Privacy Policy & GDPR Notice

About

This notice explains how I collect, use and protect your personal information when you contact me or work with me for counselling. I follow UK GDPR and the Data Protection Act 2018.

Last updated: 02/01/2026

Who I am

  • Tamlyn Griggs

  • Data Controller – ICO Registration No: ZB521674

  • Email: tamlyn.therapy@gmail.com

What information I collect

I may collect and store:

  • Your name, address, email and phone number

  • Emergency contact details

  • GP or healthcare professional details

  • Information you share about your health and wellbeing

  • Brief clinical notes

  • Emails and messages you send me

  • Information needed to create reports or letters you request

  • Payment records (bank transfer)

  • Information you choose to share in optional pre-session questionnaires

How your information is stored

Your information is stored securely using:

  • Kiku Practice Management Software – for client details, questionnaires, emergency contacts and clinical notes and some correspondence

  • Password-protected OneDrive on my laptop – for reports or letters you request

  • Gmail – for correspondence

  • Squarespace contact forms – for website enquiries

  • Calendly – for booking initial meetings

  • QuickBooks – for payment records and invoicing

  • My password-protected mobile phone – for storing client phone numbers (first name only) and practical text or call communication

  • Paper records are stored in a locked filing cabinet

Where possible, personal details are kept separate from session notes.

Why I use your information

Your information is used to:

  • Arrange, change and manage appointments

  • Provide counselling safely and effectively

  • Communicate with you

  • Produce reports or letters if requested

  • Issue invoices and maintain financial records

  • Meet professional, legal and insurance requirements

  • Maintain professional supervision

I use your information so I can provide counselling safely and meet my legal and professional responsibilities.

Who your information is shared with

Your information is kept confidential. It is only shared:

  • With your written consent

  • If there is a serious risk of harm

  • If required by law

  • Anonymously in professional supervision

  • With a nominated clinical executor only if I am unexpectedly unable to attend work and clients need to be contacted

How long your data is kept

  • When therapy ends and a client record is archived, non-essential contact details (such as emergency contact and GP information) are removed, while clinical records are retained in line with legal and professional requirements.

  • Full clinical records are kept for 7 years after therapy ends

  • Financial records are kept for 6 years (legal requirement)

  • Your name and client reference number are kept for 7 years

  • After this, records are securely deleted or destroyed

Your rights

You have the right to see the information I hold about you, ask for corrections, ask for deletion where legally possible, withdraw consent for optional processing or complain to the Information Commissioner’s Office (ICO)

Changes

This policy may be updated from time to time. The current version will always be available on my website.