General Data Protection Regulation


This privacy notice explains what personal data I collect from you and how I store and process it as part of the services provided by The Zen Zone Lanarkshire


In the course of my practice I will collect, process and store personal data as a data controller.


I would like to assure you that I adhere to the laws and procedures relating to the General Data Protection Regulation (GDPR) 2018 and will only use your personal information to provide you with services as contracted. I am registered with the Information Commissioner’s Office (ICO) registration reference ZA050911.


The General Data Protection Regulation (GDPR) 2018 also makes sure I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for the provision of our services and necessary for a contract between us.


Personal Data that I collect:




Contact Address

Preferred contact (telephone/e-mail/text)


How I store information:


All information is stored on an encrypted drive, which is password protected.

Appointments are booked with client first name only. When not in use my diary is kept in a locked filing cabinet.

All e-mails, post, text’s etc are recorded in the client’s case notes then deleted from the platform that has been used.

My mobile phone is password protected. All voicemails, messages etc are recorded in your case-notes and then deleted from my phone.


How long I keep your data:


In line with instruction from my insurers, all notes are stored for a period of 7 years from the end of our work together. On the anniversary of the 7th year since our work ended, all paper records are shredded and online files are deleted.

Why do I keep your data:

The retention of client notes is necessary for legal reasons, in the event of any criminal prosecution, civil litigation, insurance claim or complaint to my regulatory body. Therefore, the client does not have the right to erase these notes, once counselling ends.


Sharing data – Confidentiality


Confidentiality is taken very seriously, and data is not normally shared, however, in keeping with the law and good practice guidelines, there are some situations where information may need to be shared:

If I feel you are in danger of serious harm to yourself or to other people, I have a legal duty to inform outside agencies, for example your GP, the local mental health crisis team or the Police, I may also contact your agreed emergency contact, however I would try and talk to you about this first.

Safeguarding purposes. If I thought a child or vulnerable adult was at risk I would be legally required to notify the relevant authorities, without your consent.

If you discuss involvement in serious criminal activity, such as terrorism, money laundering or drug trafficking I would be legally required to contact the relevant authorities without your consent.

Compliance with the law. A court of law can request information about you even without your consent, although this is very rare and something I would try and discuss with you first.

Data may be shared with my insurance company in the event of a complaint being made against me.


Your Rights


The right to access. You have the right to ask for a copy of your personal information, free of charge, at any time. If you would like to do this please email your request to I will strive to fulfil all requests within 7 working days, excluding holiday periods.

The right to rectification. You may update any of the information I hold for you at any time. I will amend them immediately.

The right to erasure. You may request that I erase your data. I will comply within 30 days unless it is information I need to keep for legal reasons.

The right to data portability. Your data is retrievable and may be able to be moved if necessary.

The right to complain to a supervisory authority. If you believe I have contravened the GDPR, you may contact the ICO.

The right to withdraw consent. You may withdraw your consent for me to hold your information. I will comply immediately unless I cannot for legal reasons.

Changes to this policy


I may edit this policy from time to time. If I make any substantial changes I will notify you by posting a prominent announcement on the website.

All details are correct at the time of publishing.