Privacy Policy

Updated: 29/01/2026

I respect your privacy and am committed to protecting your personal information. This policy explains how I collect, store, and use your data.

Who I Am

I am the data controller responsible for the personal information you provide. This means I decide how and why your personal data is processed. My contact details are:

Carly Darnell
17 Merriman Road, Street, Somerset, BA16 0JB
carly@carlydarnellcounselling.co.uk
+44 07832 443154

Data Protection Registration

I am registered with the Information Commissioner’s Office (ICO), registration number ZB722882. This means I comply with the requirements of the UK Data Protection Act 2018 and UK GDPR in handling your personal information.

What Personal Data I Collect

I may collect and process information you provide, which can include:

Contact details (e.g., name, email, phone)
Health or medical information where relevant
Personal history or private situations shared with me
Financial information if you pay online

This may include special categories of data (e.g., health data) where relevant.

How I Collect Your Personal Data

I collect your personal data:

Directly from you (e.g., forms, communication)
Where you have consented to share it

I do not typically obtain personal data from other sources without your knowledge.

Why I Use Your Personal Data

I use your personal data only for specific, legitimate purposes, including:

Providing services to you
Administrative tasks related to service provision
Communicating with you about your account or services
Financial auditing if you make payments online

I always handle your data in a lawful, fair, and transparent way.

Lawful Basis for Processing

I rely on one or more lawful bases under the UK GDPR for processing your personal data:

Consent – where you have given clear permission
Contract – processing necessary to provide services you’ve requested
Legal obligation – where required by law
Legitimate interests – where my use does not outweigh your privacy rights

If I process special category data (e.g., health information), I will have an additional lawful basis under UK GDPR and the Data Protection Act.

Who I Share Your Data With

I do not share your personal data with third parties, except when necessary:

With supervisors or administrators for internal purposes
With a bookkeeper/accountant for financial auditing
With professional bodies, law enforcement, or courts when required by law (e.g., to prevent serious harm or comply with legal obligations)

All sharing is limited to the minimum information required.

Data Security

I take appropriate technical and organisational measures to protect your personal data:

Electronic data is password-protected and encrypted
Hardcopy data is stored securely in locked storage
I follow strict professional ethical and security practices to prevent unauthorised access

How Long I Keep Your Data

I retain personal data only as long as reasonably necessary for the purposes I collected it for:

Client records are kept for 3 years after services end, then securely destroyed
Financial records are retained for auditing purposes as required by law

Your Rights

You have legal rights regarding your personal data, including the right to:

Access the data I hold about you
Correct or update inaccurate data
Request erasure (where applicable)
Ask me to restrict processing
Object to processing in certain circumstances
Withdraw consent at any time (if consent is my lawful basis)

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data has been misused.

Data Breach Notification

In the event of a personal data breach affecting your information, I will notify affected individuals without undue delay and take steps to mitigate potential harm.

Changes to This Policy

I may update this policy from time to time. I will notify you of significant changes, and the effective date will be revised.