Privacy Policy

 

Privacy Notice

 

Talk with Sue – Counselling Services

Data Controller: Susan Finlay (“Talk with Sue”)

Email: susanfinlay@talkwithsue.co.uk • Website: https://www.talkwithsue.co.uk

Effective date: 01/05/2025

 

This notice explains how I collect, use, and protect your personal information under the UK GDPR and Data Protection Act 2018.

 

1) What I collect

  • Identity & contact: name, email, phone, address (optional), emergency contact, GP details (optional).

  • Booking & admin: appointment history, invoices/receipts, payment status (card details handled by processors; I do not store card numbers).

  • Clinical: intake forms, assessments (e.g., PHQ-9, GAD-7), brief session notes, goals, risk/safety information, relevant correspondence.

  • Comms/technical: emails/messages we exchange; your preferences (phone/video/messaging).

  • Special category data: details about health/mental health that you share.

 

2) How I collect it

  • Directly from you (forms, email/messages, during sessions).

  • From tools you use with me (scheduling, forms, e-signature, video/messaging).

From a referrer/GP only with your consent, or without consent only where there is an urgent safeguarding/legal need

3) Why I use it & lawful bases.

Provide counselling & manage appointments (booking, reminders, forms, records) — Contract.

  • Administration, accounting & legal duties (e.g., tax, safeguarding) — legal obligation.

  • Practice management & security (secure IT, preventing misuse) — Legitimate interests.

  • Optional communication/messaging mode — which you can withdraw.

 

For special category data (health/mental health), I rely primarily on your explicit consent. Where relevant I may also rely on vital interests, legal claims, or safeguarding/substantial public interest under the Data Protection Act 2018, Schedule 1, and in some contexts health/social care.

 

4) Confidentiality & sharing

 

Your information is confidential. I may disclose it only if:

  • there is a risk of serious harm to you or others (vital interests/safeguarding);

  • I’m required by law/court order; or

  • you ask me to share information and give written consent.

 

I use professional supervision to ensure safe practice; cases are discussed in an anonymised way.

 

5) Who processes data for me (processors)

 

I use secure providers acting under contract on my instructions, for example:

  • Scheduling: Squarespace Scheduling (Acuity)

  • Forms & e-signature: Zoho Forms, Zoho Sign

  • Video/Chat: Microsoft Teams; Messaging (e.g., Teams chat / WhatsApp Business, if agreed)

  • Email: Zoho

  • Payments: [Stripe/PayPal/bank transfer] (I don’t store card details)

  • Cloud storage/backup: [OneDrive/Zoho Work Drive]

They process only what’s necessary and must keep it secure.

6) Retention (how long I keep data)

  • Clinical records (notes, forms, assessments): normally 7 years from last contact, then securely deleted.

  • Administrative emails/documents kept only as long as needed for the purposes above or legal requirements.

  • If required by law or to establish/defend a legal claim, I may retain information longer.

 

7) Security

 

I use strong passwords and MFA, encrypted devices/cloud storage, reputable providers, and least-access principles. Access is limited to me (and, if needed, trusted professionals under contract/confidentiality).

 

8) Your rights

 

You can access, rectify, erase (where applicable), restrict or object to processing, and request data portability. Where I rely on consent, you can withdraw it at any time (this won’t affect lawful use before withdrawal). To exercise rights, email susanfinlay@talkwithsue.co.uk. You can also complain to the ICO: ico.org.uk / 0303 123 1113.

 

 

9) Messaging-based counselling

 

If we use messaging:

  • I avoid clinical detail in push notifications.

  • Use a private device and keep your login secure.

  • No screenshots/recording/forwarding without mutual written consent.

  • Relevant content may be summarised or stored in your clinical records.

  • 12) Website, cookies & analytics

     

    My website may use essential/analytics cookies via Squarespace. See the site Cookie Notice for details and controls. Please avoid sending sensitive details via any non-secure web form.

     

    13) Marketing

     

    I do not sell your data or send marketing without consent. If I offer optional resources/updates, I will ask for consent first.

     

    14) Changes to this notice

     

    I may update this notice as laws or my practice changes. The latest version and effective date will be on my website or available on request.

     

    Contact: Sue Finlay – Talk with Sue [susanfinlay@talkwithsue.co.uk]