Privacy Policy

🔒 Privacy Policy

Speak to Lauren – Counselling with Lauren Reading-Gloversmith

1. Purpose of This Policy

This policy explains how I collect, store, use, and protect your personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. My aim is to be transparent, keep your data safe, and meet all legal and ethical obligations.

2. Who I Am & Data Protection Contact

Speak To Lauren is a private counselling practice based in the UK.
I, Lauren Reading-Gloversmith, am a sole trader and the Data Controller for your information.

For all questions about your data or to exercise your rights under GDPR, you can contact me at:
📧 contact@speaktolauren.com

I am registered with the Information Commissioner’s Office (ICO) as a data controller. (Registration number: ZB955481)

3. Who I Work With

I only provide counselling to clients aged 18 and over. I do not knowingly collect or store personal data relating to children.

4. What Data I Collect and Why

I only collect the information necessary to offer you safe, ethical, and effective counselling. This may include:

• Contact details: name, phone number, email, home address
  
  

• Emergency contact details: for use only in crisis or safeguarding situations
  
  

• Date of birth: to ensure accurate identification
  
  

• GP details: used only if needed in a serious risk or safeguarding situation
  
  

• Relevant health information: e.g. mental health history, medication
  
  

• Session notes: brief factual notes about what we discuss
  
  

• Assessment forms: such as intake forms or optional screening tools (e.g. CORE-10)
  
  

• Payment records: for accounting purposes (no bank/card details are stored)
  
  

5. Lawful Basis for Processing Your Data

I process your data under the following lawful bases:

• Contractual necessity – to provide the counselling service you’ve requested
  
  

• Legal obligation – for record keeping, safeguarding, and tax purposes
  
  

• Vital interests – in case action is needed to protect life or safety
  
  

• Legitimate interest – to maintain safe and effective practice
  
  

• Explicit consent – for storing and using sensitive information in our work together
  
  

6. How Your Data is Stored and Protected

Your data is kept securely in the following ways:

• Digital records: stored on password-protected devices, with secure backups
  
  

• Emails: sent via Gmail, which complies with UK GDPR security requirements
  
  

• Online sessions: conducted via Doxy.me, a secure telemedicine platform compliant with GDPR
  
  

• Online forms: if used, hosted on GDPR-compliant systems
  
  

I never share your data with anyone unless required by law or with your written consent.

If your personal data is transferred outside the UK (for example, due to email or cloud storage systems), it will only be sent to countries with adequate data protection standards or safeguarded through approved measures such as Standard Contractual Clauses.

7. How Long I Keep Your Data

I keep client records for 7 years from the end of therapy, in line with insurance and professional guidance. After this time, all records are securely deleted.

8. Your Rights Under GDPR

You have the right to:

• Be informed about how your data is used
  
  

• Access the data I hold about you
  
  

• Request correction of inaccurate information
  
  

• Request deletion of your data (with some legal limitations)
  
  

• Restrict or object to how your data is processed
  
  

• Withdraw consent where applicable
  
  

Requests can be made in writing and I will respond within 30 days, where possible.

9. What Happens in a Data Breach

If there is a data breach (e.g. loss, theft, unauthorised access), I will:

• Inform you as soon as possible
  
  

• Notify the Information Commissioner’s Office (ICO) within 72 hours if required
  
  

• Take steps to contain the breach and prevent future incidents
  
  

10. Concerns or Complaints

If you are concerned about how your data is handled, please speak with me. You also have the right to contact the Information Commissioner’s Office (ICO):
📍 www.ico.org.uk

🔁 Policy Review
This privacy policy is reviewed annually or sooner if legal or professional changes arise.
Policy created: August 2025
Next review due: August 2026 (or sooner if regulations change)