervision.

What Information I Collect If You Contact Me

If you contact me by telephone, email, text message or through my website contact form, I may collect:

·      Your name

·      Telephone number

·      Email address

·      Preferred method of contact

·      Information you choose to provide about your reasons for seeking counselling

Information submitted through the website contact form will be used solely for the purpose of responding to your enquiry.

If We Begin Working Together

If counselling begins, I may collect:

·      Personal and contact details

·      Emergency contact information

·      GP details (where relevant and provided)

·      Information relating to your health, wellbeing and personal circumstances

·      Assessment information

·      Brief counselling records and session notes

·      Appointment and attendance information

·      Correspondence between us

·      Payment information

Some of this information is classified as sensitive personal information (known as Special Category Data) because it relates to health and wellbeing.

As counselling is provided online, I may request emergency contact details and, where appropriate, GP details. This information would only be used where there is a serious concern regarding your safety or the safety of another person and it becomes necessary to seek support or assistance.

Why I Collect Your Information

I collect and use personal information to:

·      Respond to enquiries

·      Arrange appointments

·      Assess whether counselling is appropriate for your needs

·      Provide counselling services

·      Maintain professional records

·      Meet professional and ethical requirements

·      Manage payments and accounting records

·      Protect clients and others where safeguarding concerns arise

·      Comply with legal obligations

Lawful Bases for Processing

Under UK GDPR, I process personal information using the following lawful bases:

Contract

Where counselling services are provided, processing is necessary for the performance of our contract and the delivery of therapy.

Legitimate Interests

I may process information where necessary for the legitimate interests of operating a safe and effective counselling practice. This includes responding to enquiries, maintaining records, engaging in supervision and managing appointments.

Legal Obligation

Certain information may be processed where required to comply with legal, safeguarding, insurance, tax or regulatory obligations.

Special Category Data

As a therapist, I process sensitive personal information relating to health and wellbeing where necessary to provide counselling services and fulfil my professional responsibilities.

Confidentiality

Confidentiality is a fundamental part of the therapeutic relationship.

Information shared during counselling will not normally be disclosed to anyone outside the therapeutic relationship without your knowledge and consent.

There are, however, some exceptional circumstances where information may need to be shared. These include:

·      Where there is a serious risk of harm to yourself or another person

·      Where there are safeguarding concerns involving a child or vulnerable adult

·      Where disclosure is required by law or court order

·      Where there is a legal obligation to prevent or report serious crime

·      For professional supervision purposes

·      Where necessary to protect the vital interests of an individual

Where possible, I will discuss any necessary disclosure with you before taking action.

Professional Supervision

As required by the BACP Ethical Framework, I attend regular clinical supervision to support safe, ethical and effective practice.

During supervision, aspects of client work may be discussed. Wherever possible, identifying information is minimised or removed. My supervisor is also bound by professional confidentiality and data protection obligations.

The purpose of supervision is to support the quality and safety of the counselling service I provide.

Online Counselling

Counselling sessions are conducted online using Zoom.

Sessions are not recorded by me.

Online counselling requires the use of internet-based technology. While reasonable steps are taken to ensure confidentiality and security, no internet-based communication can be guaranteed to be completely secure.

Clients are encouraged to access sessions from a private location and to use secure internet connections wherever possible.

Before commencing therapy, clients will be provided with information about how online sessions are conducted, including arrangements for managing technical difficulties, confidentiality, emergency contacts and safeguarding concerns.

Appointments and Scheduling

I use Calendly to enable clients to view availability and book appointments online.

When using Calendly, your name, email address and appointment information will be processed in order to arrange counselling sessions.

Clients are not required to use Calendly. Alternative arrangements for booking appointments can be made where appropriate.

Record Keeping

I keep brief professional records that are relevant to the counselling process and the safe provision of therapy.

Client records and contact information are stored securely using password-protected systems and secure cloud storage.

I use Google Drive to store client records and practice administration documents. Appropriate security measures are used to help protect personal information from unauthorised access, loss, misuse or disclosure.

Access to client information is restricted to me unless disclosure is required by law, safeguarding responsibilities, professional obligations or ethical necessity.

Records are retained in accordance with my retention policy and securely destroyed when no longer required.

Service Providers

To support the operation of my practice, I use carefully selected third-party service providers, including:

·      Squarespace (website hosting and contact forms)

·      Calendly (appointment scheduling)

·      Microsoft Outlook and Microsoft 365 (email communication)

·      Zoom (online counselling sessions)

·      Google Drive (secure storage of client records and practice administration)

These organisations process personal information only as necessary to provide their services and are required to maintain appropriate security and data protection standards.

International Transfers

Some of the service providers I use, including Google, Microsoft, Zoom and Calendly, may process personal information outside the United Kingdom.

Where this occurs, appropriate safeguards are relied upon to ensure that personal information receives a level of protection consistent with UK data protection requirements.

Data Security

I take appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, alteration or disclosure.

These measures include password-protected devices, secure email systems, cloud storage security measures and the use of two-factor authentication where available.

I regularly review my security practices to help protect the confidentiality and integrity of client information.

How Long Information Is Kept

Enquiries

If counselling does not proceed, enquiry information will normally be deleted within one month of our final contact.

Text Messages

Administrative text messages will normally be deleted within one month unless they form part of the clinical record.

Counselling Records

Counselling records are normally retained for seven years following the end of therapy.

This retention period has been chosen to meet professional, legal and insurance requirements and to support the safe management of client records.

Records may be retained for longer where required by law, safeguarding responsibilities, ongoing complaints, professional obligations or potential legal claims.

At the end of the retention period, records will be securely destroyed.

Financial Records

Financial records are retained for the period required by UK tax and accounting legislation.

Your Rights

Under UK GDPR, you have the right to:

·      Be informed about how your information is used

·      Access your personal information

·      Request correction of inaccurate information

·      Request erasure in certain circumstances

·      Request restriction of processing in certain circumstances

·      Object to processing in certain circumstances

·      Request data portability where applicable

·      Lodge a complaint with the Information Commissioner’s Office (ICO)

Some rights may be limited where records must be retained for legal, safeguarding, insurance or professional reasons.

Complaints

If you have concerns about how I handle your personal information, please contact me in the first instance so that I can try to resolve the issue.

By email - hello@gemmacapoccicounselling.com

By post - 102 Harpenden Road, London, E12 5HN

You also have the right to make a complaint to the Information Commissioner’s Office (ICO).

Website: www.ico.org.uk

Telephone: 0303 123 1113

As a Registered Member of the British Association for Counselling and Psychotherapy (BACP), clients may also obtain information about BACP professional conduct procedures through the BACP website.

Changes to This Privacy Notice

This Privacy Notice may be updated from time to time to reflect changes in legislation, professional guidance or working practices, but my next full review is scheduled for June 2027.

The most recent version will always be available on my website.

Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Questions

If you have a question regarding this Privacy policy, please write to me:

  • by email: hello@gemmacapoccicounselling.com

  • by post: 102 Harpenden Road, London, E12 5HN