Cookies & Privacy Notice

Website Visitors and Cookies

When you visit www.suedelaneycounselling.com, some technical information may be collected automatically, such as your IP address, device type, browser type, pages visited and the time of your visit. This may happen through website hosting via Squarespace, security or cookie tools. This website uses only essential cookies. Essential cookies are those which are strictly necessary for the operation, security and basic functioning of a website. These cookies may support core functions such as enabling secure use of contact forms, supporting page navigation and ensuring the website functions correctly. They do not track your activity across other websites, are not used for advertising or marketing purposes, and do not identify you personally. Because these cookies are strictly necessary, I am not required to obtain your consent for their use. However, as a courtesy, I do inform you when you first visit this website what cookies are in use. You may disable cookies at any time through your own web browser settings. Please be aware this may affect the functionality of the website, including the ability to use the Contact Me form.


Privacy Notice

I, Susan Delaney, am registered with the Information Commissioner's Office (ICO) as a data controller for Sue Delaney Counselling under registration number ZAB40983. I process your personal data in accordance with UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the 2003 Privacy and Electronic Communications Regulations (PECR) solely to provide counselling/psychotherapy services. This means I am responsible for how your personal information is used and for keeping it safe.

Information I Collect: If you fill in the Contact Me form on my website or contact me via email/phone, I may collect your name, phone number, email address, information you choose to share in your enquiry and any preferences around contact or availability. At the start of counselling, clients are asked to fill in a Registration Form which includes your name, DoB, address, contact number (plus permission to leave a voicemail or not), email address, GP details, emergency contact, history of previous counselling, psychotherapy or mental health support, medical conditions, prescribed medication, and current circumstances/reasons for seeking therapy.

Lawful Basis for Processing: As data controller, I process your data under the lawful bases of contract (where information is needed to arrange and provide therapy), legitimate interests (where I need to use information to run my practice safely and professionally) and legal obligation (where I need to keep or share information to comply with the law). As counselling involves processing special category personal data relating to health and wellbeing, I process this information under Article 9(2)(h) UK GDPR (health or social care) and, where applicable, Article 9(2)(f) (establishment, exercise or defence of legal claims).

How I Use Your Information: I use personal information to respond to enquiries, arrange initial appointments, provide therapy, keep appropriate clinical records, manage payments, invoices and appointments, communicate with you about sessions, meet legal, professional and ethical responsibilities, manage risk or emergency situations where necessary, maintain insurance, tax and accounting records and to respond to data protection requests/complaints. Your information is never sold or shared for marketing purposes.

How Your Information Is Stored – On my phone: Your number is stored using an identity code not your name. My phone is protected by password, PIN and biometric security. On my laptop: Electronic registration forms and invoices may be temporarily stored before printing and deletion. My computer and files are password/passkey protected. On my website: My website uses encrypted transmission (HTTPS) to protect information submitted via the Contact Me form. Data from this is stored temporarily before being securely sent to me via email. No data is permanently stored on the website server. On paper: Written records are kept in locked filing cabinets. Signed agreements, forms, and copies of invoices (if given) are kept separately to anonymised session notes and attendance logs.

Third-Party Providers: I use carefully selected third-party service providers (data processors) to support my practice, including Squarespace (website hosting), Google (email), Zoom (video sessions), GiffGaff (telecommunications), SumUp (payments), Xero (accounting) and Zempler Bank (banking). All of these are required to maintain appropriate data protection/security standards. Some may process data outside the UK. Where this occurs, safeguards are in line with UK data protection law.

Confidentiality/Limits of Confidentiality: Everything discussed in counselling is treated confidentially. Limited information may be shared only where strictly necessary for Clinical supervision: I am required by my professional body, the British Association for Counselling and Psychotherapy (BACP), to have supervision with a qualified professional to support best practice. All information shared is under my legitimate interests of providing ethical therapy and is minimised wherever possible. Clinical records: I keep brief clinical notes. These are usually factual, proportionate and relevant to the work, and may include session dates, brief themes discussed, relevant risk or clinical information, agreed actions and important decisions, contact and administrative information. Legal obligations: If ordered by a Court, I share only the minimum detail required. If possible, I will discuss any necessary disclosure with you first. If I become aware of information giving rise to a legal reporting obligation, including matters relating to terrorism or money laundering, I am required to inform relevant authorities without your permission or knowledge. Risk: If there is a serious concern you may cause harm to yourself or others, I may need to contact relevant professionals such as your GP or emergency services. Clinical will: Under BACP guidelines, I give your name and contact details to the executor of my ‘living will’ (a BACP professional) for the sole purpose of informing you if I am unavailable in the event of my inability to inform you myself.

Your rights and data breaches: Under UK data protection law, you have rights over your personal information. These may include the right to be informed about how your data is used, access a copy of your personal information, ask for inaccurate information to be corrected, ask for information to be deleted in some circumstances, restrict or object to certain processing, or complain about how your information has been handled. If you have any questions about this privacy notice or would like to exercise your rights, please contact me in writing at suedelaneycounselling@gmail.com. Where a personal data breach is likely to result in a risk to your rights and freedoms, I will report it to the ICO and, where required by law, notify affected individuals. If you believe information I hold about you is incorrect, out of date or you have concerns about how I handle your personal data, please inform me and I will attempt to resolve this accordingly. You also have the right to request deletion of your personal data. However, I may be required to retain certain records for legal, insurance or professional obligations. You may request access to the personal data I hold about you via a Subject Access Request. I will respond within one month unless an extension is permitted under data protection law. If you are still not satisfied, or if you would prefer to contact the UK regulator directly, you also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint or by phoning the helpline on 0303 123 1113.

At the end of counselling: Once counselling has ended, I keep information for as long as necessary for the purpose for which it was collected. Enquiries not resulting in therapy may be kept for up to 6 months. Personal data held on my phone or in digital records is reviewed and is deleted immediately if not required for professional or legal purposes. Registration forms and clinical notes in the form of a written summary of our work will be held for 7 years after the end of therapy for insurance, legal and professional purposes. This also supports continuity of care should you return to counselling. Financial data is stored for 6 years after the end of the relevant tax year for HMRC purposes. After these times, all records are destroyed.

Updated: June 2026