Privacy Policy
Last updated: 26 May 2026
1. Who I am
This privacy policy explains how Mike Clement Counselling collects, uses, stores, and protects your personal information.
I am Mr. Michael Clement, a qualified counsellor and supervisor, and the sole practitioner at Mike Clement Counselling. I am a registered member of the British Association for Counselling and Psychotherapy (BACP) and bound by their Ethical Framework for the Counselling Professions.
I am registered with the Information Commissioner's Office (ICO). My registration number is ZA765347.
If you have any questions about how I handle your personal data, you can contact me at: info@mikeclementcounselling.co.uk
2. What personal data I collect
To provide therapy services, I may collect and process the following types of personal data:
Contact information:
- Your name, address, telephone number, and email address
- Emergency contact details
Therapy-related information:
- The reasons you are seeking therapy (presenting issues)
- Information about your background relevant to our therapeutic work
- Relevant medical history and any current medications
- Details of your GP (if you choose to provide this)
- Session notes recording key themes and progress in our work together
- Dates and times of appointments
- Any correspondence between us
Financial information:
- Records of payments made for therapy sessions
Special category data
Much of the information I collect about you falls into what UK GDPR calls "special category data" under Article 9(1). This includes information about your physical and mental health. Special category data receives enhanced protection under data protection law, and I take additional care to keep this information secure and confidential.
3. How I collect your data
I collect your personal data directly from you in the following ways:
- When you first contact me to enquire about therapy (by email, telephone, or through my website)
- When you have an initial assessment session before we begin working together
- During our therapy sessions, through what you share with me
- Through any correspondence between us (emails, text messages, or telephone calls)
I do not collect personal data about you from third parties without your knowledge and consent.
4. Why I process your data — lawful basis
Under UK GDPR, I must have a lawful basis to process your personal data. Because therapy involves special category data (health information), I need to meet conditions under both Article 6 and Article 9 of UK GDPR.
Article 6 basis — ordinary personal data
My lawful basis is Article 6(1)(b) UK GDPR — processing is necessary for the performance of the therapeutic contract between us.
When you engage me as your therapist, we enter into a contract. I need to process your personal data to fulfil my obligations under that contract, including scheduling appointments, maintaining appropriate records, and providing you with therapy.
Article 9 basis — special category data (health information)
My lawful basis for processing your health-related information is Article 9(2)(h) UK GDPR — processing is necessary for the provision of health or social care treatment by a health professional.
The additional condition required under the Data Protection Act 2018 is Schedule 1, Part 1, paragraph 2 (health or social care purposes). This condition applies because I am a qualified counsellor subject to the professional obligation of confidentiality under the ethical framework of BACP.
5. Professional obligations and CPD
As a BACP member, I am required to attend regular clinical supervision. This is a professional requirement that helps ensure you receive safe and effective therapy.
When I discuss my therapeutic work with my supervisor:
- Your name and any identifying details are NOT shared — I use anonymised or pseudonymised case material only
- My supervisor is a qualified professional bound by the same confidentiality obligations as I am
- My supervisor is bound by their own professional body's ethical framework
- Supervision discussions focus on the therapeutic process and my professional development, not on identifying you personally
Clinical supervision is an essential part of ethical practice and helps me provide you with the best possible care.
6. Clinical will — what happens to your records if I am unable to practise
I have appointed a Clinical Executor — my own supervisor — who will act on my behalf if I become seriously ill, incapacitated, or die unexpectedly.
If such a situation occurs, my Clinical Executor will:
- Contact you to let you know I am no longer able to see you
- Offer to provide you with referral information to help you find another therapist if you wish
- Handle your records with the same level of confidentiality I would
- Securely destroy your records in accordance with this privacy policy, or retain them for the appropriate period if required
My Clinical Executor is bound by professional confidentiality and will only access the minimum information necessary to contact you and manage records appropriately. They will not read your therapy notes unless strictly necessary for record management purposes.
7. Who I share your data with
I take your confidentiality seriously and share your personal data only when necessary and appropriate.
Clinical supervisor
As explained above, I discuss my work in supervision using anonymised or pseudonymised case material only. Your name and identifying details are not shared with my supervisor.
External accountant
I use an external accountant to help manage my accounts. They have access to invoice data only (your name, dates of sessions, and amounts paid). They do not have access to any clinical information, session notes, or details about why you are attending therapy. My bookkeeper is bound by confidentiality obligations.
Third-party service providers
I use the following third-party services which may process some of your data:
- WebHealer — the platform my website is built on
- Zoom — for online therapy sessions (if we meet online)
- Google Meet — for online therapy sessions (if we meet online)
Each of these services is bound by a data processing agreement. Links to their privacy policies are available on request.
I never sell your personal data.
8. International data transfers
Some of the third-party services I use may transfer personal data outside the United Kingdom:
- WebHealer — WebHealer Ltd, UK (no international transfer)
- Zoom — Zoom Video Communications Inc, USA
- Google Meet — Google LLC, USA
The USA does not currently have a UK adequacy decision. Where data is transferred to the USA, I rely on Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) as appropriate safeguards, in accordance with UK GDPR Chapter V and the updated requirements of the Data (Use and Access) Act 2025.
You can request a copy of the relevant transfer safeguards by contacting me.
9. How long I keep your data
I retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law or professional guidelines.
| Type of record | Retention period | Reason |
|---|---|---|
| Therapy records (clinical notes, assessments, correspondence) | 7 years after our last session | In line with the Limitation Act 1980 and standard professional indemnity insurance requirements |
| Financial records (invoices, payment records) | 6 years | HMRC legal requirement |
| Website enquiries (if you contact me but do not become a client) | 12 months | Legitimate interest in responding to enquiries |
After the applicable retention period, records are securely destroyed. Electronic records are permanently and securely deleted.
10. Your rights under UK GDPR
You have the following rights regarding your personal data. I will respond to any request within one month.
Right to be informed You have the right to know how your data is being used. This privacy policy provides that information.
Right of access You can request a copy of the personal data I hold about you. This is known as a Subject Access Request (SAR). Under the Data (Use and Access) Act 2025, I will conduct a reasonable and proportionate search to locate your data.
Right to rectification If any information I hold about you is inaccurate or incomplete, you can ask me to correct it.
Right to erasure In certain circumstances, you can ask me to delete your personal data. However, this right does not apply where I am required to retain records in line with the Limitation Act 1980 and professional indemnity insurance requirements, or where retention is necessary for legal claims.
Right to restrict processing You can ask me to limit how I use your data in certain circumstances.
Right to data portability You can ask me to provide your data in a format that allows you to transfer it to another service provider.
Right to object You can object to certain types of processing, such as processing for direct marketing (which I do not carry out).
Rights related to automated decision-making You have the right not to be subject to decisions based solely on automated processing. I do not use automated decision-making in my practice.
To exercise any of these rights, please contact me at: info [at] mikeclementcounselling.co.uk
11. Data protection complaints — your right under the Data (Use and Access) Act 2025
You have the right to make a data protection complaint directly to me. If you are concerned about how I have handled your personal data, please let me know so I can address your concerns.
To submit a complaint:
- Visit https://mikeclementcounselling.policydiary.co.uk (Make a complaint tab)
- Or contact me at: info@mikeclementcounselling.co.uk
I will acknowledge your complaint promptly and aim to resolve it within 30 days.
If you are not satisfied with my response, you have the right to escalate your complaint to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Post: ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
12. Confidentiality exceptions
Everything you share with me in therapy is confidential. However, there are rare circumstances where I may need to share information without your consent:
- Risk of serious harm — if I believe there is a serious risk of harm to you or to another person
- Safeguarding concerns — if I become aware of concerns about the safety of a child or vulnerable adult
- Legal requirement — if I am ordered to disclose information by a court of law
- Prevention of terrorism — if required under the Terrorism Act 2000
In most circumstances, I will try to discuss this with you first and explain why I need to share information. The only exception would be if doing so would itself put someone at risk.
If I do need to break confidentiality, I will share only the minimum information necessary and only with the appropriate authorities.
13. Use of Artificial Intelligence (AI) Tools
As part of administrative and reflective practice, I use secure digital tools, including artificial intelligence (AI)-assisted software, to help organise, summarise, or structure session notes and practice-related material.
Where possible, identifying personal information is minimised or removed before such tools are used. AI tools are not used to make clinical decisions, provide autonomous therapy, or replace professional judgement, supervision, or ethical responsibility.
Any use of digital or cloud-based services is undertaken with consideration for confidentiality, data protection, and professional ethical obligations under UK GDPR and the BACP Ethical Framework.
14. Changes to this policy
I review this privacy policy annually and whenever my practices change. If I make significant changes that affect how I handle your personal data, I will inform you directly.
The date at the top of this policy shows when it was last updated.
Mike Clement Counselling Mr. Michael Clement info@mikeclementcounselling.co.uk ICO registration: ZA765347
