Privacy Notice
Counselling with Dominic
Last updated: June 2026
This privacy notice explains how I collect, use, store and protect personal information in my therapy practice.
I am Dominic, a person-centred counsellor working in person and online. I am the data controller for personal information collected through Counselling with Dominic.
If you have any questions about this notice, or about how your information is handled, you can contact me at:
Email: dominic@counsellingwithdominic.co.uk
Website: counsellingwithdominic.co.uk
This privacy notice applies to people who contact me about therapy, current and former clients, and visitors to this website.
Information I collect
When you contact me, I may collect:
• your name
• your email address or phone number
• the information you choose to share in your enquiry
• any preferences around contact, availability or how you would like to work
If we arrange an initial call or begin therapy, I may also collect:
• your address and date of birth
• your GP details
• emergency contact details, where appropriate
• relevant health, mental health or wellbeing information
• information about your personal history, relationships, circumstances and reasons for seeking therapy
• clinical notes, including session themes, risk information and agreed actions
• attendance, payment and appointment records
• correspondence between us, including emails and messages
• completed assessment tools, such as CORE-10
Some of this information is classed as special category data under UK data protection law. This includes information about health, mental health, and other sensitive areas relevant to therapy. I only collect information that is necessary for providing therapy safely, ethically and professionally.
How I use your information
I use your personal information to:
• respond to enquiries and arrange appointments
• provide therapy and keep appropriate clinical records
• manage payments, invoices and appointments
• communicate with you about sessions
• meet legal, professional and ethical responsibilities
• manage risk, safeguarding or emergency situations where necessary
• maintain insurance, tax and accounting records
I do not sell your personal information.
Lawful basis for using your information
Under UK GDPR, I need a lawful basis for using personal information.
For arranging and providing therapy, I rely on contract. For running my practice safely, keeping appropriate records and protecting both you and me, I rely on legitimate interests. Where I need to keep or share information to comply with the law, I rely on legal obligation.
For special category data — including health and mental health information — I rely on substantial public interest (mental health) and health and social care purposes under Schedule 1 of the Data Protection Act 2018, alongside the provisions relevant to counselling and psychotherapy under the UK GDPR.
How I store your information
I use Carepatron as my practice management system. Carepatron stores data on secure cloud infrastructure (Amazon Web Services, Microsoft Azure, and Google Cloud), protected by encryption, firewalls, and access controls. Carepatron is GDPR compliant and acts as a data processor on my behalf. They do not sell or share your data with third parties.
Carepatron is used to store clinical notes, assessment tools, contracts, appointment records, invoices, and session communications. It is also used for video sessions and SMS/email appointment reminders. I am currently exploring and testing the AI-assisted transcription feature built into Carepatron. I have not yet implemented this in practice, but may do so in future. If I do, this will be covered by the same Carepatron data policies outlined above. No client data is used to train AI models. I will update this notice once a decision has been made.
I use Proton Mail for email counselling and sensitive correspondence. Proton Mail uses end-to-end encryption.
I use Gmail for general practice administration, such as booking enquiries and invoices. Sensitive clinical content is not sent via Gmail.
I use AI tools such as Claude (Anthropic) for practice administration, marketing, and development purposes only. I do not enter identifiable client information into any public AI tool.
How long I keep your information
I keep clinical records for seven years following the end of therapy. This is in line with guidance from my insurer and professional bodies.
If therapy does not proceed following initial contact, I will retain only the minimum information necessary and will delete it within a reasonable period.
Financial records, including invoices and payment information, are kept for six years in line with HMRC requirements.
Confidentiality and when I may share information
What you share in therapy is confidential. I will not share your information with anyone else without your consent, except in the following circumstances:
• Supervision — I discuss my clinical work in regular supervision as required by my professional bodies (BACP and NCPS). Supervision is confidential and I use only the minimum identifying information necessary.
• Risk and safeguarding — if I am concerned that you or someone else may be at serious risk of harm, I may need to share information with appropriate services. I will try to discuss this with you first wherever it is safe to do so.
• Legal obligation — if I am required to share information by a court order or other legal process.
• Insurance and professional conduct — if a formal complaint or legal claim is made, information may need to be shared with my insurer or professional body.
Clinical will
I have arrangements in place with a trusted professional colleague to manage my practice and client records in the event that I am unable to continue working due to illness, incapacity or death. This involves identifying a trusted professional colleague who would be able to notify current clients and manage records with appropriate care and confidentiality. Once these arrangements are formalised, this notice will be updated to reflect them. In the meantime, if you have any concerns about continuity of care, please raise them with me directly.
Euroway Counselling
This website also provides information about Euroway Counselling, a collaborative counselling arrangement based at Merrydale House, Bradford. If you enquire about or access services through Euroway Counselling, the following also applies:
• Initial enquiries sent to Euroway Counselling are received via a shared inbox, accessible to all current Euroway practitioners. Enquiries are then allocated to an individual practitioner.
• From the point of referral, your personal information is held by your individual practitioner within their own private practice. Each Euroway practitioner is an independent data controller for their own caseload.
• Euroway Counselling uses a shared email address for administrative correspondence. This email is subject to the same data handling principles set out in this notice.
Your rights
Under UK data protection law, you have rights over your personal information. These may include the right to:
• be informed about how your data is used
• access a copy of your personal information
• ask for inaccurate information to be corrected
• ask for information to be deleted in some circumstances
• restrict or object to certain processing
• raise a data protection concern or complaint
Some rights are not absolute. I may need to retain some information for legal, professional, safeguarding, insurance or complaint-related reasons, and there may be limits on what can be disclosed where information includes third-party data or where a relevant exemption applies.
If you would like to exercise any of your rights, please contact me using the details at the top of this notice. I will respond within one month.
Data protection complaints
If you have a concern about how I have handled your personal information, you can make a data protection complaint by contacting me directly using the details at the top of this notice.
Please include your name, what your concern relates to, what you would like me to look into, and how you would prefer me to respond. I will acknowledge your complaint within 30 days and investigate it without undue delay.
If you are not satisfied with my response, or if you would prefer to contact the regulator directly, you can contact the Information Commissioner's Office:
Website: www.ico.org.uk
Telephone: 0303 123 1113
Changes to this notice
I may update this privacy notice from time to time to reflect changes in my practice, legal requirements, professional guidance or the systems I use. The latest version will always be available on this website.
