Rebecca Skinner Counselling and Psychotherapy is committed to protecting your personal data. Your information will be kept secure and only used for the purpose it was given.

This notice sets out how I use and protect information you provide, and the lawful basis under the Data Protection Act 2018, the General Data Protection Regulations (GDPR) and the data protection principles (contained in the BACP Ethical Framework for the Counselling Professions: July 2018) that permits me to do so.

‘Data controller’ means the person/organisation that collects, stores and has responsibility for people’s personal data. In this instance, the data controller is me, Rebecca Skinner.

I am registered with the Information Commissioner’s Office [ZB046363].

Lawful Basis

I use different elements of the GDPR depending on the stage at which I am processing your data, including storage of the data. These are contract, explicit consent, legal claims, vital interest, legal obligation.

For a full breakdown of what information is collated, how it is processed, retention periods and lawful basis for processing, please contact me.

The type of information collected

Whether or not you become a client, I will collect and hold personal data, this may include special category data as set out below.

Personal Data

  • name

  • date of birth

  • relationships (parents, siblings, children)

  • occupation

  • contact details

  • employment

  • education

  • social life details

  • nominated emergency contact details

  • GP contact details

Special Category Data

  • physical and mental health details;

    • counselling / therapy history

    • medical conditions

    • prescribed medication

    • emotional & psychological issues

    • any disability or communication difficulty

    • Counselling notes

  • sexual history and/or orientation

  • racial or ethnic origin

  • religious beliefs

How I get the information and why I have it

Most of data collated is during initial contact, assessment and contracting stages and provided by you. Alternatively, another professional or a parent / carer may send me your details when making a referral or enquiry on your behalf. Further information provided will be during your counselling session(s). Information collated may be via telephone, email, post, face to face or via a third party. I collect and hold data for the purpose of assessment, counselling and to receive clinical supervision. Your records assist me in providing you with a better service.

Storage of Information

I will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this privacy notice. Your data is kept securely in an electronic format on a secured data service which is end to end encrypted when your information is in transit and at rest. This data server is GDPR compliant and requires two factor authentication. Presently, this service is provided by and you can access their own privacy policy here.

Data collated are the property of Rebecca Skinner and not the client. This data is not shared with anyone unless an exception in the ‘Confidentiality & Contract’ form applies. Where I am required to share information, I will always try to speak to you first, unless there are safeguarding issues that prevent this.

Any payment transactions via your bank will only be identified by an pseudonymised client reference number and no other information will be required or shared.

I retain your data only for as long as such information is needed and useful for the purpose for which it was collected. I store the information for varying durations, depending on the type of information, but only if, I continue to have a valid reason. This includes allowing me to have enough information to respond to future issues, to uphold agreements between you and Rebecca Skinner Counselling and Psychotherapy and to be compliant with applicable law. If you would like a copy of my data retention map, please email me.


Unfortunately, the transmission of information via the internet cannot be completely secure. I have in place security measures to protect your personal data, but I cannot guarantee the security of your data transmitted to me, particularly by email; any transmission is at your own risk. Once I have received your information, I will use my own policies and procedures as far as is reasonably possible to prevent unauthorised access.

If you decide not to proceed, I will ensure all your data is deleted after one calendar month.

For security reasons I do not retain text messages or emails for more than 1 month. If there is relevant information contained in a text message, I will record this in my notes.

Once counselling has ended your records will be kept for 6 years from the end of our contract with each other and are then securely destroyed.


My website may contain links to other websites that may be of interest. However, I have no control over other websites. Therefore, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at their privacy statements.

I do not use my website to collate any personal information and do not store your information from this source.

When you use a website, cookies are downloaded onto your PC and the next time you visit the site, your PC will check the cookie and send information back to the site, therefore tailoring what pops up. You can refuse these cookies using your own device settings.

I use a third-party service, ‘Wix’ to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site and to improve my service This information is only processed in a way that does not identify anyone. I do not make, and do not allow ‘Wix’ to make, any attempt to find out the identities of those visiting my website. You can read Wix’s privacy notice here: here.

Changes to this Privacy Notice

Any changes to this privacy notice in the future will be published on my website.

Your data protection rights

Under data protection law, you have rights including:

  • Right of access - You have the right to ask for copies of your personal information.

  • Right to rectification - You have the right to ask to rectify personal information you think is inaccurate or to ask me to complete information you think is incomplete.

  • Right to erasure - You have the right to ask me to erase your personal information in certain circumstances.

  • Right to restriction of processing - You have the right to ask me to restrict the processing of your personal information in certain circumstances.

  • Right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability - You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. Please contact me in writing if you wish to make a request. You can read more about your rights at here.


When people make complaints against my service, I hold data relating to the complainant, details of the complaint and witnesses or interested parties. I may share information with any external bodies who have a legal interest. All data relating to this process is kept electronically.

If you have any questions or concerns, you can contact:

Rebecca Skinner Counselling and Psychotherapy:

Data Controller: Rebecca Skinner

Service Manager: Rebecca Skinner




You can also complain to the ICO if you are unhappy with how I have used your data.

The ICO:           

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113

ICO website: