CALL +44 1784 618437
Email hello@inneractioncounselling.co.uk

Counselling in Hampton Hill & Online

Inner Action Counselling Logo with three concentric green circles, darkest in the centre and lightest on the outer edge, each outlined in white. A white tuning fork silhouette is angled diagonally to the right across the circles, intersecting the rings

Privacy Policy

Last Updated: June 2026.

Explanation.

This Privacy Policy explains how I collect, use, store, protect and share personal information when providing counselling, psychotherapy, training and related services. It outlines the types of information which may be collected, the reasons it is processed, how long it is retained and the rights individuals have under data protection law.

1. Introduction.

I am Sandra Mazili, a sole trader counsellor, psychotherapist and psychotherapy trainer. I provide counselling and psychotherapy services in person, online, by telephone and through live text-based communication. Services are available to adults, young people aged 13 and over, and individuals participating in relationship or multi-person therapy. I also provide professional training, workshops and educational courses. Counselling, psychotherapy and training services may be offered under my own name and/or associated trading brands. Throughout this policy, the term "service users" may refer to therapy clients, relationship therapy participants, training participants, course attendees and prospective clients.

I am registered with the Information Commissioner's Office (ICO) and am committed to protecting your personal information in accordance with the UK General Data Protection Regulation, (UK GDPR), and the Data Protection Act 2018.

This Privacy Policy explains how I collect, use, store and protect your personal information.

2. Data Controller.

3. Information I Collect.

Depending on the nature of the service provided, I may collect and process the following information:

Identity Information.

  • Name.
  • Date of birth.
  • Contact details.

Contact Information.

  • Email address.
  • Telephone number.
  • Postal address, where provided.

Health and Therapy-Related Information.

  • Mental health information.
  • Emotional wellbeing information.
  • Relevant medical information.
  • Medication information.
  • Risk and safeguarding information.
  • Session notes and therapy records.

Relationship and Multi-Person Therapy Information.

  • Information disclosed by participants during therapeutic work.
  • Contact information for participants, where required.
  • Records relating to therapy agreements and attendance.

Training and Course Information.

  • Name.
  • Email address.
  • Course registration information.
  • Attendance records.
  • Invoice details, where requested.
  • Postal address, where required for invoicing purposes.

Training Administration.

I use a self-employed administrator to assist with the administration of training courses.

Where necessary for attendance monitoring and the preparation of course certificates, the administrator may process participants' names and attendance records. The administrator does not have access to counselling or psychotherapy records and is subject to confidentiality obligations in relation to any personal information processed on my behalf.

Administrative Information.

  • Appointment records.
  • Communication records.
  • Contracts and consent forms.
  • Service agreements.

Technical Information.

  • Website usage information.
  • Cookie-related information.

Further information regarding cookies can be found in the Cookie Policy.

Payment Information.

I do not store payment card information. Payments may be processed through third-party providers such as PayPal. Information processed by those providers is governed by their own privacy policies.

4. Special Category Data.

As part of providing counselling and psychotherapy services, I process special category personal data relating to health and mental health. This information is collected only where necessary to provide services safely, ethically and professionally.

Training participants are not normally required to provide special category personal data. However, if such information is voluntarily disclosed or required for accessibility purposes, it will be handled in accordance with applicable data protection legislation.

5. Legal Basis for Processing.

Personal information is processed under one or more lawful bases contained within Article 6 UK GDPR.

These may include:

  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate interests.
  • Consent where applicable.

Where health-related information is processed, the relevant provisions of Article 9 UK GDPR relating to special category data are relied upon.

6. How Information Is Used.

Information may be used to:

  • Provide counselling and psychotherapy services.
  • Provide relationship and multi-person therapy services.
  • Administer training courses, workshops and educational activities.
  • Arrange and manage appointments.
  • Communicate with service users.
  • Issue invoices and certificates, where applicable.
  • Maintain professional records.
  • Respond to enquiries.
  • Meet professional, ethical and legal obligations.
  • Manage safeguarding concerns, where required.
  • Establish, exercise or defend legal claims, where necessary

7. Storage and Security.

Electronic records are stored securely using password-protected systems.

Appropriate technical and organisational measures are implemented to protect information against unauthorised access, disclosure, alteration, loss or misuse. This includes secure handling of information relating to both in-person and remote services.

While every reasonable effort is made to maintain security, no method of electronic communication or storage can be guaranteed completely secure.

8. In-Person, Online and Remote Services.

Services may be provided in person, by telephone, through video conferencing platforms or through secure live text-based communication systems.

These may include:

  • In-person sessions.
  • Zoom.
  • Google Meet.
  • FaceTime.
  • Telephone.
  • Secure live text-based communication systems.

While these platforms employ security measures, all online communications carry inherent privacy risks.

WhatsApp may occasionally be used for limited administrative communication. Wherever possible, alternative communication methods are preferred due to privacy considerations.

9. Session Recording and Artificial Intelligence Technologies.

To maintain confidentiality, privacy and security:

  • I do not record therapy sessions.
  • Clients may not record therapy sessions.
  • Clients may not use AI companions, AI note-taking tools, transcription software, recording software or similar technologies during sessions.

The use of such technologies may increase confidentiality and data security risks.

Further information can be found in the AI Policy.

10. Information Sharing.

Personal information is treated as confidential.

Information will not normally be shared without consent unless:

  • Required by law.
  • Ordered by a court.
  • Necessary to protect someone from serious harm.
  • Required for safeguarding purposes.
  • Necessary for the establishment, exercise or defence of legal claims.

11. Subject Access Requests.

You have the right to request access to personal information held about you.

Requests should normally be made in writing.

Verification of identity may be required before information is released.

12. Clinical Will Arrangements.

In the event of my death, serious illness or incapacity, a designated professional executor may access limited information including:

  • Your name.
  • Contact details.
  • Communication preferences.
  • Relevant accessibility requirements.

This access is strictly limited to the purpose of notifying clients and managing the closure of the practice appropriately.

The executor remains subject to professional confidentiality obligations.

13. Data Retention.

Process Notes.

Personal therapeutic working notes maintained solely for therapeutic reflection are securely deleted three months after counselling or psychotherapy has ended.

Progress Notes and Clinical Records.

Clinical records, contracts, risk-related documentation and associated records are retained for seven years following the end of therapy, after which they are securely deleted unless a longer retention period is required by law or safeguarding obligations.

Process Notes.

Personal therapeutic working notes maintained solely for therapeutic reflection are securely deleted three months after counselling or psychotherapy has ended.

Training Records.

Training registration records, attendance records and related administrative records are retained only for as long as necessary to meet professional, accounting, legal and business requirements.

Further information can be found in the Data Retention Policy.

14. External Websites.

This website may contain links to third-party organisations, including emergency services, support organisations, helplines and other professional resources. I am not responsible for the privacy practices, content or security of external websites. Users should review the privacy policies of any website they choose to visit.

15. Your Rights.

Under UK GDPR, you may have rights including:

  • Right of access.
  • Right to rectification.
  • Right to erasure, where applicable.
  • Right to restrict processing.
  • Right to object to processing.
  • Right to data portability.
  • Rights relating to automated decision-making.

Some rights may be limited where professional, legal, safeguarding or ethical obligations apply.

16. Complaints.

If you have concerns regarding how your information is handled, please contact me in the first instance.

You also have the right to raise concerns with the Information Commissioner's Office (ICO).

17. Professional Memberships.

I am an Accredited Registrant Member of the National Counselling and Psychotherapy Society, (NCPS), and a Registered Member of the British Association for Counselling and Psychotherapy, (BACP).

My professional practice is conducted in accordance with applicable professional, ethical and legal requirements.

18. Jurisdiction.

My counselling and psychotherapy practice operates within the United Kingdom, the Channel Islands and the Isle of Man.

Services are governed by the laws of England and Wales.

19. Changes to This Policy.

This Privacy Policy may be reviewed and updated periodically.

The most current version will always be available on this website.

Accessibility.

If you require this document in an alternative format, please contact me and I will provide it in a format suitable to your accessibility needs.

Sandra Mazili, MNCPS, MBACP

Get in Touch