Privacy Policy

🔒 Privacy Policy

Speak to Lauren – Counselling with Lauren Reading-Gloversmith

1. Purpose of This Policy

This policy explains how I collect, store, use, and protect your personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. My aim is to be transparent, keep your data safe, and meet all legal and ethical obligations.

2. Who I Am & Data Protection Contact

Speak To Lauren is a private counselling practice based in the UK.
I, Lauren Reading-Gloversmith, am a sole trader and the Data Controller for your information.

For all questions about your data or to exercise your rights under GDPR, you can contact me at:
📧 contact@speaktolauren.com

I am registered with the Information Commissioner’s Office (ICO) as a data controller (Registration number: ZB955481).

3. Who I Work With

I only provide counselling to clients aged 18 and over. I do not knowingly collect or store personal data relating to children.

4. What Data I Collect and Why

I only collect the information necessary to offer you safe, ethical, and effective counselling. This may include:

• Contact details: name, phone number, email, home address

• Emergency contact details: for use only in crisis or safeguarding situations

• Date of birth: to ensure accurate identification

• GP details: used only if needed in a serious risk or safeguarding situation

• Relevant health information: e.g. mental health history, medication

• Session notes: brief factual notes about what we discuss

• Assessment forms: such as intake forms or optional screening tools (e.g. CORE-10)

• Payment records: for accounting purposes (no bank/card details are stored)

🔄 In addition: A clinical will is in place. This means that, in the unlikely event of my death or incapacity, an appointed executor will be able to contact my current clients and relevant professional contacts (such as my supervisor, referring agencies, ethical body, and insurer) to manage the closure or transfer of my practice. The executor already holds a secure link to this document but does not have the password to open it. Access would only be granted if necessary and with authorisation from a nominated trusted person.

5. Lawful Basis for Processing Your Data

I process your data under the following lawful bases:

• Contractual necessity – to provide the counselling service you’ve requested

• Legal obligation – for record keeping, safeguarding, and tax purposes

• Vital interests – in case action is needed to protect life or safety

• Legitimate interest – to maintain safe and effective practice and professional continuity

• Explicit consent – for storing and using sensitive information in our work together

6. How Your Data is Stored and Protected

Your data is kept securely in the following ways:

• 🔄 Digital records: stored on password- and antivirus-protected devices, with encrypted backups on a secure external hard drive held in a locked box.

• 🔄 Cloud storage: confidential documents (e.g. my clinical will) are held on encrypted Microsoft OneDrive, protected by password and shared only with an appointed executor if required.

• 🔄 Counselling phone: messages and calls are handled via a dedicated SIM card within a dual-SIM phone, which is passcode- and biometric-protected. Messages are deleted once actioned or, if clinically relevant, transferred to the secure system and then removed from the device. 

• Emails: sent via Gmail, which complies with UK GDPR security requirements

• Online sessions: conducted via Doxy.me, a secure, GDPR-compliant platform

• Online forms: if used, hosted on GDPR-compliant systems

I never share your data with anyone unless required by law or with your written consent.

If your personal data is transferred outside the UK (for example, due to email or cloud storage systems), it will only be sent to countries with adequate data protection standards or safeguarded through approved measures such as Standard Contractual Clauses.

7. How Long I Keep Your Data

I keep client records for 7 years from the end of therapy, in line with insurance and professional guidance. After this time, all records are securely deleted.

8. Your Rights Under GDPR

You have the right to:

• Be informed about how your data is used

• Access the data I hold about you

• Request correction of inaccurate information

• Request deletion of your data (with some legal limitations)

• Restrict or object to how your data is processed

• Withdraw consent where applicable

Requests can be made in writing and I will respond within 30 days where possible.

9. What Happens in a Data Breach

If there is a data breach (e.g. loss, theft, unauthorised access), I will:

• Inform you as soon as possible

• Notify the Information Commissioner’s Office (ICO) within 72 hours if required

• Take steps to contain the breach and prevent future incidents

10. Concerns or Complaints

If you are concerned about how your data is handled, please speak with me. You also have the right to contact the Information Commissioner’s Office (ICO):
📍 www.ico.org.uk

🔁 Policy Review

This privacy policy is reviewed annually or sooner if legal or professional changes arise.
Policy created: August 2025
Last updated: October 2025
Next review due: August 2026 (or sooner if regulations change)