top of page

Client Privacy Policy 




This privacy policy is a statement of legal and ethical requirements of practice regarding data protection, transparency of information storage and usage. It sets out how I manage information about clients and how I comply with my obligations under the General Data Protection Regulation (GDPR) 2018 and as a registered, accredited member of the National Counselling Society (NCS). 


Information I collect 


I will collect and store your assessment information including your name, address, and contact details, GP surgery and emergency contact. Beyond that the information I hold on you will be brief process notes a summary of my recollections and reflections following each of our sessions. This information may include personal sensitive information, for example about your physical and mental health, sexual life, racial or ethnic origin, religious or other beliefs, offences and alleged offences perpetrated by you or upon you. 


Secure Storage 


I store this information using a GPDR compliant, Web-based, practice management software, especially designed for mental health care professionals called 'TheraNest’ This is a secure hosting platform for confidential medical information, so you have complete peace of mind that your personal information is stored safely and securely.

Any written notes I take during a therapy session to support with my process and formulation will be entered onto the system post session and immediately shredded. 

If you give me any paper-based documents or pictures at any time I will either store these in a locked cabinet or scan them and store them on my client data-base. 

Your contact details are held securely for up to 1 year after the therapeutic process has ended and session notes will be held securely and confidentially for 5 years after the therapeutic process has ended, at which point they will be deleted or destroyed. 

As the client, you have the right to receive your personal information which you previously provided, and also have the right to transfer that information to another party. For the purposes of the General Data Protection Regulations (GDPR) May 2018, the data “controller” is Maria Brooks -MB Therapy.

If you ask me to provide a third party with information about you and our work together I will discuss that with you and if I agree to do so will provide you with a draft of what I propose to send, before I pass it on. 


Therapeutic Will 

In the case of my death, or my becoming incapacitated for an extended period, your name and contact details will be shared with my Therapeutic Executor. This is so that you can be contacted to explain what has happened, if you are seeing me at the time. Once it becomes clear that I will not be returning to practice all the paper-based client records and the contents of my client record system would be destroyed/erased. 


Your rights under GDPR 2018 


Under this legislation you currently have the following rights: To be informed about what information I hold (this document). To see the information, I hold on you (free of charge for the initial request). To rectify/correct any inaccurate or incomplete personal information. To request that your personal information is erased/deleted/shredded. I can decline this request if the information is needed for me to practice lawfully or competently, or if there is another reason (for example a complaint or legal reason). 

bottom of page