top of page



The General Data Protection Regulation (GDPR) is concerned with the personal information about you that I collect, store, and share. This page details my GDPR policy.



  • Name

  • Gender (or preferred identity)

  • Age

  • Date of Birth

  • Relationships & Children

  • Occupation

  • Address

  • Telephone/SMS number (plus permission to send SMS & leave voice message)

  • Email address

  • Counselling History

  • Medical conditions relevant to counselling

  • Prescribed medication relevant to counselling

  • Difficulties

  • Session summary

I may also ask and record on first contact how you found me. This is not necessary for our work together and you are free to refuse. I use this anonymous data to evaluate advertising or directory entries I have purchased.



  • Paper: written notes (described below) kept in a locked filing cabinet, in either a locked office or my home address.

  • Non-Smartphone: I use a non-smartphone and don't store contacts and regularly delete texts and call logs. I store contacts on a secure electronic health record system (please see below).

  • Email/SMS: your email address and correspondence will be stored in my email account (currently G Mail for G Suite) by nature of you contacting me. Your telephone number may be stored in my SMS should we exchange messages this way. Electronic correspondence will also be held by the corresponding app (Gmail, Phone's SMS). All correspondence stored there will be deleted regularly and on our work ending together.

  • Website: none of your personal information is stored on my website which is hosted by Wix, other than to momentarily collect & send it to my Gmail account for the purposes of our initial contact. Wix and Google analytics collect non personal  data without your identity attached such as traffic and number of page visits to help me evaluate my website.

  • Internet Applications: I collect, store and communicate some data (see below) electronically using an electronic health record system called Writeupp. I record my finances using Waveapps accounting.

  • Please bear in mind that if you pay for sessions using a card izettle and my bank and izettle will record the transaction.



  • Contract

  • GDPR Agreement


  • Email/SMS

I use an Electronic Health Record system called Writeupp to store and communicate information to you, including copies of the paper documents above. Writeupp is password protected and uses two factor authentication to increase security:

  • Assessment Record

  • Brief Session Notes

  • Copies of any letters or emails about clinical matters we have exchanged

Copies stored and/or communicated securely:

  • Contract/Agreement

  • GDPR Agreement




I seek a monthly consultation with another therapist, a therapeutic supervisor, qualified in this process. The supervision process is to maintain the quality and efficacy of my practise. In order to protect your privacy, my consultants will not know you personally or professionally. I will refer to you by a different name, and I may mention vague, non-identifying details about you when it's helpful to develop our work together.


In the event of my death or incapacity your details, should you still be in therapy with me, will be shared with my therapeutic executor so that you can be notified. 


If your health is in jeopardy I may share your contact information with an emergency healthcare service (e.g. Mental Health Crisis Team).

If I have become aware of your intent to cause harm to another person/organisation (e.g. terrorism), or commit a serious crime, the law may require that I inform an authority without seeking your permission. 


When we have finished working together, I will erase electronic copies of your contact information & correspondence within one month.

I will hold onto your clinical information (assessment, summary notes) for up to six years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to counselling in the future, and is a requirement of my insurer in case a claim is made. After this time has passed, I will shred the information kept on paper and delete entirely information held electronically.


You have the following rights...

  • To be informed what information I hold (i.e. this document).

  • To see the information I hold about you (free of charge for the initial request).

  • To rectify any inaccurate or incomplete personal information.

  • To withdraw consent to me using your personal information.

  • To request your personal information be erased (though I can decline whilst the information is needed for me to practice lawfully & competently).

NB: A printed copy of this statement will be given to you when we first meet for counselling. If we agree to continue working together, we will both sign the printed copy of this statement to indicate our agreement.

Page copyright of Matt Verguson trading as therapy5 2018.

Policy formulated from Dean Richardson’s website Havant Counselling and Karen Emery’s website: Counselling in Notts – GDPR Made Easy for Counsellors:- which references the ICO’s pages on GDPR.

bottom of page