Privacy Statement
Privacy Statement
Amethyst Counselling
Last updated: 12/6/2026
This privacy statement explains how Amethyst Counselling collects, uses, stores and protects personal information. It applies to people who contact me, use my website, make enquiries, attend counselling sessions, or otherwise communicate with me.
Amethyst Counselling is committed to protecting your privacy and handling your personal information lawfully, fairly and transparently in line with the UK General Data Protection Regulation, the Data Protection Act 2018 and other relevant UK data protection law.
Who is responsible for your personal information?
The data controller is:
Ruth Taylor, trading as Amethyst Counselling
Email: amethystcounselling.ruth@gmail.com
Website: www.amethystcounselling.co.uk
ICO registration number: ZA497931
As data controller, I am responsible for deciding how and why your personal information is used.
What personal information I collect
The personal information I collect may include:
-
your name;
-
email address;
-
telephone number;
-
address, where needed;
-
date of birth, where needed;
-
GP or emergency contact details, where relevant;
-
information you provide when making an enquiry;
-
information shared during assessment or counselling sessions;
-
appointment details, attendance and cancellation information;
-
brief counselling notes;
-
payment or invoicing information;
-
correspondence between us, such as emails, texts or messages;
-
information needed for safeguarding, risk management, complaints, insurance or legal purposes.
Counselling may involve the processing of special category data. This may include information about your physical or mental health, emotional wellbeing, relationships, family circumstances, sexuality, disability, neurodivergence, trauma, medication, risk, or other sensitive personal matters you choose to share.
I only collect information that is relevant and necessary for providing counselling, managing my practice, meeting professional responsibilities, and complying with legal, ethical and insurance obligations.
How I collect your information
I may collect personal information when:
-
you contact me through my website, by email, telephone, text or another communication method;
-
you complete an enquiry, assessment, agreement or consent form;
-
you attend counselling sessions;
-
you make a payment;
-
you correspond with me before, during or after counselling;
-
another professional contacts me with your consent, or where there is a lawful safeguarding or legal reason to do so.
Why I use your personal information
I use your personal information for the following purposes:
-
to respond to enquiries;
-
to assess whether counselling with me is appropriate;
-
to provide counselling services;
-
to arrange, manage and confirm appointments;
-
to keep appropriate counselling records;
-
to manage payments, accounts and administration;
-
to communicate with you about your counselling;
-
to meet professional, ethical, supervision and insurance requirements;
-
to support safeguarding, risk management or emergency action where necessary;
-
to respond to complaints, legal claims, insurance matters or regulatory requirements;
-
to maintain the security and proper running of my website and practice systems.
Lawful basis for using your personal information
Under UK GDPR, I must have a lawful basis for using your personal information. Depending on the purpose, I may rely on one or more of the following lawful bases:
PurposeType of informationLawful basis
Responding to enquiriesName, contact details, enquiry informationLegitimate interests and/or steps prior to entering into a contract
Providing counsellingContact details, assessment information, counselling notes and communicationsContract: necessary to provide counselling services
Keeping professional recordsClient records, appointment records and brief counselling notesLegitimate interests, professional obligations, insurance requirements and/or legal obligation
Managing payments and accountsPayment and invoicing informationContract, legitimate interests and/or legal obligation
Safeguarding or serious riskRelevant personal and sensitive informationVital interests, legal obligation, legitimate interests and/or substantial public interest where applicable
SupervisionAnonymised or non-identifying client material where possibleLegitimate interests and professional obligations
Complaints, legal claims or insurance mattersRelevant records and correspondenceLegitimate interests, legal obligation and/or legal claims
Special category data
Because counselling may involve sensitive information, I may process special category data where this is necessary for the provision of counselling and related professional services.
Where special category data is processed, I rely on a relevant UK GDPR Article 9 condition. This will usually be that processing is necessary for the provision of health or social care/treatment, or that processing is necessary for the establishment, exercise or defence of legal claims where relevant.
I will only use special category data where it is necessary, proportionate and relevant to the counselling service or another lawful purpose explained in this statement.
Confidentiality
Counselling is confidential, but confidentiality is not absolute.
I will not normally share information about you without your consent. However, there may be circumstances where I may need to share relevant information, for example:
-
if there is a serious risk of harm to you or another person;
-
if there is a safeguarding concern involving a child, young person or vulnerable adult;
-
if I am required to do so by law, court order or regulatory requirement;
-
if there is a need to prevent or detect a serious crime;
-
if disclosure is necessary in connection with a complaint, legal claim or insurance matter.
Where possible and appropriate, I will discuss this with you before sharing information. However, this may not always be possible if there is an urgent risk or legal requirement.
Supervision
Like other counselling professionals, I have regular professional supervision to support safe, ethical and effective practice.
Client material discussed in supervision is anonymised or non-identifying wherever possible. My supervisor is also bound by confidentiality and professional standards.
How I store and protect your information
I take reasonable steps to protect your personal information from unauthorised access, loss, misuse or disclosure.
This may include:
-
password-protected devices and accounts;
-
secure storage of electronic records;
-
appropriate physical security for any paper records;
-
limiting access to information;
-
using trusted service providers where necessary;
-
keeping only the information needed for the purposes explained in this statement.
Please be aware that ordinary email and text message services are not always fully secure. If you choose to communicate with me by email or text, I will take this as permission to respond using the same method unless you tell me otherwise.
Website, forms and cookies
This website may collect basic technical information needed for the website to function securely and effectively.
This website does not use tracking cookies, Google Analytics, Facebook/Meta Pixel or advertising cookies, unless this is stated separately on the website.
The website may use essential cookies or similar technologies required for website hosting, security or basic functionality. These are not used to track you for advertising purposes.
If this changes in the future, this privacy statement and any cookie information on the website will be updated.
Website provider and service providers
I may use trusted service providers to help operate my counselling practice and website. These may include providers of:
-
website hosting;
-
email;
-
telephone or video communication;
-
secure document storage;
-
payment processing;
-
accounting or administration systems;
-
IT support.
These providers may process personal information only as necessary to provide their services. I do not sell personal information.
Current service providers may include: [insert actual providers, for example Wix, Google/Gmail, Zoom, Microsoft, Stripe, bank provider, accounting software, cloud storage provider, etc.]
International transfers
Some service providers may store or process personal information outside the UK.
Where this happens, I will take reasonable steps to ensure appropriate safeguards are in place, such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other lawful safeguards recognised under UK data protection law.
Artificial intelligence tools
I may use artificial intelligence tools for general administrative support, drafting, planning or improving non-client-specific materials.
I do not knowingly enter names, contact details, full counselling notes, identifiable client information or sensitive personal information into AI tools.
AI tools are not used to record, transcribe, summarise or analyse counselling sessions.
AI tools do not replace professional judgement, counselling records, clinical decision-making, supervision, safeguarding responsibilities or ethical duties.
If my use of AI tools changes in a way that affects how client information is processed, this privacy statement will be updated.
How long I keep your information
I keep personal information only for as long as necessary.
Counselling records are usually kept for five years after counselling ends, unless there is a legal, safeguarding, insurance or professional reason to keep them for longer.
After the relevant retention period, records will be securely deleted or destroyed.
Enquiry information from people who do not go on to start counselling will usually be kept only for as long as necessary to respond to the enquiry and manage any follow-up, unless there is a lawful reason to keep it for longer.
Your data protection rights
Under UK data protection law, you have rights in relation to your personal information. These may include:
-
the right to be informed about how your information is used;
-
the right to access your personal information;
-
the right to ask for inaccurate information to be corrected;
-
the right to ask for information to be erased in certain circumstances;
-
the right to ask for processing to be restricted in certain circumstances;
-
the right to object to processing in certain circumstances;
-
the right to data portability in certain circumstances;
-
the right to withdraw consent where consent is the lawful basis for processing.
Not all rights apply in every situation. For example, I may need to keep some information for legal, professional, safeguarding, insurance or legitimate practice reasons.
If you would like to exercise any of your rights, please contact me at:
amethystcounselling.ruth@gmail.com
I will usually respond to data protection rights requests within one month, unless an extension is allowed under data protection law.
Data protection concerns or complaints
If you have a concern or complaint about how I have handled your personal information, please contact me first where possible:
amethystcounselling.ruth@gmail.com
I will acknowledge data protection complaints within 30 days of receiving them. I will take appropriate steps to look into the matter, keep you informed where needed, and tell you the outcome without undue delay.
You also have the right to complain to the Information Commissioner’s Office.
The ICO can be contacted through its website at www.ico.org.uk or by telephone on 0303 123 1113.
Updates to this privacy statement
This privacy statement may be updated from time to time to reflect changes in my practice, professional requirements, technology, or data protection law.
The latest version will be available on this website.