top of page

Privacy Notice

Two Oaks Counselling Ltd.

Privacy Notice

Last updated: April 2026

Introduction

Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose for which it was given to me. I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

This privacy notice tells you what I will do with your personal information from the initial point of contact through to after your therapy has ended, including:

  • Why I am able to process your information and what purpose I am processing it for

  • Whether you have to provide it to me

  • How long I store it for

  • Whether there are other recipients of your personal information

  • Whether I intend to transfer it to another country

  • Whether I carry out any automated decision-making or profiling

  • Your data protection rights

I am happy to discuss any questions you may have about this notice. Please contact me via email at emma@twooakscounselling.co.uk or by phone on 07586 957744.

Data Controller

The ‘data controller’ is the person or organisation that collects, stores, and has responsibility for people’s personal data. In this instance, the data controller is me, Emma Sims, trading as Two Oaks Counselling Ltd.

I am registered with the Information Commissioner’s Office (ICO). ICO Registration Number: ZC122370

Postal address: Mansfield, Nottinghamshire

Telephone: 07586 957744

Email: emma@twooakscounselling.co.uk

My Lawful Basis for Holding and Using Your Personal Information

The UK GDPR requires me to have a lawful basis for processing your personal data. The lawful basis depends on the stage of our relationship:

During initial enquiry and active therapy: I will process your personal data where it is necessary for the performance of our contract for counselling services.

After therapy has ended: I will use legitimate interest as my lawful basis for retaining your records, primarily to defend against potential legal claims.

Special category data: Counselling often involves sensitive personal information (known as ‘special category data’ under UK GDPR, such as health information, mental health, or details about your personal life). The lawful basis for processing any special category personal information is that it is necessary for the provision of counselling treatment and is carried out under a contract with me as a counselling professional, and for the purposes of providing health care. I will then retain records after therapy ends on the basis of defending against potential legal claims.

How I Use Your Information

Initial Contact

When you contact me with an enquiry about counselling, I will collect information to help respond to your enquiry. This will include your name, contact details, and any relevant background information you choose to share. Alternatively, a GP or other health professional may send me your details as part of a referral, or a trusted person may contact me on your behalf.

If you decide not to proceed with counselling, I will securely delete your personal data within 30 days of our last contact. If you would like me to delete it sooner, please let me know.

While You Are Accessing Counselling

What you share with me is treated as confidential. That confidentiality will only be broken in the following circumstances: if I believe there is a risk to your life or the life of another person; if there is a safeguarding concern involving a child or vulnerable adult; or if I am required to disclose information by a court order or other legal requirement. I will always try to discuss this with you first, unless doing so would put you or others at risk.

I will keep a record of your personal details to allow our sessions to run effectively. These are stored securely on encrypted digital devices and are not shared with any third party except as described in this notice.

I keep brief session notes which are stored securely in password-protected digital systems with multi-factor authentication. Access is restricted to me alone.

For security reasons, I do not retain text messages or emails beyond 3 months unless they contain information relevant to our work. Where relevant content is identified, it will be summarised within my session notes and the original message deleted.

After Counselling Has Ended

Once our counselling work has ended, your records will be retained for 7 years from the date of our last contact, in line with standard practice guidance and insurance requirements. After this period, all records will be securely and permanently destroyed. If you would like me to delete your information sooner, please contact me to discuss this.

Third Party Recipients of Personal Data

I take great care when sharing your personal data with any third party. Where I do work with external organisations that process data on my behalf, I ensure that appropriate data processing agreements are in place and that they only use your information for the specific purpose for which it was shared.

Clinical Supervisor: As required by the ethical framework of the British Association for Counselling and Psychotherapy (BACP), I receive regular clinical supervision to maintain the quality of my practice. I may discuss aspects of our work in supervision. I will use only the minimum information necessary, and will anonymise details wherever possible. My supervisor is bound by their own professional confidentiality obligations.

Website: My website at www.twooakscounselling.co.uk may collect standard visitor information via a third-party analytics service. Cookie consent on my website is managed by Consentik. No personally identifiable information is collected without your knowledge. Please see the Cookies section of this notice for full details.

Digital storage: My session notes are stored digitally. I ensure that any cloud or device services I use have appropriate security measures and, where required, data processing agreements in place.

I do not sell, rent, or trade your personal information to any third party.

Your Rights

Under UK GDPR, you have a number of rights in relation to your personal data. You have the right to:

  • Request a copy of the personal information I hold about you (a Subject Access Request)

  • Ask me to correct any inaccuracies in the information I hold

  • Ask me to delete your personal information (the ‘right to erasure’), subject to any legal obligations I may have to retain it

  • Ask me to restrict how I use your information

  • Object to my processing of your personal information in certain circumstances

  • Withdraw your consent at any time, where consent is the basis for processing

 

To exercise any of these rights, please contact me in writing at emma@twooakscounselling.co.uk. I will respond within one month of receiving your request.

If you have any concerns about how I handle your personal data, please do not hesitate to raise them with me in the first instance. I would always welcome the opportunity to resolve any issue directly.

If you wish to make a formal complaint, you have the right to contact the Information Commissioner’s Office (ICO), which is the statutory body that oversees data protection law in the UK. Further information is available via the ICO website.

Data Security

 

I take the security of your personal data very seriously. The measures I have in place include:

  • All digital devices used to store client information are password-protected

  • Strong, unique passwords are used for all accounts, protected by two-factor authentication where available

  • Emails containing sensitive information are handled with care; I use a secure, business email account

  • Session notes are stored securely in line with the measures described above.

  • Paper records are never left unattended and are securely shredded when no longer required

  • In the event of a data breach, I will notify the ICO within 72 hours where required, and will inform affected individuals promptly

 
International Data Transfers

I do not routinely transfer your personal data outside the UK. If any digital services I use involve data being processed outside the UK, I will ensure that

appropriate safeguards are in place in accordance with UK GDPR requirements.

Automated Decision-Making and Profiling

I do not carry out any automated decision-making or profiling using your personal data.

Cookies and This Website

My website at www.twooakscounselling.co.uk uses cookies. Cookies are small text files placed on your device when you visit a website. They help the site function correctly and allow me to understand how visitors use the site so I can improve it.

Types of Cookies Used

• Essential cookies: These are necessary for the website to function and cannot be switched off. They are set in response to actions you take, such as filling in a contact form.

• Analytics cookies: These help me understand how visitors interact with my website, such as which pages are visited most often. This information is used to improve the site. These cookies are only set with your consent.

Cookie Consent

When you first visit my website, you will be shown a cookie consent banner provided through Wix, the platform on which my website is built. This uses a consent management tool to control which non-essential cookies are activated. You can choose to accept or decline non-essential cookies. Essential cookies remain active as they are required for the website to function. You can update your preferences at any time by clearing your browser cookies and revisiting the site.

Third-Party Cookies

My website is built on the Wix platform, which may set its own cookies as part of its standard operation. Wix uses a consent management tool (Consentik) to help identify and manage cookies, ensuring that non-essential cookies are only activated with your consent. I do not use cookies to collect any personally identifiable information about you without your knowledge.

If you have any questions about the cookies used on this website, please contact me at emma@twooakscounselling.co.uk.

Changes to This Privacy Notice

I may update this privacy notice from time to time. The current version will always be available on my website at www.twooakscounselling.co.uk and upon request. I will notify you of any significant changes.

 

Two Oaks Counselling Ltd  |  Emma Sims  |  BACP Member

Mansfield, Nottinghamshire  |  07586 957744  |  emma@twooakscounselling.co.uk

bottom of page