This website uses essential cookies to function securely. For more information, please see our Privacy Policy.
I am Amy Gordon, a BACP-registered counsellor offering in-person counselling in Rochester/Gravesend, Kent, and online across the UK and some European countries. I’m the data controller for any personal information you share with me. I’m registered with the Information Commissioner’s Office (ICO).
My Commitment to Your Privacy
Your privacy is important to me. I keep your personal information safe, confidential, and only use it for the purposes it was given. I comply with the the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This policy explains:
- What personal information I collect and why
- How I store and protect it
- Who I might share it with (and why)
- How long I keep your information
- Your rights under data protection law
Depending on where you are in the therapy process, I may collect:
- Name, date of birth, and contact details
- Address and GP information
- Medical and mental health history
- Emergency contact details/next of kin
- Family background and life history
- Session notes and therapy goals
- Referral information (if applicable)
I only collect what’s necessary to provide you with effective and safe counselling sessions.
Most of the data I hold comes directly from you — usually during our first contact, your intake form, or in our counselling sessions. Sometimes I may receive information from a third party, such as a GP or referrer, with your consent.
Under UK GDPR, I must have a lawful basis to process your data. These are:
- Contract: To deliver counselling services you’ve requested and outline terms of counselling.
- Legitimate interests: For safe record-keeping and ethical practice when providing therapy.
- Legal obligation: If I’m required to disclose information (e.g. court order).
- Consent: For storing and processing sensitive data (like health-related information).
For special category data (e.g. health information), the lawful basis is that it is necessary for health care provision under a contract between us.
I use your information to:
- Provide counselling and communicate with you
- Keep records required by my professional body (BACP) and insurers
- Maintain safety and comply with the law
Your data is never sold or used for marketing.
If you attend counselling online, we will meet via Google meet, which provides end-to-end encryption to protect our conversations. I do not record sessions or store them digitally. You are responsible for ensuring your own environment is private and secure at your end during online sessions.
Everything you share in counselling is confidential. The only exceptions are:
- Supervision: I discuss client work anonymously with a qualified supervisor to maintain safe and ethical practice.
- Risk: If I believe you or someone else is at serious risk of harm, I may contact your GP, emergency services, or safeguarding teams.
- Legal obligations: I must report disclosures related to terrorism, money laundering, or drug/human trafficking.
- Court orders: I may be legally required to provide information to a court.
I take data security seriously:
- Electronic records are stored on encrypted, password-protected devices and cloud systems.
- Written notes are kept securely in locked storage.
- Only I have access to your data.
- Emails and texts are deleted after no longer being relevant (usually within 3 months). If content is important, it’s saved in your counselling record.
Clinical Notes & Intake Forms: I retain your session notes, any assessment notes, and intake forms for a period of 7 years following our final counseling session. This timeframe is determined by my professional insurance requirements and the guidelines of my professional body (BACP) and UK legal limitation windows.
Contact Information & Communications:
Prospective Client Inquiries: If you contact me to inquire about therapy but do not proceed to book an initial appointment, your contact details and communication will be securely deleted after 6 months.
Administrative Communications: Emails, text messages, or phone logs relating to scheduling and administration for active clients will be securely deleted 1 year after our therapeutic relationship has officially concluded.
Clinical Communications: Any electronic correspondence that contains significant clinical information or updates regarding your mental health will be treated as part of your core clinical record and retained securely for 7 years.
Financial Records: Invoices and payment receipts are kept for 6 years to comply with HMRC tax obligations.
Secure Destruction: Once these periods expire, all digital records are permanently deleted using secure wiping software, and physical documents are securely shredded.
Your Rights
You have the right to:
- Ask what data I hold about you
- Request a copy of your data (free of charge)
- Correct inaccurate or incomplete information
- Withdraw consent (where applicable)
- Request that I delete or stop processing your data (unless I must retain it legally)
- Lodge a complaint with the ICO
To make a request, contact me directly. I will respond to you within 30 days of you making such a request.
Website Visitors
No personal data is collected automatically when you visit the site.
Cookies and Website Tracking My website is a basic information site which uses "essential cookies" (small text files placed on your device) which are strictly necessary to allow the website to load safely, function securely, and display information correctly.
Because these cookies do not track your personal behavior across the internet, build a profile of you, or pass your data to third-party advertisers, they are active by default under UK data protection law. You can restrict or block these cookies at any time through your internet browser’s settings, though doing so may cause some parts of the website to stop functioning properly.
Contact Information & Communications:
Prospective Client Inquiries: If you contact me to inquire about therapy but do not proceed to book an initial appointment, your contact details and communication will be securely deleted after 6 months.
Administrative Communications: Emails, text messages, or phone logs relating to scheduling and administration for active clients will be securely deleted 1 year after our therapeutic relationship has officially concluded.
If we do begin working together, your information will be retained and stored securely as part of your counselling record (outlined above).
In line with the June 2026 updates to UK GDPR please be aware that If you have any questions, concerns, or complaints about how I collect, use, store, or protect your personal information, you can contact me directly at: purplepoppycounselling@gmail.com.
I take data privacy very seriously and will formally acknowledge your complaint within 30 days of receipt. I will thoroughly investigate the matter and provide you with a full response and outcome without undue delay. If you remain unsatisfied with my response, or believe your data rights have been infringed, you retain the right to escalate your complaint to the Information Commission’s Office (ICO). You can contact the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint
Or by calling 0303 123 1113
I regularly review my policies and will update this page with any further changes as required.