Privacy Notice

Privacy Notice

Kay Parkinson  |  Place to Talk Therapies

Version 2.0   ·   Last reviewed: 1st June 2026   ·   Next review: 1st June 2027

This notice explains how I collect, use, store and protect your personal information when you come to me for counselling, from your first point of contact through to after therapy has ended. I hold your trust as something to be honoured, and protecting what you share with me is central to how I work. Please read this alongside our counselling agreement.

I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003. I also follow the ethical guidance on client privacy and confidentiality set by the British Association for Counselling and Psychotherapy (BACP) and the Association of Christian Counsellors (ACC).

Who I am

Counsellor: Kay Parkinson

Trading as: Place to Talk Therapies

Contact: admin@place2talk.co.uk  /  07858 984519

ICO registration number: ZB600929

I am the data controller for the information I hold about you. This means I am the person responsible for deciding how your personal data is collected, stored and used. I am a registered member of the BACP and the ACC, and I work within their codes of ethics.

What information I collect

To work with you safely and ethically, I may collect:

  • Identifying details: your name, date of birth, address, telephone number and email.
  • Emergency and next of kin contact details, and your GP details where relevant.
  • Health information relevant to our work, including mental and physical health history, medication and any risk concerns.
  • Notes I make about our sessions, including themes discussed and our agreed focus.
  • Records of appointments, attendance and any payments made.

Some of this is special category data, meaning it is given particular protection under data protection law because of its sensitive nature.

Why I collect it and my lawful basis

Under UK GDPR I must have a lawful basis for processing your information, and the basis I rely on depends on the stage of our work:

  • Considering or receiving therapy: I process your data because it is necessary for the performance of our contract, to arrange, cancel and rearrange appointments and to provide the service we have agreed.
  • After therapy has ended: I rely on legitimate interests to keep accurate records responsibly and to meet my professional and insurance obligations.
  • Legal obligation: where I am required by law to disclose information, for example a court order.

For health and other special category data, I additionally rely on the basis of provision of health treatment, being the therapy itself, and on substantial public interest where there is a serious risk of harm. There may be rare occasions where I rely on your explicit consent, and I will tell you clearly if that is the case.

How I use your information

I will never use your personal data for any purpose other than the administration of the therapy service I provide to you. I retain your information only for as long as is necessary, in line with guidance from the Information Commissioner’s Office.

Initial contact

When you contact me to book your first appointment, I collect brief information to process your enquiry. This includes your name, so I can record the appointment, and a contact method such as an email address or phone number, so I can reach you if I am unable to attend due to unforeseen circumstances. Alternatively, an organisation such as your employer may send me your details when making a referral, or a relative may give me your details when enquiring on your behalf. If an enquiry is made and you decide not to proceed, I will ensure all your personal data is deleted within one month, or sooner if you ask.

While you are accessing therapy

Your email address or telephone number will be used to confirm appointment times where you have consented to this, and only to contact you about appointments, unless we have agreed that I may also email you information relevant to your sessions.

Before your first appointment, I will ask you to complete a ‘new client intake form’ which collects personal details including your name, address, date of birth, contact information and your GP details, as well as other details relevant to help me work with you. The form is stored on the Kiku practice management system (or a comparable alternative), which is subject to UK GDPR. I will not routinely contact your GP to inform them of your attendance, as your attendance is confidential. To fulfil my duty of care towards you while maintaining your confidentiality, I will only contact your GP where it is necessary, and wherever possible I will discuss this with you first.

I keep brief notes of our sessions to support our work together and to help me keep track of what we are working on. These notes are for my use only, do not contain personal details that could identify you, and are stored securely in a password-protected file that only I can access. Your session notes are kept separately from the personal details held on Kiku.

After therapy has ended

Counsellors are required to keep certain records after therapy ends. For financial transactions, information must be retained for as long as legally required for tax and accounting purposes. Retaining your session notes also means I can continue to offer an efficient service should you contact me again. Your session notes contain no identifying personal details and remain stored securely in a password-protected file for seven years, in line with current industry guidance. Where a client is under 18, records are kept until their 25th birthday.

The personal details you provided on Kiku are confidentially deleted when your therapy ends. I keep a record of your name, date of birth and a client reference number for seven years after therapy ends. This reference number corresponds to the one on your anonymised session notes, allowing me to identify those notes if necessary.

Online and telephone sessions

Where we meet online or by telephone, I use Microsoft Teams or Zoom, and if these fail I may use WhatsApp video. These platforms provide end to end encryption where available. Please be aware that no online platform can be guaranteed entirely secure, and I ask you to take part from a private space where you will not be overheard. I do not record sessions unless we have both agreed this in writing beforehand, and I ask that you do not record sessions unless we have agreed to this for a specific purpose.

Who I share your information with

I treat confidentiality as a matter of professional honour, and I will not share your information without good reason. There are limited circumstances in which I may need to:

  • Clinical supervision: I discuss my work in supervision, as required by BACP. This is done without identifying you, and my supervisor is a counsellor bound by the same duty of confidentiality.
  • Risk of serious harm: if you disclose abuse or neglect of a child or vulnerable adult, or say something that implies serious harm to yourself or others, I may need to share information to keep people safe. Wherever possible I will discuss this with you first, unless safeguarding concerns prevent it.
  • Legal requirements: where I am compelled by law, for example certain safeguarding duties, terrorism legislation or a court order.

I also share a limited amount of personal data with trusted third parties in order to run the service and meet my legal obligations.

All enquiries come directly to me. Where appropriate, I allocate your care to one of my associate counsellors. Each is a qualified practitioner who is insured, registered or accredited with the BACP, and holds both DBS and ICO registration. Each works as an independent practitioner with their own clinical supervision, and each is bound by the same duty of confidentiality and the BACP code of ethics that I hold myself to. Where your care is allocated in this way, I share with the counsellor only the information they need to provide your therapy. From that point, your counsellor becomes the data controller for the information they hold about you and is responsible for it under their own privacy notice, which they will provide to you.

My accountant has access to my invoices for tax and accounting purposes. Where I contract a supplier to carry out a task, I select them carefully and require that they use your information only for that task. If your appointments are paid for or arranged by a third party, such as your employer, the only information shared is your session dates regardless of attendance or non-attendance, for invoicing. What is discussed in your sessions remains confidential and is shared only with your written consent. I will never pass your contact details to any third party for sales, marketing or research.

Data security

I take the security of your data seriously. My email account is password protected, and the devices used to respond to your emails are password protected and run anti-virus software. Email correspondence is deleted within one month unless it is necessary to keep it, in which case it is stored securely in a password-protected file that only I can access.

Website visitors

By accessing the website you consent to the information practices described in this notice. If you contact me using the website contact form, none of the data you supply is stored by the website or passed to third party data processors. Instead it is collated into an email and sent to me using the Simple Mail Transfer Protocol (SMTP). SMTP servers are protected by TLS (sometimes known as SSL), meaning the content is encrypted before being sent across the internet and decrypted by local devices.

The website uses cookies and Google Analytics. Cookies are small files placed on your device by websites as you browse, and they can store information that has privacy implications. Google Analytics gathers anonymous data on how people use the site and provides visitor statistics such as page views, which helps me improve the website.

Some page elements are embedded from trusted third parties to provide interactive maps, including Google Maps, and most come with their own cookies. I do not control these cookies and cannot guarantee what they do. In many cases they generate similar information to Google Analytics and use it, so opting out of Google Analytics will also opt you out of these.

You can opt out of Google Analytics and other Google services here: http://tools.google.com/dlpage/gaoptout and

https://myaccount.google.com/data-and-privacy.

Your rights

You have rights over the information I hold about you. You can:

  • Ask to see the information I hold (a subject access request).
  • Ask me to correct anything inaccurate.
  • Ask me to delete information, though I may need to keep some for legal or insurance reasons.
  • Object to or ask me to restrict certain processing in some circumstances.
  • Withdraw consent where consent is the basis I am relying on.

You can read more about your rights at https://ico.org.uk/your-data-matters.

To make a request, please put it in writing to admin@place2talk.co.uk. Please be aware that in certain situations I may be unable to comply, for example if I am compelled to retain records by a court of law, and that a charge may apply where a request is judged to be excessive. I will respond within one month.

Complaints

If you are unhappy with how I have handled your information, please speak to me first so I can put things right. Raising a concern is never something to feel ashamed of, and you will be treated with respect. You also have the right to complain to the Information Commissioner’s Office (ICO), the statutory body that oversees data protection in the UK, at ico.org.uk/make-a-complaint or on 0303 123 1113. A separate complaints policy covers concerns about the counselling itself.

Changes to this notice

I review this notice regularly and will tell you if anything significant changes. Please check occasionally for updates. This version was last reviewed on 1st June 2026.