Privacy Policy

 

Evolve Counselling & Psychotherapy

Version: 2.0
Effective date: 9 January 2026
Review date: January 2027

This privacy policy explains how Evolve Counselling & Psychotherapy (“Evolve”, “we”, “us”) collects, uses, stores, and protects your personal data, and outlines your rights under UK data protection law.

This policy applies to clients and to anyone who contacts us via our website, email, telephone, or other means.

1. What information we collect

Clients

If you engage in counselling or psychotherapy, we may collect:

  • Name and contact details (email, telephone, postal address)

  • Date of birth

  • GP contact details

  • Contact details for chosen emergency contact

  • Payment and invoicing information

  • Brief personal information relevant to therapy

  • Anonymised clinical notes relating to sessions

We only collect information that is necessary for providing therapy and managing the service safely, ethically, and professionally.

Website and enquiries

If you contact us or use our website, we may collect:

  • Contact details you choose to provide

  • Basic website usage data (such as pages visited and IP address)

We do not use social media tracking or targeted advertising cookies.

2. Special category (sensitive) data

Therapy may involve discussion of sensitive personal information, including health-related information. This information is processed lawfully and confidentially for the purpose of providing therapy and safeguarding wellbeing.

We do not record therapy sessions.

3. How we use your information

Your information is used to:

  • Provide counselling and psychotherapy services

  • Arrange and manage appointments

  • Communicate with you about sessions or practical matters

  • Process payments

  • Maintain appropriate clinical and administrative records

  • Meet legal, ethical, and safeguarding obligations

We do not use client data for marketing or research purposes.

4. Confidentiality and safeguarding

Information shared in therapy is confidential within legal and ethical limits.

In rare circumstances, information may be shared without consent where there is a serious risk of harm to you or others, concerns about the safety of a child or vulnerable adult, or where disclosure is required by law. Wherever possible, this will be discussed with you first.

Safeguarding decisions are based on professional judgement, understanding context, change over time, and the information available, rather than predictive or numerical risk scoring.

5. Who we share information with

We do not sell or share personal data with third parties.

Information may be shared only when legally required or necessary for safeguarding, for example with emergency services, NHS services, or statutory authorities.

6. How long we keep your information

We retain information only for as long as necessary.

  • Clinical records: up to 7 years after the end of therapy

  • Payment records: 7 years (for tax and accounting purposes)

  • Enquiry data (where no therapy takes place): 12 months

After this time, records are securely deleted or destroyed.

7. Data security

We take reasonable steps to protect your data, including:

  • Secure digital storage

  • Restricted access to authorised individuals only

  • Confidential handling of paper records

If a data breach occurs that poses a risk to your rights or freedoms, we will notify you and the Information Commissioner’s Office (ICO) in line with legal requirements.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate data

  • Request erasure of data (where legally applicable)

  • Request restriction of processing

  • Object to processing in certain circumstances

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by contacting us using the details below.

9. Cookies

Our website uses essential cookies to function properly.
We do not use marketing or tracking cookies.

You can manage cookie settings through your browser.

10. ICO registration

Evolve Counselling & Psychotherapy is registered as a data controller with the Information Commissioner’s Office (ICO) and processes personal data in accordance with UK GDPR and data protection legislation.

11. Contact details

If you have questions about this policy, wish to exercise your rights, or have concerns about how your data is handled, please contact:

Email: info@evolvecounselling.org

Spill Clients
When our therapists work with Spill, both Spill and Evolve therapists are independently obliged to hold session notes. We are therefore joint controllers with Spill for this purpose. Spill’s Privacy Notice is available here.

Your rights also allow you to lodge a complaint with the Information Commissioner. To find out more visit www.ico.org.uk