top of page

Privacy Policy

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018.  This privacy policy outlines your rights, and my obligations to you, with regard to the recording and storage of your personal information. Gail Kimmings Counselling and Psychotherapy (Thrive Therapy) is registered with the Information Commissioner’s Office and fully committed to respecting and protecting your privacy. This policy explains what information I need to collect from you before therapy commences and what information I may need to collect from you during our work together. Additionally, I will detail how your information will be stored, duration that it will be stored and how, under exceptional circumstances, it may be shared.


Who is responsible for the processing of your personal data?

The General Data Protection Regulation (GDPR) defines a ‘data controller’ as the person in an organisation who: ‘determines the purposes and means of processing personal data’. The ‘data controller’ for Thrive Therapy is Gail Kimmings (ICO Registration: ZA540124), who can be contacted via or 07756 173151 (postal address available on request).


Why is your personal information required?

Under a legitimate interest, data privacy law allows me to collect your personal information in order to understand your needs and to provide you with a professional service. In certain circumstances, I may also collect your personal information in order to fulfil my contractual obligations with you and where I may be required by law.


Examples of how I may use your personal information include:

  • In order to make services available to you

  • In order to deliver services to you

  • For internal administrative functions

  • Where required, in order to comply with my legal obligations


Please see below further information regarding your data subject rights. Please note, should you decide to not share your personal information with me, or refuse certain contact permissions, I may not be able to provide the services requested.

How will your personal information be collected?

Primarily, I will collect your personal information in person during therapy sessions. However, I may all collect your personal information via the following means:


Date you provide directly:

  • When you contact me by any means, for example; by phone, website contact form, email, writing.

  • When you book an appointment with me. 

  • When you complete and return any forms I have provided. 


Data received from third parties:

  • For example, counselling and psychotherapy directories, such as the BACP Therapist directory and Psychology Today directory.

  • When you have given any third-party permission to share your personal information with me, for example; your GP, another health professional, your insurance provider.


Date recorded via My web server may automatically collect details about your visit, including:

  • IP address

  • Website from which you linked from

  • Search engine

  • Pages on this website that you visit

  • Date, time and duration of your website visit


What type of personal information will be collected?

Upon initial contact and before committing to provide you with therapy services, I may ask you by phone or email to provide me with your name, telephone number, availability and a brief description of why you are seeking therapy. 


Once we have agreed that counselling with me is right for you, and your therapy commences, I will collect further information from you that may include: date of birth, basic contact details (address, email, telephone) and GP details.


During our work together, I will make a brief note of what we have talked about during each session. This may contain other personal data you share such as marital status, children, gender, occupation and ‘special category data’ such as mental and physical health details, race, ethnic origin, politics, religion, sex life or sexual orientation. ‘Special category data’ is defined by the GDPR as being information that is more sensitive than other personal information. The condition of the GDPR that I apply to the processing of your special category information is that it is ‘pursuant to contract with a health professional’. This means that, if you begin counselling with me, then I will likely need to process some special category information about you. Usually, this is information about your mental health, and I need to process it in order to fulfil my contractual obligations to you in delivering a safe, effective service.

How will your personal information be stored?

Your personal information will be stored both electronically and physically. Personal information is stored electronically on devices that are password and/or fingerprint I.D. protected, and in files that are further password protected and only accessible by me.


Information that is stored physically using paper records, such as session notes, is held securely in locked storage in an anonymised format. Your identifiable information is kept separate from other personal information and session notes, and are linked by a unique number. This code is stored in a separate location and password protected.


All electronic and manual records are also only accessible by me.


How long is your personal information stored for?

If you choose not to continue with counselling after your assessment session, your information will be securely disposed of within three months.


Client contact details are erased/securely disposed of one month after counselling has ended.

I may also store your phone number in my mobile phone which is password protected and your number will also be deleted within 1 month from your last session.


I hold your written information for up to 3 years following the cessation of therapy. However, after the work has been discussed in supervision, I may destroy any notes (or parts of notes) that my supervisor and I do not consider necessary to keep for longer.



The content of all sessions is kept in the strictest confidence, including all records and notes. However some situations could result in disclosure and these are as follows: 

  • If you are considered to be a serious risk to yourself or to other people, then further professional advice could be beneficial and I would have to disclose this information to your GP. 

  • Any illegal activities and acts of terrorism, where not to disclose would break the law.

  • Any child protection issues where a child could be at risk of harm or neglect must be reported to the appropriate authorities as required by The Children Act 1989.


Depending on the particular circumstances, I would always aim to discuss this with you before taking any action, unless I consider that the urgency of the situation requires immediate action to safeguard the physical safety of yourself or others. 

Website Visitors: 

When an individual visits, Google analytics who are considered a third party service, collect information about what visitors do when they click on the website, e.g. which page they visit the most. Google analytics only collect non-identifiable data which means I or they cannot identify who is visiting.



Thrive Therapy uses cookies for website management purposes. Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies used on are in the form of analytic tools, which are used to collect information about how people use this website. 

Visitor Analytics

Visitor Analytics is a simple website analytics service which measures the traffic and visitors' general details of the customers' websites. Collecting these statistics, a website can make their visitors' experience better (e.g. which pages they visit and when, where they are approximately located, where does a user land first or if they are coming from a specific referral).

Basically, as a website owner using Visitor Analytics, we are using cookies to collect data about visitors' device type and screen size, approximate location, browser, OS, IPs, page visits, bounce rate, conversions and popular content on the website. All this data is pseudonymized and Visitor Analytics will never use the collected data to identify individual users or to match it with additional information on an individual user. Each visitor has control over the cookies placement.


How to control cookies

You can control and/or delete cookies as you wish by checking your browser settings on each device -

For further information, please check Visitor Analytics’ Terms Of UseCookie Information and Opt-Out / Do Not Track.


How do I turn cookies off?

All modern browsers allow you to change your cookie settings. You can usually find these settings in the 'options' or 'preferences' menu of your browser. For further details, see

However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the website. To understand these settings, use the 'Help' option in your browser.



Transmission of data and information via this website is not a secure or an encrypted transmission method for sending your personal data. Your attention is therefore drawn to the fact that, any information and personal data carried over the internet is not secure. Information and personal data may be intercepted, lost, corrupted or accessed by other people.


Upon receipt of your personal data Thrive Therapy is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have in place appropriate physical and electronic procedures to safeguard and secure the information collected online (as outlined above).


Links to external websites:

This website may contain links to other websites of interest. However, once you have used these links to leave you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.


Amendments and updates:

This privacy policy may be amended and/or updated from time to time without notice to you, in which case, the amended version will be published on You confirm that we shall not be liable to you or any third party for any changes made to this privacy policy. It is your responsibility to check this page from time to time to ensure that you are happy with any changes.


Your rights:

You have the right to ask me to provide a copy of the information held in my records. You also have the right to have any inaccuracies in your information corrected. You may withdraw your consent for me to hold and process your data at any time. However, if you do this while actively receiving counselling, your counselling would have to end.

bottom of page