Privacy Notice

Back to main site

Last updated: 25-Jun-26

Introduction

David Ewins is a Registered Member of the British Association for Counselling and Psychotherapy (membership no. 391661) and is registered with the Information Commissioner’s Office (registration number: C1125415).

Under the UK GDPR, I need a lawful basis for using personal information. I rely on the following lawful bases under Article 6 UK GDPR:

  • Contract / Performance of a Contract: Where processing is needed to safely arrange, manage, and deliver your therapy sessions.
  • Legitimate Interests: To manage business administration, track payments, and defend legal claims.
  • Legal Obligation: Where I am required to keep or share information to comply with the law.

Because therapy data involves health records, it is classified as 'Special Category Data'. My condition for processing this is the provision of health or social care or treatment under Article 9 UK GDPR , meeting the necessary conditions and safeguards under the Data Protection Act 2018.

Collection of Personal Information

I may request the following data, please note that you are under no obligation to provide this information, but it may assist the therapeutic process and/or help to support you:

  • Name, gender (or preferred identity), sexuality, date of birth
  • Address, next of kin contact details, telephone / mobile number, email address
  • GP details, medical conditions, prescribed medication, previous experience of mental health treatment / diagnosis
  • Counselling and personal history, including relationships and family (past and present), issues you have come to therapy for.

Storage of Personal Information

Mobile phone

Although I do not store your contact number in my phone, the messages / call history is retained. I store your contact number on my work laptop to allow me to make contact where necessary. My phone and laptop are password protected.

Email

Electronic correspondence is held on my email account. I use this to set up an initial meeting, notify you of payment details and/or confirm subsequent appointments. My email account and work laptop are both password protected.

Website

None of your personal information is stored on my website. This website is a static site hosted on Netlify. Netlify does not deploy tracking or non-essential cookies by default on hosted sites. Consequently, I do not use cookies to track your browsing history, and no cookie consent banner is required. Any basic, temporary server-log data processed by the host is restricted strictly to security and core network functionality, which aligns with current UK exemptions.

Paper

Where I use paper records (Client Agreement, Initial Assessment Form and Sessions Notes) these are converted to an electronic version and the original destroyed.

Electronic data

Electronic records (Client Agreement, Initial Assessment Form and Sessions Notes) are stored on my laptop, which is password protected and backed up to a thumb drive that is stored securely.

These records may be reviewed in Supervision as part of my ongoing professional development and also in support of our working together. I will make every effort to anonymise your personal information when doing so (see "Sharing your information").

NB: The Initial Assessment Form and Session Notes are anonymised and kept separately from any contact information that would identify you. All records are stored securely.

If I or one of my trusted digital service providers transfer personal information outside the UK, I will only do so where the law allows it and an appropriate transfer mechanism or safeguard is in place.

AI and Audio Recording

I do not use AI, automated transcription tools, or audio recording software during our therapy sessions unless explicitly discussed and consented to by you in advance for specific therapeutic or professional development reasons.

I may request to make audio recordings for the purpose of supporting my ongoing professional development and for reviewing sessions, for example, by presenting anonymised, written transcript(s) of excepts of sessions in Supervision. You are under no obligation to agree to sessions being recorded. Any recordings that are agreed to will be stored securely, retained for no longer than 2 years and then destroyed. Even if you do agree, you may withdraw your consent at any time and ask for any recordings to be destroyed.

Sharing Your Personal Information

Supervision

In line with BACP requirements, I take my work to Supervision to have another professional perspective and as part of my ongoing professional development. I make every effort to preserve your anonymity as part of this process.

Confidentiality

Sessions are strictly confidential, but with a few exceptions. If I believe that the safety of you, and/or another, is at significant risk, it may be necessary to break confidentiality and contact the suitable authorities without your permission. This includes your GP, the emergency services and the mental health crisis team.

I am also required by law to pass on information relating to criminal acts, such as terrorism, insider dealing or the ongoing abuse of a minor or vulnerable adult.

I will at all times attempt to gain your permission before breaking confidentiality in these instances. I do, however, retain the right to do so without your consent.

When providing online therapy, sessions take place over a secure, encrypted platform (Google Meet). This platform may process limited technical metadata (such as your IP address) to facilitate the secure connection. Standard anti-virus and security protections are maintained on all devices used to deliver your therapy.

Incapacity (of the therapist)

In the event of my incapacity (e.g. serious illness), or my death, my appointed therapeutic executor has been instructed to contact you to advise you of your options. They will also arrange for any personal information and notes to be destroyed.

Erasing Your Personal Information

When we have finished working together, all electronic correspondence will be deleted after one month. Electronic records will be securely retained for seven years after the last session in accordance with the requirements of my insurance provider. Following this, all personal information will be destroyed.

Your Rights

You have the following rights with respect to your personal information:

  • to be informed what personal information I hold, as outlined in this document
  • to request a copy of the personal information I hold on you (free of charge and within one calendar month)
  • to request that I rectify any inaccurate or incomplete personal information
  • to withdraw consent from me using / processing your personal information
  • to request that some or all of your personal information be erased. Where the information is needed for me to practice lawfully and competently, I can decline such requests.

Data Protection Concerns and Complaints

If you have a concern, or are unhappy with how I have handled your personal information, you have a right to raise a data protection complaint directly with me.

Please contact me using the form below, outlining your specific concern. I will formally acknowledge your complaint within 30 days of receipt, investigate it thoroughly without undue delay, and provide you with a written outcome of the investigation without undue delay.

If you remain unsatisfied with my final response, or if you prefer to escalate the matter directly, you can contact the UK regulator, the Information Commissioner’s Office (ICO), at www.ico.org.uk or via telephone at 0303 123 1113.

Contact

You can contact me by calling 07835 392 872, or using the form below:

By submitting this form, you acknowledge that the information provided will be used solely to respond to your enquiry. To protect your privacy, please do not include highly sensitive personal details or medical history at this preliminary stage. You can review my full Privacy Notice in this document - Back to top.