Privacy Policy

This Privacy Policy explains how Rowena, trading as Safar Counselling (“I”, “me”, “my”), collects, uses, stores, and protects your personal data when you visit my website, book a session, or work with me. I take privacy and confidentiality seriously and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and the BACP Ethical Framework.

1. Who I am

Safar Counselling is operated by Rowena as a sole trader. I am a registered member of the British Association for Counselling and Psychotherapy (BACP), membership number 403740.

I am the data controller for the personal data I collect. You can contact me about this policy or any privacy matter at:

• Email: [email protected]

• Phone: 07879 648096

2. What personal data I collect

From the website and booking system

• Your name, email address, and phone number.

• Any notes or messages you send when booking or enquiring.

• Technical data such as IP address and browser information.

• Cookie data (see my Cookie Policy).

In the course of our work together

• Brief session notes I keep to support continuity of our work.

• Any personal information you choose to share with me during sessions.

• Information about your wellbeing, mental health, or life circumstances. This is special category data under UK GDPR and is treated with extra care.

• Records of payments and invoices.

3. Why I use your personal data and the lawful basis

To provide my services (Article 6(1)(b) - contract)

I use your contact details and booking information to arrange and deliver sessions, send confirmations and reminders, and manage payment.

To process health and wellbeing information (Article 9(2)(a) - explicit consent)

Where I keep notes about your wellbeing, mental health, or the issues we discuss in sessions, I rely on your explicit consent. I will explain this clearly when we begin working together. You can withdraw consent at any time, although doing so may affect my ability to continue providing therapy.

To meet legal and professional obligations (Article 6(1)(c) - legal obligation)

I keep records to comply with tax and accounting law and to meet the standards set by the BACP Ethical Framework.

To run my practice (Article 6(1)(f) - legitimate interests)

I rely on my legitimate interests to keep brief contact records, respond to enquiries, and run my practice professionally and safely. You can object to processing on this basis at any time.

4. Confidentiality and limits

Everything you share with me in sessions is held in strict confidence in line with the BACP Ethical Framework. There are limited circumstances where I may need to share information:

• If I believe there is a serious and imminent risk of harm to you or someone else.

• Where I am legally required to disclose information, for example by court order.

• Where safeguarding duties apply (for example, concerns about a child or vulnerable adult).

As part of professional practice, I attend regular clinical supervision. Cases may be discussed in supervision in an anonymised form. My supervisor is bound by the same duty of confidentiality.

Wherever possible, I will speak with you before sharing any information.

5. Cookies

My website uses cookies. Full details are set out in my Cookie Policy, which is available on my website.

6. Who I share your personal data with

I do not sell your personal data. I share it only where necessary with:

• My website and booking platform provider, Begin Group Ltd, who host my website and store contact and booking data on my behalf as my data processor under a written data processing agreement.

• Google, where sessions take place via Google Meet (Google acts as a separate controller for the meeting service itself).

• Zoom, where sessions take place via Zoom.

• My accountant or bookkeeper, where required.

• My clinical supervisor, in anonymised form.

• Regulators, law enforcement, or safeguarding authorities where required by law.

7. International transfers

Some of the providers I use (for example Google and Zoom) may process data outside the UK. Where this happens, I rely on the appropriate safeguards required by UK law, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

8. How long I keep your personal data

• Session notes and client records: typically 7 years from the end of our work together, in line with BACP guidance and insurance requirements.

• Booking and contact records for clients who did not go ahead with sessions: up to 24 months.

• Financial records (invoices, payments): 6 years, in line with HMRC requirements.

• Marketing records: until you unsubscribe or object.

9. How I keep your personal data secure

I take reasonable steps to keep your data secure. This includes using a GDPR-compliant platform with access controls, secure passwords, encryption in transit, and only using reputable, GDPR-compliant providers for video sessions and other tools. Paper notes, where used, are kept securely.

If a personal data breach happens that is likely to result in a risk to your rights and freedoms, I will notify the Information Commissioner’s Office (ICO) and, where required, you, without undue delay.

10. Your rights

Under the UK GDPR you have the following rights:

• The right to be informed about how I use your data.

• The right of access to the personal data I hold about you.

• The right to have inaccurate data corrected.

• The right to erasure in certain circumstances.

• The right to restrict processing.

• The right to data portability.

• The right to object to processing based on legitimate interests or direct marketing.

• The right to withdraw consent.

To exercise any of these rights, please email [email protected]. I will respond within one month.

11. Complaints

If you have a concern about how I handle your personal data, please contact me first at [email protected] so I can try to put it right.

You also have the right to complain to the Information Commissioner’s Office:

• Website: ico.org.uk

• Phone: 0303 123 1113

12. Children

My services are aimed at adults. Where I work with anyone under 18, I will only do so with appropriate parental or guardian consent and will discuss confidentiality and information sharing carefully at the start of our work.

13. Changes to this Privacy Policy

I may update this Privacy Policy from time to time. The latest version is available on my website. The effective date at the top shows when it was last updated.

14. Contact

Safar Counselling - Rowena

Email: [email protected]

Phone: 07879 648096

Website: safarcounselling.co.uk