Thrive in Wellbeing Counselling | Mentoring | Supervision
Book a Consultation

Policy

Data Protection and Privacy Policy

A clear summary of how Thrive in Wellbeing handles confidential information, protects personal data, and responds when information must be shared or secured.

Policy Details

Version
1
Last reviewed
April 2026
Next review
April 2027

Contact About This Policy

Counselling and wellbeing services

Claremount House, High Street, Lydney, GL15 5DX

07369 279950

jane.tillings@btinternet.com

Policy content

Policy Principles

Data protection, privacy, and information risk can take many forms and may not always be easy to identify. Thrive in Wellbeing treats these risks seriously and handles personal information in line with data protection law and professional responsibilities.

Any personal information held by the practice is treated as confidential and is not shared unless consent has been given or there is a lawful reason to do so. Information is collected so therapists can work safely, ethically, and maintain appropriate session records.

Personal and Sensitive Information

Personal and sensitive information includes anything held in a professional capacity that could identify an individual, such as a name, date of birth, address, NHS number, or combinations of data that may reveal identity.

Sensitive information can include racial or ethnic origin, political opinions, religious beliefs, physical or mental health information, sexual life, alleged or committed offences, financial information, commercial information, and security arrangements. If this information is lost, misdirected, or used inappropriately, it can have a serious impact on the individual concerned.

Counselling and Wellbeing Support

Everyone has the right to privacy and confidential treatment without others knowing they are receiving counselling, psychotherapy, or wellbeing support. Counsellors, affiliates, and support workers may encourage clients to seek additional help where appropriate, but that is not always safe or suitable in every situation.

Confidentiality is central to building a safe therapeutic relationship. At the start of therapy, clients are given a contract that explains confidentiality and any associated risks. This is discussed, agreed, and signed before work begins, and relevant assessment measures are completed where risk needs to be highlighted.

When Information May Be Shared

There are limited situations in which information may need to be shared without consent. These include serious risk of harm to self or others, reports of abuse, criminal matters such as terrorism, drug trafficking, proceeds of crime, or fraud, and where counselling information is lawfully required by a court or subpoena.

Whenever possible, consent will still be sought before sharing information. If information must be shared, only material that is necessary and relevant to the concern will be disclosed.

  • Serious risk of harm to self or others
  • Reports or concerns involving abuse
  • Criminal matters including terrorism, fraud, or proceeds of crime
  • Lawful court or subpoena requirements

Information Sharing and Data Security

Any communication containing confidential or personally identifiable information, such as names, addresses, or dates of birth, is sent only through secure and encrypted email methods.

Client records are stored only with permission gained through the contracting process. Feedback and evaluation material is stored against referral or case numbers where possible to protect identity.

Storage and Access

Files are stored securely and are accessible only to authorised administrative personnel. Data systems use two-step authentication where available and information is archived when clients are no longer engaging with services.

Under the Data Protection Act, clients may request access to their counselling records in writing through the Clinical Director or Safeguard Lead.

Basic Data Protection Guidance

Staff and practitioners must take care to confirm the identity of the person they are communicating with before discussing any personal data.

Personal information should never be disclosed in order to establish identity. Instead, the individual should be asked to confirm information already held, such as an address or other agreed detail.

Data Breach Incident Management

Any data breach, in any form, must be reported to Jane Tillings, Director of Thrive in Wellbeing. Reporting a breach will trigger an investigation into the information that has been lost, exposed, or mishandled.

Storage and Disposal of Information

All material containing identifiable or confidential information must be kept secure at all times. Electronic identifiable data must only be stored on devices that have appropriate security measures in place.

Encrypted email is used for referrals, and information must be received through a secure, password-protected source and destroyed once it has been safely received and processed.

Breach of Policy

Failure to manage information securely places Thrive in Wellbeing at risk of breaching data protection law. Everyone is responsible for the safety and security of the information they process.

Failure to comply with this policy may lead to disciplinary action.