top of page

Your Privacy Policy & GDPR Compliance

At PJB Counselling Service, protecting your privacy and the confidentiality of your personal data is paramount. This Privacy Policy outlines how I collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018, both in the context of your use of this website and when you engage with my counselling services.

​

1. Who I Am (Data Controller) Patrick J Breheny, trading as PJB Counselling Service, is the Data Controller responsible for your personal data. You can contact me via info@pjbtherapy.co.uk or 07774349531. My website is www.pjbcounsellingservice.co.uk.

​

2. What Information I Collect & How I Collect It I collect information that helps me provide effective and safe counselling services, as well as manage my practice.

  • Information You Provide Directly:

    • Contact/Enquiry Data: When you use my contact form, email me, or call me, I collect your name, email address, phone number, and any details you provide about your enquiry.

    • Initial Assessment/Intake Data: If you proceed to an initial consultation, I collect more detailed information relevant to your needs, including personal history, presenting issues, and health information.

    • Counselling Session Data: During sessions, I keep brief, factual records (clinical notes).

  • Information Collected Automatically (Website):

    • Usage Data: Like most websites, I collect information about how you interact with my site (e.g., pages visited, time spent, device type, IP address). This is typically done via tools like Google Analytics. This data is generally anonymised or aggregated.

    • Cookies: My website uses cookies (small text files on your device) to enhance functionality and analyse site usage. For full details, please refer to my separate [Link to Your Cookie Policy Page]Cookie Policy[/Link to Your Cookie Policy Page].

3. How I Use Your Information (Purposes of Processing) I use your personal data for the following purposes:

  • To respond to your enquiries and provide information about my services.

  • To assess your suitability for counselling and to deliver effective and safe therapeutic services.

  • To maintain accurate client records for clinical and administrative purposes.

  • To fulfil my legal, ethical, and professional obligations (e.g., BACP/NCPS ethical frameworks).

  • To manage my business operations (e.g., scheduling, billing, invoicing).

  • To improve my website and services based on aggregated usage data (website analytics).

4. Legal Basis for Processing (GDPR) I process your personal data based on the following legal grounds:

  • Contract: To fulfil my contractual obligations to you when you engage in counselling services.

  • Legitimate Interests: Where processing is necessary for my legitimate interests as a counselling practice (e.g., responding to enquiries, managing my business effectively, ensuring service quality), provided these interests do not override your rights.

  • Legal Obligation: To comply with legal or regulatory requirements (e.g., record-keeping, safeguarding).

  • Consent: Where explicit consent is obtained for specific purposes, particularly for processing special category data (health data) for counselling purposes, and for non-essential cookies. You have the right to withdraw consent at any time.

5. How I Store & Protect Your Information I am committed to ensuring the security of your data.

  • Security Measures: I implement robust technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. This includes: password protection, encryption, secure cloud storage, locked physical files, secure online booking systems, anonymisation where possible.

  • Confidentiality: All counselling sessions are held in strict confidence, as per my professional ethical guidelines. Clinical notes are anonymised where possible and stored securely.

  • Data Processors: I may use third-party service providers (e.g., website host, online booking system, secure video conferencing platform) who process data on my behalf. I ensure these providers are also GDPR compliant and have appropriate security measures in place.

6. How Long I Keep Your Information (Data Retention) I retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, ethical, accounting, or reporting requirements.

  • Counselling Records: Records are generally kept for 7 years after the termination of therapy and then securely destroyed.

  • Clients Under 18: For clients under 18, records are kept for 7 years after the child turns 18.

  • Exceptions: There may be exceptions where records need to be kept longer (e.g., ongoing legal processes, ethical body requirements for a specific complaint).

  • Website Data: Website usage data (e.g., Google Analytics) is retained for Google Analytics for 50 months or as long as necessary for analytical purposes.

7. Who I Share Your Information With I will only share your information in specific, limited circumstances:

  • Supervision: I discuss my client work with a qualified supervisor, which is a professional requirement. Client identity is always anonymised to protect your confidentiality.

  • Legal/Ethical Obligation: If legally required or if there is a serious safeguarding concern (e.g., risk of harm to self or others), I may have a duty to break confidentiality. This would always be discussed with you first, where possible.

  • Third-Party Service Providers: As mentioned above, data processors (e.g., website host, booking system) process data on my behalf under strict data processing agreements.

8. Your Rights Under GDPR Under GDPR, you have significant rights regarding your personal data:

  • Right to Be Informed: To know how your data is used (which this policy aims to do).

  • Right of Access (Subject Access Request): To request a copy of the information I hold about you. This will be facilitated by making a formal request.

  • Right to Rectification: To have inaccurate data corrected.

  • Right to Erasure (Right to be Forgotten): To request that your data be deleted. However, there are exceptions, particularly regarding legally or ethically required counselling records.

  • Right to Restrict Processing: To limit how your data is used in certain circumstances.

  • Right to Data Portability: To receive your data in a structured, commonly used format.

  • Right to Object: To object to processing based on legitimate interests or direct marketing.

  • Rights in Relation to Automated Decision Making and Profiling:

To exercise any of these rights, please contact me directly at info@pjbtherapy.co.uk.

​

9. How to Complain If you have concerns about how your data is handled, please contact me in the first instance so I can address your concerns. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues:

Information Commissioner's Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: www.ico.org.uk

​

10. Changes to This Privacy Policy I may update this Privacy Policy from time to time to reflect changes in my practices or legal requirements. The most current version will always be posted on my website.

Last Updated: June 30, 2025

  • Facebook
  • Twitter
  • Instagram

​© 2020 - 2024 PJB Counselling Services

British Association for Counselling and Psychotherapy logo
bottom of page