Resonance Counselling

Legal & Data Protection

Privacy Policy

Last updated: 1 June 2025  ·  Resonance Counselling & Psychotherapy Ltd

Your privacy matters to us. This policy explains how Resonance Counselling & Psychotherapy Ltd collects, uses, and protects your personal data. We are committed to handling your information with the care and confidentiality it deserves — particularly given the sensitive nature of therapy.

Contents

1. Who We Are

Resonance Counselling & Psychotherapy Ltd is a private therapy practice providing individual counselling, couples therapy, AuDHD-affirming therapy, and clinical supervision. We are registered in England & Wales (Company No. 16709754).

Data Controller: Dr Maria Hartshorn, Resonance Counselling & Psychotherapy Ltd
Address: 15b Park Mews, Park Lane, Hornchurch, Essex, RM11 1BB
Email: [email protected]

This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Contact information: Name, email address, telephone number, and postal address.
  • Booking information: Appointment dates, times, service type, and session notes.
  • Health and wellbeing data: Information you share about your mental health, medical history, and personal circumstances during therapy. This is special category data under UK GDPR.
  • Financial information: Payment records (we do not store card details; payments are processed via BACS or PayPal).
  • Technical data: IP address, browser type, and pages visited when you use our website.
  • Communications: Emails, enquiry form submissions, and any other correspondence with us.

3. How We Use Your Data

We use your personal data for the following purposes:

Providing therapy services

Lawful basis: Contract performance and legitimate interests

To book, manage, and deliver counselling and psychotherapy sessions.

Clinical records

Lawful basis: Legal obligation and legitimate interests

To maintain accurate records of your therapy as required by our professional bodies (BACP, UKCP, NCPS).

Communication

Lawful basis: Contract performance and legitimate interests

To respond to your enquiries, send appointment confirmations, and provide session reminders.

Safeguarding

Lawful basis: Legal obligation and vital interests

In exceptional circumstances where there is a risk to life or a legal duty to disclose.

Website analytics

Lawful basis: Legitimate interests

To understand how our website is used and improve the user experience.

Insurance claims

Lawful basis: Contract performance

To process claims with your health insurer (AXA, Aviva, Vitality, Bupa, WPA) where applicable.

4. Special Category Data (Health Information)

Information about your mental health, medical history, and personal circumstances shared during therapy constitutes special category data under UK GDPR. We process this data on the basis of:

  • Explicit consent — you choose to share this information with your therapist.
  • Provision of health or social care — as a registered psychotherapist, we are permitted to process health data for therapeutic purposes.
  • Substantial public interest — where safeguarding or legal obligations require disclosure.

All clinical notes are stored securely and are accessible only to Dr Maria Hartshorn. Notes are not shared with third parties except in the limited circumstances described in Section 5.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

  • Clinical supervisor: Dr Hartshorn receives regular clinical supervision as required by professional bodies. Supervision discussions are anonymised wherever possible.
  • Health insurers: Where you are using private health insurance (AXA, Aviva, Vitality, Bupa, WPA), we may share information necessary to process your claim.
  • Legal and safeguarding authorities: Where we are legally required to disclose information — for example, to prevent serious harm to you or another person, or in response to a court order.
  • IT service providers: Our website and booking system are hosted by GoDaddy. Data is processed in accordance with their privacy policy and data processing agreements.
  • Your GP or other healthcare professionals: Only with your explicit consent, or in an emergency.

6. How Long We Keep Your Data

We retain your personal data for the following periods:

Data TypeRetention Period
Clinical notes and therapy records7 years from the end of therapy (or until age 25 if the client was a minor)
Booking and appointment records7 years from the date of the appointment
Financial records7 years (HMRC requirement)
Enquiry form submissions (no therapy commenced)12 months
Website analytics data26 months
Email correspondence7 years from the end of the therapeutic relationship

After the retention period, data is securely deleted or anonymised.

7. How We Protect Your Data

We take the security of your personal data seriously. Our measures include:

  • All data transmitted via our website is encrypted using TLS (HTTPS).
  • Clinical notes are stored in password-protected, encrypted systems.
  • Access to personal data is restricted to Dr Maria Hartshorn only.
  • Our website hosting provider (GoDaddy) maintains industry-standard security measures.
  • We do not store payment card details — payments are processed via BACS or PayPal.
  • Physical records (if any) are stored in a locked cabinet.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access

Request a copy of the personal data we hold about you (Subject Access Request).

Right to rectification

Ask us to correct inaccurate or incomplete data.

Right to erasure

Request deletion of your data, subject to our legal and professional obligations.

Right to restrict processing

Ask us to limit how we use your data in certain circumstances.

Right to data portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests.

Right to withdraw consent

Where processing is based on consent, you may withdraw it at any time.

Right to complain

Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Please note that some rights are subject to limitations — for example, we cannot delete clinical records that we are legally or professionally required to retain.

9. Confidentiality & Its Limits

Everything you share in therapy is treated as strictly confidential. However, there are limited circumstances in which confidentiality may need to be broken:

  • Where there is a serious and immediate risk to your life or the life of another person.
  • Where there is a risk of harm to a child or vulnerable adult.
  • Where we are required to disclose information by law (e.g. a court order, or under the Terrorism Act 2000).
  • Where you have given explicit consent for information to be shared.

Where possible, we will discuss any proposed disclosure with you first. We adhere to the BACP Ethical Framework for the Counselling Professions in all matters of confidentiality.

10. Cookies & Website Analytics

Our website uses cookies — small text files stored on your device — to help the site function and to understand how it is used.

Essential cookies: Required for the website to function. Cannot be disabled.
Analytics cookies: Help us understand visitor behaviour so we can improve the site. We use anonymised analytics data only.
Functional cookies: Remember your preferences (e.g. cookie consent choice).

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the website.

11. Contact & Complaints

If you have any questions about this Privacy Policy, or wish to exercise your data rights, please contact:

Dr Maria Hartshorn

Resonance Counselling & Psychotherapy Ltd

15b Park Mews, Park Lane, Hornchurch, Essex, RM11 1BB

[email protected]

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

ico.org.uk

This Privacy Policy was last reviewed on 1 June 2025. We may update it from time to time — the current version will always be available at resonancecounselling.co.uk/privacy-policy.

Resonance Counselling & Psychotherapy Ltd is registered in England & Wales (No. 16709754). Registered with the Information Commissioner's Office (ICO).