Privacy Policy‍ ‍

Privacy policy notice

Your privacy is very important to me. Your personal information will be kept safe and secure and only used for the purpose for which it was given. I adhere to current data protection legislation including GDPR, the data protection act 2018 and changes due to the data (use and access) act 2026. I also comply with ethical guidelines regarding protecting client privacy and confidentiality set by the British Association for Counselling and Psychotherapy (BACP).

This notice provides information on how I collect, use, store and protect your personal information in my client work. I am Natalie Read, a counsellor and spiritual coach. I work one-to-one both in person and online and I also run groups and workshops. I am the data controller for personal information I collect and am responsible for deciding how this information is used and for keeping it safe. This notice applies to people who contact me about my work, current and former clients as well as visitors to my website.

I am happy to discuss any questions you might have about my data protection policy, and you can contact me via hello@natalieread.co.uk or via a contact form on this website www.natalieread.co.uk

Information I collect‍ ‍

When contacted for an enquiry, I may collect and use the following information: your name, email address, phone number and any information you choose to share in your enquiry.

In order to maintain the highest possible confidentiality, please do consider information that you include in any email or other electronic format. These messages pass through multiple servers and therefore, security cannot be guaranteed. My preference is to keep all confidential information within sessions and to use text and email for administrative purposes only.

If we arrange an introductory session or begin working together, I may also collect and use the following information: your address, date of birth, GP details, emergency contact details where appropriate, relevant health information, information about your personal history, relationships, personal circumstances and reasons for seeking support, brief clinical notes as well as information on attendance and payment.

I use your information to respond to enquiries, manage appointments, provide therapeutic support, keep clinical records, manage payments, meet legal, professional and ethical responsibilities, manage risk and safeguarding, maintain insurance, tax and accounting records as well as respond to data protection requests or complaints. I do not sell your personal information.

My lawful basis for holding and using your personal information
Under GDPR, I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. If you have worked with me, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently working with me or considering doing so, I will process your personal data where it is necessary for the performance of our contract. GDPR also make sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case therapy sessions) and necessary for a contract with a health professional (in this case, a contract between me and you).

Confidentiality‍ ‍

All sessions are carried out on a confidential basis unless there is a legal, safeguarding or ethical obligation to break confidentiality. This is due to child protection and safeguarding, to prevent or detect a serious crime, where a court of law requires disclosure or where I perceive there is a serious risk of harm to you or others. I will always endeavour to speak to you about breaking confidentiality first unless there are safeguarding issues that prevent this. In addition, in line with good practice and BACP guidelines, I am required to have regular clinical supervision of my work but do so without sharing any identifying details.

Clinical records‍ ‍

I keep brief notes electronically to support safe and ethical therapeutic work. These are password protected and may include session dates, brief themes discussed, relevant risk or safeguarding information, relevant action or decisions. This is for the purpose of tracking progress and preparing for sessions. These notes are for my sole use only, do not include any identifying information and are kept separate from your personal details.

How I store and keep information‍ ‍

I keep information only for as long as necessary for the purpose for which it was collected. Retention periods vary depending on the type of record, the nature of the work legal and professional requirements.

As a general guide: If an enquiry is made and you decide not to proceed further, I will ensure that all of your personal data is deleted within one month.

Client records are kept for 7 years after our sessions have completed. All information will be confidentially destroyed at the end of this time. Retaining your therapy notes also ensures that I can continue to provide a good standard of service should you decide to resume sessions at any point in the future.

Financial records are kept for the period required for tax and accounting purposes. Emails and messages are reviewed periodically and deleted when no longer needed. Any remaining email or text messages will be reviewed and deleted within one month of sessions ending.

Data security
I take the security of the data that I hold about you very seriously and as such I take every reasonable precaution to ensure it is kept secure. I use appropriate technical measures to keep your information secure including: locked cabinet, password protection, device security, antivirus software, two factor authentication and restricted access.

Online sessions‍ ‍

I use zoom which is encrypted and approved by BACP for my online sessions. I will take reasonable steps to protect confidentiality from my side and ask that you also choose a private space where you cannot easily be overheard or interrupted.

AI tools, transcription and recording‍ ‍

I do not record, transcribe or use AI tools to process any client data or notes.

Third party recipients of personal data‍ ‍

I will not share your personal information with any third party for the purpose of sales, marketing or research. I share a limited amount of personal data with third parties in order to provide therapy services to you and to fulfil legal obligations in respect of tax and accounting purposes. This is only done, when necessary, proportionate and lawful. For example, my supervisor, professional advisers such as an accountant or legal adviser, my professional body if required to ethically, safeguarding services where there is a serious risk or concern, trusted digital service providers who process data on my behalf or an appointed clinical executor if I am unable to contact clients myself. I aim to only share what is relevant and necessary for that purpose.

Your rights‍ ‍

Under GPDR, you have rights over your personal information. This may include the right to be informed about how your data is used, access a copy of your personal information, ask for inaccurate information to be corrected, ask for information to be deleted in some circumstances, restrict or object to certain processing and complain about how your information has been handled. Some rights are not absolute and may depend on the circumstances.

For example, I may need to keep some information for legal, professional, safeguarding, insurance or complaint related reasons and there may be limits on what can be disclosed where information includes third-party data or where a relevant exemption applies. If you would like to exercise your rights, please contact me in writing at: hello@natalieread.co.uk and I am obliged to respond within a month to your request. If your request is complex, or if I need to consider whether any restriction or exemption applies, I may need longer in which case I will let you know. You can read more about your rights at: ico.org.uk/your-data-matters.

Complaints‍ ‍

If you have a complaint about how I handle your personal data, please do not hesitate to get in touch with me by email at: hello@natalieread.co.uk. I will acknowledge your complaint within 30 days and take appropriate steps to look into it. Please include your name, your concern, what you would like me to look into and how you would prefer me to respond. I will investigate as appropriate; keep you informed when necessary and tell you about the outcome without undue delay. If after this time you remain unsatisfied, you may contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.

Website visitors‍ ‍

When you visit www.natalieread.co.uk, some technical information may be collected automatically such as your IP address, device type, browser type, pages visited and the time of your visit. This may happen through website hosting, security, analytics or cookie tools. My website is hosted by Squarespace that may also use cookies or similar technologies to make the site work, improve performance, understand visitor behaviour or support security. I also use Google analytics which is a service provided by Google that gathers anonymous data on how people are using websites and then provides visitor statistics, details of page views etc. This service is used by many website owners as the data helps website owners to improve their websites. I do not control these cookies so I cannot guarantee what they do. You can usually control cookies through your browser settings.

By accessing the website, you are consenting to the information collection and use practices described in this privacy notice. Should you choose to contact me using the contact form on the website, none of the data that you supply will be stored by the website or passed to any third-party data processors. Any downloadable documents or third-party information available on this website are provided to users at their own risk. Whilst all precautions have been undertaken to ensure that only genuine downloads and third-party information is available, users are advised to verify their authenticity using antivirus software as appropriate. We accept no responsibility for any issues. Please also be aware that we cannot control the privacy policies of any third party – please refer to their terms and conditions before proceeding.

Changes to privacy notice
This privacy notice may be updated from time to time to reflect changes in my practice, legal requirements and professional guidance. Please check my website for the latest version.