GDRP Statement

GDPR Statement – Eleos Counselling

At Eleos Counselling, your privacy is a priority. In line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, this statement explains how your personal data is collected, stored, and used when you engage in therapy with us.

Who We Are

Eleos Counselling is a private psychotherapy and counselling service based in West Sussex. We are registered with the Information Commissioner’s Office (ICO) and act as the data controller for all personal information collected.

What Information Is Collected

To provide a safe and professional service, we collect:

  • Your name, contact details, and date of birth

  • Emergency contact and GP details (with your consent)

  • Medical, psychological, or relevant personal history

  • Session notes, appointment history, and assessment forms

  • Payment and invoicing data

How We Use Your Data

Your information is used for:

  • Providing counselling and psychotherapy sessions

  • Booking and managing appointments (via WriteUpp)

  • Secure online sessions (via Zoom)

  • Processing payments and storing card details (via Stripe)

  • Meeting ethical, professional, and legal obligations (e.g. supervision, safeguarding, tax records)

We do not use your data for marketing or share it with third parties for commercial purposes.

Digital Tools We Use

  • WriteUpp: A GDPR-compliant practice management system used to manage bookings, clinical notes, and secure messaging. All data is encrypted and stored in the UK.

  • Zoom: Secure, encrypted video conferencing software used for online therapy. You are not recorded and Zoom does not store session content.

  • Stripe: A secure PCI-DSS compliant payment platform used to collect and store card details for invoicing and missed session fees. We do not see or store your full card number.

How Your Data Is Stored

  • Digital notes and communications are encrypted and stored within WriteUpp’s secure servers

  • Card details are stored securely by Stripe – we do not keep card data ourselves

  • Emails and texts are handled through password-protected devices

  • Paper records, if any, are stored in a locked cabinet

Only your therapist or authorised administrative personnel (if applicable) have access to your data.

Data Retention

Your records are stored for seven years after the end of therapy, as required by professional guidelines. After that, they are securely destroyed.

Your Rights

You have the right to:

  • Access your data

  • Request corrections

  • Request deletion (where appropriate)

  • Restrict or object to processing

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Confidentiality and Exceptions

Your confidentiality is respected at all times. Information is only shared:

  • With your consent

  • If there is a serious risk of harm to you or others

  • If required by law (e.g. court order, terrorism, child protection concerns)

Consent

By booking and attending sessions with Eleos Counselling—whether online or in person—you consent to your data being processed as outlined in this statement.