Who is responsible for the processing of your personal data?
The General Data Protection Regulation (GDPR) defines a ‘data controller’ as the person in an organisation who: ‘determines the purposes and means of processing personal data’. The ‘data controller’ for Thrive Therapy is Gail Kimmings (ICO Registration: ZA540124), who can be contacted via firstname.lastname@example.org or 07726 119253 (postal address available on request).
Why is your personal information required?
Under a legitimate interest, data privacy law allows me to collect your personal information in order to understand your needs and to provide you with a professional service. In certain circumstances, I may also collect your personal information in order to fulfil my contractual obligations with you and where I may be required by law.
Examples of how I may use your personal information include:
In order to make services available to you
In order to deliver services to you
For internal administrative functions
Where required, in order to comply with my legal obligations
Please see below further information regarding your data subject rights. Please note, should you decide to not share your personal information with me, or refuse certain contact permissions, I may not be able to provide the services requested.
How will your personal information be collected?
Primarily, I will collect your personal information in person during therapy sessions. However, I may all collect your personal information via the following means:
Date you provide directly:
When you contact me by any means, for example; by phone, website contact form, email, writing.
When you book an appointment with me.
When you complete and return any forms I have provided.
Data received from third parties:
For example, counselling and psychotherapy directories, such as the BACP Therapist directory and Psychology Today directory.
When you have given any third-party permission to share your personal information with me, for example; your GP, another health professional, your insurance provider.
Date recorded via www.thrive-therapy.co.uk. My web server may automatically collect details about your visit, including:
Website from which you linked from
Pages on this website that you visit
Date, time and duration of your website visit
What type of personal information will be collected?
Upon initial contact and before committing to provide you with therapy services, I may ask you by phone or email to provide me with your name, telephone number, availability and a brief description of why you are seeking therapy.
Once we have agreed that counselling with me is right for you, and your therapy commences, I will collect further information from you that may include: date of birth, basic contact details (address, email, telephone) and GP details.
During our work together, I will make a brief note of what we have talked about during each session. This may contain other personal data you share such as marital status, children, gender, occupation and ‘special category data’ such as mental and physical health details, race, ethnic origin, politics, religion, sex life or sexual orientation. ‘Special category data’ is defined by the GDPR as being information that is more sensitive than other personal information. The condition of the GDPR that I apply to the processing of your special category information is that it is ‘pursuant to contract with a health professional’. This means that, if you begin counselling with me, then I will likely need to process some special category information about you. Usually, this is information about your mental health, and I need to process it in order to fulfil my contractual obligations to you in delivering a safe, effective service.
How will your personal information be stored?
Your personal information will be stored both electronically and physically. Personal information is stored electronically on devices that are password and/or fingerprint I.D. protected, and in files that are further password protected and only accessible by me.
Information that is stored physically using paper records, such as session notes, is held securely in locked storage in an anonymised format. Your identifiable information is kept separate from other personal information and session notes, and are linked by a unique number. This code is stored in a separate location and password protected.
All electronic and manual records are also only accessible by me.
How long is your personal information stored for?
If you choose not to continue with counselling after your assessment session, your information will be securely disposed of within three months.
Client contact details are erased/securely disposed of one month after counselling has ended.
I may also store your phone number in my mobile phone which is password protected and your number will also be deleted within 1 month from your last session.
I hold your written information for up to 3 years following the cessation of therapy. However, after the work has been discussed in supervision, I may destroy any notes (or parts of notes) that my supervisor and I do not consider necessary to keep for longer.
The content of all sessions is kept in the strictest confidence, including all records and notes. However some situations could result in disclosure and these are as follows:
If you are considered to be a serious risk to yourself or to other people, then further professional advice could be beneficial and I would have to disclose this information to your GP.
Any illegal activities and acts of terrorism, where not to disclose would break the law.
Any child protection issues where a child could be at risk of harm or neglect must be reported to the appropriate authorities as required by The Children Act 1989.
Depending on the particular circumstances, I would always aim to discuss this with you before taking any action, unless I consider that the urgency of the situation requires immediate action to safeguard the physical safety of yourself or others.
When an individual visits www.thrive-therapy.co.uk, Google analytics who are considered a third party service, collect information about what visitors do when they click on the website, e.g. which page they visit the most. Google analytics only collect non-identifiable data which means I or they cannot identify who is visiting.
Visitor Analytics is a simple website analytics service which measures the traffic and visitors' general details of the customers' websites. Collecting these statistics, a website can make their visitors' experience better (e.g. which pages they visit and when, where they are approximately located, where does a user land first or if they are coming from a specific referral).
Basically, as a website owner using Visitor Analytics, we are using cookies to collect data about visitors' device type and screen size, approximate location, browser, OS, IPs, page visits, bounce rate, conversions and popular content on the website. All this data is pseudonymized and Visitor Analytics will never use the collected data to identify individual users or to match it with additional information on an individual user. Each visitor has control over the cookies placement.
How to control cookies
You can control and/or delete cookies as you wish by checking your browser settings on each device -
How do I turn cookies off?
All modern browsers allow you to change your cookie settings. You can usually find these settings in the 'options' or 'preferences' menu of your browser. For further details, see aboutcookies.org.
However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the website. To understand these settings, use the 'Help' option in your browser.
Transmission of data and information via this website is not a secure or an encrypted transmission method for sending your personal data. Your attention is therefore drawn to the fact that, any information and personal data carried over the internet is not secure. Information and personal data may be intercepted, lost, corrupted or accessed by other people.
Upon receipt of your personal data Thrive Therapy is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have in place appropriate physical and electronic procedures to safeguard and secure the information collected online (as outlined above).
Links to external websites:
Amendments and updates:
You have the right to ask me to provide a copy of the information held in my records. You also have the right to have any inaccuracies in your information corrected. You may withdraw your consent for me to hold and process your data at any time. However, if you do this while actively receiving counselling, your counselling would have to end.