1. How I (Ashleigh Cormack) use your personal data
I’m committed to protecting your personal data. I collect data in the following ways:
At referral I collect non-sensitive personal data including your name, contact details, date of birth and GP details. I will use your non-sensitive personal data to (i) register you as a new client, (ii) manage payment, (iii) to manage my relationship with you.
I also collect sensitive data: session notes and assessment information. I will use your personal data for the purposes of providing a service to you or if I need to comply with a legal obligation. Non –sensitive and sensitive personal data will be kept in the strictest confidence and I will not pass information to anyone else unless:
•You give express consent to disclose information
•You or I believe you or a third -party are in clear and present danger.
In all cases, where possible, you will be encouraged to pass the information on yourself.
In line with professional requirements, I might discuss sessions with my counselling/ coaching supervisor. In this process your anonymity is maintained. My legal grounds for processing your data are in relation to points (i) to (iii) above and are for the performance of a contract with you. I will not share your details with third parties for marketing purposes.
2. Disclosure of your personal data
I may have to share your personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers, auditors and insurers (iii) HMRC and other regulatory authorities (iv) to fulfil my contract with you.
I require all of these third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on my instructions.
3. Data security
I have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. I have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where I’m legally required to do so. In certain circumstances you can ask me to delete your data. See the section entitled ‘your rights’ below for more information.
What lengths are made to ensure my information is held securely?
Hardcopy documents – Are all stored in a locked cabinet.
Text messages – My work phone is secured with a pin code.
Emails – My email account requires a user name and password.
Email attachments – Any sensitive information sent by email to you will be password protected and the password will be sent to you via text message.
Electronic documents – Any electronic documents e.g. a letter to your GP are stored on a password protected computer.
4. Data retention
I will only keep your personal data for as long as is necessary to fulfil the purposes for which I collected it. I may retain your data to satisfy any legal, accounting, or reporting requirements so for example I need to keep certain information about you for 7 years after you cease to be a client for legal purposes. You have the right to ask me to delete the personal data I hold about you in certain circumstances. See section 5 below.
5. Your rights
You are able to exercise certain rights in relation to your personal data that I process. These are set out in more detail at
In relation to a Subject Access Right request, you may request that I inform you of the data I hold about you and how I process it. I will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case I may charge a reasonable fee or decline to respond. I will, in most cases, reply within one month of the date of the request unless your request is complex, or you have made a large number of requests in which case I will notify you of any delay and will in any event reply within 3 months. If you wish to make a Subject Access Request, please send the request to firstname.lastname@example.org
6.Keeping your data up to date
I have a duty to keep your personal data up to date. I will from time to time contact you to check that your personal data is up to date. If there are any changes to your personal data (such as a change of address) please let me know as soon as possible by in person or via e-mail.
I’m committed to protecting your personal data but if for some reason you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I should be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.