Privacy Policy – Mind at Heart

Legal

Privacy Policy

How we collect, use and protect your personal information.

Last updated: May 2025  |  Mind at Heart Counselling Services

Mind at Heart (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy explains how we collect, use and protect personal information when you use our website or engage with our counselling and therapeutic services. We act as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Mind at Heart is a BACP registered counselling service providing professional therapeutic services to adults in the UK. Our lead practitioner, Nicky Ali, is a registered member of the British Association for Counselling and Psychotherapy (BACP) and operates in accordance with the BACP Ethical Framework for the Counselling Professions.

For any privacy-related enquiries: hello@mindatheart.co.uk

2. Information We Collect

  • Contact and identity information: name, email address, telephone number.
  • Session and clinical information: information shared during counselling sessions, assessment notes, and progress records. This is special category data under UK GDPR and is processed with particular care.
  • Communication data: emails, enquiry form submissions and any correspondence between us.
  • Technical data: anonymised website usage data (via cookies) to understand how our website is used.

We do not collect payment card details directly any payments are processed via secure third-party providers.

3. How We Use Your Information

  • Respond to your enquiries and provide our counselling and therapeutic services.
  • Maintain accurate clinical records as required by professional and legal obligations.
  • Ensure the safety and wellbeing of clients, including where we have a duty of care.
  • Comply with our obligations under BACP membership and UK law.
  • Improve our website and services using anonymised, aggregated data.

4. Legal Basis for Processing

  • Contract performance: where processing is necessary to deliver the services you have engaged.
  • Legitimate interests: responding to enquiries and maintaining appropriate clinical records.
  • Legal obligation: where we are required to process data by law or professional regulation.
  • Vital interests: in exceptional circumstances where there is a risk to life.
  • Explicit consent: for special category health data gathered during the therapeutic process.

5. Confidentiality

As a BACP registered service, we uphold strict professional confidentiality. Everything shared within sessions is treated as confidential. There are limited and legally defined circumstances in which we may be required to share information without your consent for example, where there is serious risk of harm to yourself or others, or where required by a court of law.

We engage in regular clinical supervision. Your information may be discussed in an anonymised form with our clinical supervisor, who is bound by professional confidentiality obligations.

6. Data Retention

We retain clinical and contact records for a minimum of 7 years following the end of therapeutic work, in line with BACP guidance and UK professional standards. After this period, records are securely destroyed.

7. Your Rights

Under UK GDPR, you have the right to: access your data; request correction of inaccurate data; request erasure in certain circumstances; restrict how we process your data; receive your data in a portable format; and object to certain processing.

Contact us at hello@mindatheart.co.uk to exercise any right. We will respond within one calendar month. You may also complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data. Clinical notes are stored securely. We do not transmit sensitive clinical information via standard email without your explicit consent.

9. Third Parties

We do not sell, rent or share your personal information for marketing purposes. We may share data with: our clinical supervisor (anonymised, under confidentiality agreement); our secure payment processor; and statutory authorities where required by law.

10. Cookies

Our website uses only essential cookies necessary for the site to function. We do not use tracking or advertising cookies. You can control cookie settings via your browser at any time.

11. Changes to This Policy

We may update this policy from time to time. The current version will always be available on this page with the date of the most recent revision noted at the top.

12. Contact

Mind at Heart
Email: hello@mindatheart.co.uk
BACP Registered Practice