Data Retention Policy
Last Updated: June 2026.
Introduction.
This Data Retention Policy explains how long personal information is retained within my counselling, psychotherapy and training practice and how it is securely deleted or destroyed, when no longer required. It outlines the retention periods which apply to different categories of records and the reasons for those retention periods.
1. Purpose.
This Data Retention Policy explains how long personal data is retained within my counselling, psychotherapy and training practice, and how it is securely disposed of when no longer required.
Retention periods are based on professional, ethical, insurance and legal requirements.
2. Scope.
This policy applies to all personal data processed in the course of:
- Counselling and psychotherapy services.
- Relationship and multi-person therapy.
- Work with young people aged 13 and over.
- Professional training, workshops and educational courses.
- Prospective client enquiries.
3. Client Enquiries.
Information received via email, telephone, website contact forms or other enquiry methods will normally be retained for up to 12 months if no therapeutic or training relationship is established, after which it will be securely deleted.
4. Counselling and Psychotherapy Records.
Clinical records (progress notes), contracts, consent forms, risk-related documentation and related materials are retained for 7 years following the end of therapy.
This retention period reflects professional standards, indemnity insurance expectations and legal limitation considerations.
After the retention period, records are securely deleted or destroyed.
5. Process Notes.
Process notes are personal working notes created for therapeutic reflection and professional use. They do not form part of the formal clinical record.
Process notes are securely deleted 3 months after the end of therapy.
6. Relationship and Multi-Person Therapy Records.
Records relating to relationship or multi-person therapy are retained in line with the same retention periods as individual therapy records, as set out above.
7. Training and Course Records.
Records relating to training, workshops and educational courses (including registration details, attendance records and related administrative data) are retained for up to 7 years where required for:
- Business administration.
- Accounting requirements.
- Professional record-keeping.
Where enquiries do not result in course attendance, data is normally deleted within 12 months.
8. Safeguarding Information.
Where safeguarding concerns arise, information may be retained for longer than standard retention periods where necessary to comply with legal obligations or to protect individuals from harm.
9. Financial and Administrative Records.
Where invoices or financial records are issued, these are retained in accordance with HMRC requirements, (generally up to 6 years for tax purposes).
Payment card details are not stored.
Payments processed via third-party providers, (e.g. PayPal), are subject to those providers’ own retention policies
10. Clinical Will Information.
Limited contact information held for clinical will purposes is retained only for as long as necessary to manage professional arrangements for practice continuity or closure.
This is kept securely and separately from clinical records.
11. Secure Disposal.
When retention periods expire, personal data is securely deleted from electronic systems.
Any physical records (if applicable) are securely shredded or otherwise destroyed using appropriate confidential disposal methods.
12. Review.
This policy is reviewed periodically to ensure continued compliance with UK GDPR, the Data Protection Act 2018 and professional requirements.
Accessibility.
If you require this document in an alternative format, please contact me and I will provide it in a format suitable to your accessibility needs.
Sandra Mazili, MNCPS, MBACP