Privacy statement

Privacy Policy
Effective date: 19 June 2026

This Privacy Policy explains how I, Marian Stapley of Marian Stapley Counselling (“I”, “me”, “my”), collect, use, store and protect your personal information when you use this website or engage with my counselling services.

I am committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

By using this website or engaging with my services, you acknowledge that you have read this Privacy Policy and understand how your personal information will be used.

I may update this Privacy Policy from time to time. Any changes will be posted on this page and, where appropriate, notified to you by email. Please check this page periodically.

Data Controller
For the purposes of UK data protection law, the Data Controller is:
Marian Stapley
Marian Stapley Counselling
10 Barnetts Field
Westergate
Chichester
PO20 3UD
Email: marianstapleycounselling@btinternet.com
Telephone: 07815 628911
ICO Registration Number: ZA317190
Data protection contact: Marian Stapley (contact details as above).

Information I Collect
I may collect and process the following personal information:

  • Name
  • Address
  • Telephone number
  • Email address
  • Information you provide through contact forms
  • Information disclosed during counselling sessions
  • Payment and invoicing records
  • Website usage information, including cookies and analytics

I may also automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited
  • Time spent on pages
  • Referral sources
  • Website interaction data

Sources of data: I collect personal information directly from you and via my website. Where applicable, I may also receive limited information from third parties such as your GP, insurer, or Employee Assistance Programme (EAP) solely to arrange or fund counselling (for example, your name, contact details, and referral reason).

Special Category Data
As part of counselling services, I may collect sensitive personal data (special category data), including information about your health, wellbeing, relationships and emotional circumstances. This information is collected only where necessary for the provision of counselling services and is handled with strict confidentiality.

Lawful Basis for Processing
I process your personal data under the following lawful bases, matched to purpose:

  • Provide counselling services and maintain clinical records – Article 6(1)(b) (contract). Special category data: Article 9(2)(h) (health or social care), relying on Data Protection Act 2018 Schedule 1, paragraph 2(1). I maintain an appropriate policy document as required by law.
  • Manage appointments and communicate with you – Article 6(1)(b) (contract) and/or Article 6(1)(f) (legitimate interests: efficient administration of my practice).
  • Process payments and maintain financial records – Article 6(1)(b) (contract) and Article 6(1)(c) (legal obligation for tax and accounting).
  • Safeguarding and vital interests – Article 6(1)(d). Where special category data is involved, Article 9(2)(c).
  • Website analytics (non-essential) – Article 6(1)(a) (consent).

Where I rely on legitimate interests, these include operating and securing my website and systems, managing my diary, and communicating with existing clients. You can object to processing based on legitimate interests at any time; I will stop unless I have compelling legitimate grounds or need the data for legal claims.

How I Use Your Information
I use your information to:

  • Provide counselling services.
  • Manage appointments.
  • Maintain client records.
  • Process payments and maintain financial records.
  • Respond to enquiries.
  • Improve my website and services.
  • Maintain the security of my website and systems.
  • Comply with legal, ethical and professional obligations.

Clinical Notes and Professional Supervision
As part of providing counselling services, I keep brief clinical notes relating to our work together. These notes are stored securely and accessed only where necessary for the provision of counselling services and compliance with professional obligations.

I undertake regular professional supervision in accordance with recognised professional standards. Information discussed in supervision is anonymised wherever possible so that you cannot reasonably be identified. Supervisors are bound by professional confidentiality. Identifiable information is shared only where necessary and lawful and is anonymised wherever possible.

Where applicable, I comply with the ethical and professional requirements of the British Association of Counselling & Psychotherapy (BACP) of which I am a member in relation to record keeping, supervision and complaints.

Confidentiality and Disclosure
Your information is treated as confidential.

However, there are circumstances where I may disclose information where:

  • there is a legal obligation to do so;
  • there is a serious risk of harm to yourself or others;
  • there are safeguarding concerns;
  • it relates to terrorism, money laundering or serious criminal activity; or
  • professional supervision is required, in anonymised form wherever possible.

Any disclosure is limited to what is necessary and lawful. Where it would not prejudice the purpose of the disclosure or be unlawful, I will inform you.

Data Storage and Security
Your personal data is stored securely using appropriate technical and organisational measures designed to prevent unauthorised access, loss, misuse or disclosure. Measures include access controls, encryption in transit, secure password practices, regular software updates, and secure disposal of records.

International Transfers
Some third‑party service providers (for example, email or website hosting) may process personal data outside the United Kingdom. Where personal data is transferred outside the UK, I ensure appropriate safeguards are in place in accordance with UK data protection law, such as UK adequacy regulations or the UK International Data Transfer Agreement (or UK Addendum to the EU Standard Contractual Clauses). For transfers to the United States, I may rely on the UK Extension to the EU–US Data Privacy Framework where the provider is certified.

While I take reasonable steps to protect your data, transmission over the internet cannot be guaranteed as completely secure.

Data Retention
I will only keep your personal data for as long as necessary for the purposes for which it was collected.

Typically:

  • Client records are retained for seven years from the end of counselling, or longer where legally required.
  • Financial records are retained for six years for tax and accounting purposes.
  • Supervision materials are retained in line with clinical notes or are immediately anonymised.
  • Website analytics data is retained in accordance with Google Analytics settings.

After the relevant retention period has expired, personal data will be securely deleted or destroyed.

Cookies
My website uses cookies to distinguish you from other users and improve your experience.

These may include:

  • Strictly necessary cookies.
  • Performance and analytics cookies.
  • Functionality cookies.

Non‑essential cookies (including Google Analytics) are off by default and set only with your consent. The cookie banner provides equal “Accept” and “Reject” options and allows you to change your choices at any time. Google Analytics will only run after you consent. You can withdraw consent via the cookie banner settings.

A separate Cookie Policy on this website lists each non‑essential cookie, its purpose, provider, and duration. Further information about Google Analytics can be found in Google’s privacy information.

Your Rights
Under UK GDPR, you have the right to:

  • Access your personal data.
  • Request correction of inaccurate data.
  • Request deletion of your data (“right to erasure”).
  • Restrict processing.
  • Object to processing.
  • Request data portability.
  • Withdraw consent at any time where consent applies.
  • Lodge a complaint.

Some rights may be limited in certain circumstances (for example, where erasure would seriously impair clinical records or where I must retain data to comply with legal obligations). I may need to verify your identity before acting on a request. I will respond within one month of receipt and may extend by up to two further months for complex or multiple requests; if an extension applies, I will let you know.

You have the right to complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/ or by calling 0303 123 1113.

Subject Access Requests
You may request a copy of the personal information I hold about you. I will usually provide this free of charge and within one month, unless the request is complex or excessive, in which case I will explain any extension or applicable charge permitted by law. Usually free of charge. I may charge a reasonable fee for manifestly unfounded or excessive requests, or for additional copies.

Data Protection Complaints Procedure
If you have concerns about how I have handled your personal data, you have the right to make a complaint directly to me. Complaints can be made by email, telephone or in writing using the contact details above.

I will:

  • acknowledge your complaint within 10 working days of receiving it;
  • investigate your complaint fairly and without undue delay;
  • keep you informed of progress where appropriate; and
  • provide you with the outcome of your complaint without undue delay and explain any further steps available to you, including your right to complain to the Information Commissioner’s Office (ICO).

If you remain dissatisfied after my response, you have the right to raise your complaint with the ICO.

The ICO can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Further information about making a complaint is available via the ICO website.

Automated decision‑making and profiling
I do not use your personal data for automated decision‑making or profiling that produces legal or similarly significant effects.

Children’s data
My services are provided to adults. I do not knowingly collect children’s personal data via this website.

Data Breaches
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, I will comply with my legal obligations, including reporting the breach to the ICO without undue delay and, where feasible, within 72 hours, and notifying affected individuals where required by law.

Contact
If you have any questions about this Privacy Policy or how your personal data is handled, please contact:

Marian Stapley
Marian Stapley Counselling
10 Barnetts Field
Westergate
Chichester
PO20 3UD
Email: marianstapleycounselling@btinternet.com
Telephone: 07815 628911