Privacy Policy

1. Introduction

Your privacy is important to me. This Privacy Policy explains how Candice Gaugain Counselling & Psychotherapy collects, uses, stores and protects your personal information when you use this website, contact me, or engage with my counselling and psychotherapy services.

I am committed to ensuring that your privacy is protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully to understand how I handle your personal data.

2. Data Controller

The data controller responsible for your personal information is:

3. What Information I Collect

I may collect and process the following categories of personal information:

Contact Information

• Name, email address, telephone number and any other details you provide when completing a contact form or enquiry on this website

Appointment and Session Information

• Details you provide when booking appointments, including your name, contact details and scheduling preferences
• Session notes and records relating to your counselling or psychotherapy sessions

Special Category Data

As a counsellor and psychotherapist, I may collect and process special category data (also known as sensitive personal data) as defined under UK GDPR. This includes information about your physical and mental health that you share during the course of therapy. This data is treated with the highest level of confidentiality and protection.

Payment Information

• Records of payments made for counselling sessions, including dates, amounts and payment method. I do not store full credit or debit card details.

Website Usage Data

• Technical information such as your IP address, browser type, operating system, pages visited and time spent on the website, collected through cookies and analytics tools

4. How I Use Your Information

I use the personal information I collect for the following purposes:

• To respond to your enquiries and communicate with you about my services
• To schedule and manage appointments
• To provide counselling and psychotherapy services, including maintaining session records as required by my professional body
• To process payments for services
• To comply with legal, regulatory and professional obligations
• To improve and maintain this website
• To ensure the safety and wellbeing of clients where there is a risk of serious harm

5. Legal Basis for Processing

I process your personal data on the following legal grounds under UK GDPR:

Consent (Article 6(1)(a))

Where you have given clear consent for me to process your personal data for a specific purpose, such as when you complete a contact form, subscribe to communications or consent to the processing of special category data relating to your therapy.

Contract (Article 6(1)(b))

Where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract. This includes managing appointment bookings and providing counselling services.

Legitimate Interest (Article 6(1)(f))

Where processing is necessary for my legitimate interests, provided these are not overridden by your rights. This includes maintaining business records, improving my website and ensuring the security of my services.

Legal Obligation (Article 6(1)(c))

Where I am required to process your data to comply with a legal obligation, such as tax and accounting requirements, or safeguarding duties.

Vital Interests (Article 6(1)(d))

In rare circumstances, where processing is necessary to protect someone's life or in a medical emergency.

6. How I Store and Protect Your Data

I take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or damage. These measures include:

• Storing electronic records securely using password-protected and encrypted systems
• Keeping paper records, where applicable, in locked storage
• Limiting access to your personal data to myself only, unless otherwise required
• Using secure, encrypted communication channels where possible
• Regularly reviewing and updating my data security practices

7. How Long I Keep Your Data

I retain your personal data only for as long as is necessary for the purposes for which it was collected. Specific retention periods include:

• Enquiry and contact form data: Retained for up to 12 months after our last communication, unless you become a client
• Client session records: Retained for a minimum of 7 years after the end of the therapeutic relationship, in line with professional and insurance requirements
• Financial and payment records: Retained for 7 years as required by HMRC
• Website analytics data: Retained in accordance with the analytics provider's data retention policies

After the relevant retention period, your data will be securely deleted or destroyed.

8. Sharing Your Data

I treat all personal information with strict confidentiality. I will not share your personal data with third parties except in the following circumstances:

• With your explicit consent: For example, if you ask me to share information with your GP or another professional
• Legal or regulatory requirements: Where I am required to disclose information by law, such as a court order or safeguarding concern
• Risk of serious harm: Where there is an imminent risk of serious harm to you or another person, I may be required to share information with appropriate authorities
• Professional supervision: I discuss my clinical work in professional supervision to maintain the quality of my practice. In these discussions, your identity is anonymised and no personally identifiable information is shared
• Service providers: I may use trusted third-party services (such as a booking platform, email provider or payment processor) to support the delivery of my services. These providers process data on my behalf and are bound by their own privacy and data protection obligations

9. Cookies

This website uses cookies to enhance your browsing experience and to help me understand how the site is used. Cookies are small text files stored on your device when you visit the website.

For full details about the cookies I use and how to manage them, please see my Cookie Policy.

10. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data I hold about you
• Right to rectification: You have the right to ask me to correct any inaccurate or incomplete personal data
• Right to erasure: You have the right to request the deletion of your personal data, subject to any legal or professional obligations that require me to retain it
• Right to restrict processing: You have the right to request that I limit the processing of your personal data in certain circumstances
• Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format
• Right to object: You have the right to object to the processing of your personal data where I am relying on legitimate interest as the legal basis
• Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal

To exercise any of these rights, please contact me using the details provided in the Contact Me section below. I will respond to your request within one month.

11. Children's Privacy

This website and my services are not directed at children under the age of 16. I do not knowingly collect personal data from children under 16 without parental or guardian consent. If I become aware that I have collected personal data from a child under 16 without appropriate consent, I will take steps to delete that information as soon as possible.

12. Third-Party Links

This website may contain links to third-party websites, such as professional directories, social media platforms or other resources. I am not responsible for the privacy practices or content of these external sites. I encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Policy

I may update this Privacy Policy from time to time to reflect changes in legislation, professional guidance or my business practices. Any changes will be posted on this page with an updated revision date. I encourage you to review this policy periodically to stay informed about how I protect your personal data.

14. Complaints

If you are unhappy with how I have handled your personal data, I would appreciate the opportunity to resolve your concerns directly. Please contact me using the details below.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

15. Contact Me

If you have any questions about this Privacy Policy or wish to exercise any of your data protection rights, please contact me: