background image
28th March 2024 

Privacy Policy

Sarah Boylan is committed to complying with the terms of the General Data Protection Regulation (GDPR) and to the responsible and secure use of your data. With this comes a legitimate interest in processing personal data to provide Counselling services.

The purpose of this statement is to let you know what personal information Sarah Boylan collects and holds, why this data is collected, how long it is stored for and your rights over your personal data.

Sarah Boylan is registered with the Information Commissioner's Office (ICO) and abides by the British Association for Counselling and Psychotherapy (BACP) Ethical Framework.



Will this website collect my data?
    If you choose to contact me using the link on this site, an email will be sent directly to me. The contact form will capture your name, email address and the IP address of the computer you have used to make the enquiry. The email will also include any information you have shared with me at that time. The website provider will only retain the information until they are satisfied your email has been successfully delivered to me. At that point it will be deleted. No cookies are captured.
Lawful basis for holding processing your personal information
  • The Client gives consent for contact information to be held in order for me to communicate with them between sessions.
  • Session information is held that is in the legitimate interest of the Client to ensure safe, ethical monitoring and therapeutic processing of the work.
  • Sharing information with a GP, or similar professional, is only done when it is in the vital interest of the Client to protect their life or well-being.
Data held
  • Name, email address, telephone number, address, GP, another relevant agency working with the Client (such as social worker, community mental health team etc.) or specific individual as requested by the Client.
  • Personal / medical history deemed of relevance by the Client.
  • Session and process notes which are identifiable only by a reference code.
Where does the information the Counsellor holds come from?
  • All information is given to me directly by the Client, verbally or in writing. If information were to be provided by a third party it would be with the Client's consent only.
  • If the Client uses an online contact form (such as the one on this website) the information they supply will come via that forum.
How does the Counsellor seek consent and communicate about privacy?
  • Clients are provided with privacy information verbally, with key details in writing, during the initial consultation and contracting process.
  • Consent is requested as part of the contracting process for both face to face and online work.
  • Written copies of this full policy are provided on request and are available via my website.
Who does the Counsellor share information with?
  • The Client’s data will be used only to provide them with my services and to give them information relating to my services. Their data is not used other than for that which they have agreed.
  • In the event of my death, or severe incapacitation, information will be shared with my clinical executors for the sole purpose of informing and supporting the Client in a safe and professional manner, in line with ethical practice.
  • Non-identifiable information regarding the process of my work is shared with my supervisor.
  • As stated in the Counselling contract, I will share information with the GP, or other agency or individual identified by the Client, only if I am concerned for the Client’s immediate well-being, or that of someone else. Where possible, I will discuss this with the Client in advance.
  • Any disclosure is made honouring the 1997 Caldicott Principles.
  • With a Client’s express written request, I may provide them with written evidence of the broad fact of their attendance for their personal use.
  • I will be required to provide information to the Police, Child Protection Officer or Courts in the event of a legal requirement - specifically Subpoena, or disclosure of drug trafficking, money laundering, terrorism or current child abuse.
How does the Counsellor seek, obtain and record content?
  • My website, Counselling Directory, BACP Directory and Psychology Today which provide contact links to my website.
  • Clients phone me directly and this leaves a number on my telephone.
  • I hold active Client telephone numbers on my telephone which has a security code access. The Client telephone numbers are anonymised by a reference code and initials.
  • Emails are sent by Clients to my work email address which is held on my home PC and telephone. All are protected with a security access code. These are deleted when the information is dealt with.
  • I take written details at the time of the first consultation and make handwritten notes following each session.
  • Changes to information are made if a Client informs me of changes of contact or GP.
  • Clients are entitled to withdraw their consent to my holding their information at any time.
Why does the Counsellor hold a Client’s data?
  • For contacting a Client for the purposes of our work.
  • For contacting the Client’s GP, or relevant other, with their written consent.
  • To record session notes to allow for accountability and monitoring of the work by me according to ethical practice.
Where does the Counsellor hold information?
  • Written information is kept in a locked filing cabinet.
  • Information with identifiable details is kept locked separately from session or process notes.
  • Written information is held for 7 years after the cessation of the Counselling relationship unless there is a mutually agreed decision to retain it for longer if I believe it to be in my best professional interest to do so.
  • Any information not required to be held (e.g. an enquiry that does not move forward to an appointment) is shredded.
  • Phone numbers with anonymised reference and initials are held in a password protected phone.
  • Emails are held in a password protected account on a password protected PC and held until the information has been recorded elsewhere.
  • Video and internet based telephone calls are made using an end to end encrypted platform (Zoom) unless the Client refuses these options and assumes responsibility for securing their data accordingly.
How does the Counsellor respond to requests for data?
  • Clients are entitled to see their own notes and any data regarding them that I keep. Requests should be made by writing and I can then provide a Client access to see their notes in my presence if requested. I have up to 30 days to respond to the request.
  • Clients are entitled to withdraw their consent at any time by notifying me in writing.
  • Any concerns about the use of the Client’s data should be addressed with me in the first instance, and if the concerns of data usage cannot be resolved satisfactorily, then Clients may choose to lodge a complaint with the ICO or with my professional body, BACP.
  • A request from an outside agency will be discussed with the Client where legally appropriate. I would only provide confirmation of a Client’s attendance and only with their written consent unless required by law to do otherwise.
  • In the event of further information being Subpoenaed I reserve the right to provide redacted notes to ensure only relevant and factual information is shared.
Security and detection of data breaches
    • Communications in connection with this service may be sent by email. Emails are not encrypted and are therefore not a fully secure means of communication. Whilst I endeavour to keep my systems and communications protected against viruses and other harmful effects using security software, I cannot bear responsibility for all communications being virus-free.
    • A data breach could occur in the event of the hacking of my telephone or email system or a forcible break-in to my locked records.
    • In the event of this happening I will inform all affected Clients within 3 days and also what action I have taken.

      October 2020