Privacy policy

Hope Counselling Therapies

Privacy Policy

Caring for Your Privacy

I want you to feel safe, respected, and fully informed when you work with me. This privacy notice explains how I collect, use, store, and protect your personal information in line with the UK GDPR and the guidance of the Information Commissioner’s Office (ICO).

I’ve written it in clear, everyday language so you can understand exactly what happens with your data.

Who I Am

I am Joanne Hosmer, a counsellor practising in the UK and owner of Hope Counselling Therapies.

I am the “data controller”, which means I am responsible for looking after your personal information.

You can contact me at:

Email: contact@hopecounsellingtherapies.co.uk

Phone: 07955097434

The Information I Collect

I collect only what I need to provide counselling safely and professionally. This may include:

  • Contact details — name, phone number, email address

  • Background information — anything you choose to share before or during sessions

  • Session notes — brief factual notes to support your therapeutic process

  • Administrative information — invoices, payment records, appointment history

  • Emergency contact details — if you choose to provide them

I do not record sessions, and I do not collect unnecessary data.

Why I Collect Your Information (Lawful Bases)

Under UK GDPR, I must have a lawful reason for using your data. My reasons are:

  • Contract — to provide counselling services you have requested

  • Legitimate interests — to run my practice safely and professionally (e.g., keeping basic notes)

  • Legal obligation — for accounting, tax records, or if I am required by law to share information

  • Vital interests — if I believe you or someone else is at serious risk of harm

I will always aim to discuss any concerns with you first unless doing so increases risk.

How Your Information Is Used

I use your information to:

  • Arrange and provide counselling sessions

  • Keep appropriate therapeutic notes

  • Communicate with you about appointments

  • Maintain accurate financial records

  • Ensure your safety and wellbeing

  • Meet professional and legal requirements

I do not use your data for marketing, profiling, or automated decision‑making.

How Your Information Is Stored

I take your privacy seriously. Your information is stored securely using:

  • Password‑protected digital systems

  • Encrypted devices

  • Secure cloud storage (if used)

  • Locked physical storage for any paper notes

I also use WriteUpp, a secure GDPR‑compliant practice management system, to store your contact details, appointment information, and session notes. WriteUpp acts as a data processor on my behalf and keeps your information encrypted and protected. Only I have access to your records within WriteUpp, and your data is never used for marketing or shared with third parties.

I use Gmail within Google Workspace to receive and send emails. This means that any information you share with me by email is processed and stored securely by Google, who act as a data processor on my behalf. Google Workspace uses encryption and strong security measures to protect your information, and only I have access to emails related to my counselling practice. Your email data is never used for marketing or shared with third parties.

Only I have access to your information across all systems.

How Long I Keep Your Information

To meet professional and legal standards:

  • Session notes are kept for 7 years after our work ends

  • Financial records are kept for 6 years for tax purposes

  • Contact details are deleted once they are no longer needed

After these periods, all data is securely destroyed.

Sharing Your Information

I keep your information private unless:

  • You ask me to share it

  • I am required by law (e.g., a court order)

  • I believe there is a serious risk of harm

  • My professional body requests information for ethical or legal reasons

  • I work with a supervisor (they will not know your full identity, and supervision is bound by confidentiality)

I will always try to discuss this with you first unless doing so increases risk.

Your Rights Under UK GDPR

Right to Erasure (Deleting Your Information) You can ask me to delete your information, and I will do so wherever possible. Some records, such as session notes or financial information, must be kept for legal, ethical, or safeguarding reasons, and in those cases I am not able to delete them. I will always explain this clearly if it applies. 

You also have the right to:

  • Access the information I hold about you

  • Ask me to correct inaccurate information

  • Ask me to limit how your information is used

  • Object to certain uses of your data

  • Request your data in a portable format

  • Complain to the ICO if you are unhappy with how your data is handled

You can exercise these rights by contacting me directly.

If You Have Concern

If you have a concern about how I handle your personal information, I want to hear from you.

How To Raise a Concern 

You can contact me by the contact details in this notice. Please describe your concern as clearly as you can, and include any relevant dates or details. 

What Happens Next

If you remain dissatisfied I will acknowledge your complaint within 30 days of receiving it. I will then look into your concern and respond to you without undue delay.

If you prefer to speak with someone else, you can contact the Information Commissioner’s Office (ICO):

Website: ico.org.uk

Phone: 0303 123 1113

Address: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Updates to This Notice

I may update this privacy notice occasionally. When I do, I will make the new version available and highlight any important changes.