Privacy Policy

Peace and Minds Counselling Group UK

This Privacy Policy explains how Peace and Minds Counselling Group UK ("we", "us", "our") collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the ethical framework of the British Association for Counselling and Psychotherapy (BACP). This policy applies to adult clients only (18+).

1. Who We Are

Business Name: Peace and Minds Counselling Group UK
Business Address: 37 Scott Road, Bishop’s Stortford, Hertfordshire, CM23 3QL
Email: info@peaceandmindscounselling.co.uk

For the purposes of data protection law, Peace and Minds Counselling Group UK is the Data Controller.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • Adult clients (aged 18 and over)

  • Prospective clients making enquiries

  • Website visitors and social media contacts

We do not knowingly provide services to children or collect personal data relating to individuals under the age of 18.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

a. Personal Identification and Contact Data

  • Name

  • Email address

  • Telephone number

  • Billing address

b. Service and Booking Data

  • Appointment dates and times

  • Records of communications (emails, messages, booking confirmations)

  • Notes relating to service delivery

c. Special Category Data

As a counselling service, we process special category personal data, including information relating to mental health, emotional wellbeing, and therapeutic work. This information is treated as strictly confidential in line with BACP ethical standards.

d. Technical Data

  • IP address

  • Device, browser, and usage data (where cookies or analytics are in use)

4. How We Collect Your Data

We collect data when you:

  • Enquire about or book counselling services

  • Complete online forms or intake documentation

  • Communicate with us via email, phone, or social media (including Instagram)

  • Purchase services, bundles, or digital resources

5. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract: To provide counselling services you request

  • Legal obligation: To comply with legal, regulatory, or insurance requirements

  • Legitimate interests: For service administration, safeguarding, and business management

  • Explicit consent: For processing special category data and, where applicable, marketing communications

You may withdraw consent at any time, although this may affect our ability to provide services.

6. How We Use Your Personal Data

Your personal data is used to:

  • Provide counselling and therapeutic services

  • Manage bookings, cancellations, and payments

  • Communicate with you regarding appointments or changes

  • Maintain accurate clinical and administrative records

  • Meet ethical, professional, and legal obligations

7. Confidentiality and Ethical Practice (BACP)

All counselling work is confidential and conducted in line with the BACP Ethical Framework.

Confidentiality may only be broken without consent where:

  • There is a serious risk of harm to you or others

  • Disclosure is required by law or court order

  • Safeguarding concerns arise

Where possible, this will be discussed with you before any disclosure is made.

8. Data Storage and Security

We take appropriate technical and organisational measures to safeguard your data, including:

  • Secure digital storage systems

  • Password-protected devices and encrypted accounts

  • Restricted access to counselling records

Only authorised practitioners or administrators have access to confidential data.

9. Data Retention (BACP-Aligned)

We retain personal data in accordance with BACP guidance, professional indemnity insurance requirements, and legal obligations.

  • Counselling records and notes: Retained securely for 7 years after the end of therapy

  • Administrative and financial records: Retained for 6 years to meet HMRC requirements

  • Enquiry data where no therapy begins: Retained for up to 12 months, then securely deleted

After retention periods expire, data is securely deleted or destroyed.

10. Sharing Your Data and Third-Party Processors

We do not sell your personal data.

We use trusted third-party service providers (data processors) to help deliver our services. These providers only process personal data on our instructions and are required to comply with UK GDPR:

  • Calendly – used for appointment scheduling and booking management. Calendly processes personal data such as your name, email address, and appointment details.

  • Stripe – used to process payments securely. Stripe may process payment details, billing information, and transaction data.

  • Klarna and Visa – used via Stripe to offer payment methods. These providers process payment data in accordance with their own privacy and security standards.

  • Squarespace – used to host and manage our website. Squarespace may collect technical data such as IP address, device information, and form submissions.

  • Google Workspace (Google Admin) – used for email communication, document storage, and administrative records. Data is stored securely within Google’s managed systems.

Where data is transferred outside the UK, appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses.

For transparency, you can review the privacy practices of our main data processors at the links below:

We may also share data where required with:

  • Professional advisors (e.g. supervisors or insurers) where ethically and legally necessary

  • Legal or regulatory authorities where disclosure is required by law

11. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request rectification of inaccurate or incomplete data

  • Request erasure (where legally and ethically permissible)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: www.ico.org.uk

12. Cookies and Website Data

Our website may use cookies to ensure functionality and analyse usage. Where required, you will be asked for consent before non-essential cookies are used.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

14. Contact Details

If you have questions about this Privacy Policy or how your data is handled, please contact:

Email: info@peaceandmindscounselling.co.uk

Last updated: 15/01/2026