top of page

Privacy Policy

Your privacy is essential to me. You can be confident that your personal information will be kept safe and secure and will only be used to fulfil my contractual responsibilities to you as a Psychotherapist/Counsellor.


This policy details how I will collect data and what I will do with your personal information from the initial point of contact to after your therapy has ended. and your rights regarding your data.


I adhere to current data protection legislation, including the General Data Protection Regulation (E.U./2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (E.C. Directive) Regulations 2003.


I am happy to discuss any questions you might have about my data protection policy, and you can contact me via phone on 07375 026885 or  

'Data controller is the term used to describe the person/organisation that collects, stores, and has responsibility for people's data. In this instance, the data controller is me, Barbara Luc of 7 Leysfield Road, London W12 9JF.

I am registered with the Information Commissioner's Office (A8739217)

How will my personal information be collected?

I will collect your personal information in the following ways: via my website:, over the telephone, during a video conference, in writing and person during our meetings.

Why am I able to process your information, and what purpose I am processing it for?

The GDPR states that I must have a lawful basis for processing your data. Different legal bases depend on the stage at which I am processing your data. I have explained these below:

  1. If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.

  2. If you are currently having therapy or are in contact with me to consider treatment, I will process your data where necessary for our contract's performance.

  3. The GDPR also makes sure that I appropriately look after any sensitive personal information that you may disclose to me. This type of information is called 'special category personal information.

What is 'special category information, and why do you need to process this too?

Special category information is defined by the GDPR as being information that is more sensitive than other personal information, therefore requiring higher levels of protection. Examples of this type of information could include information about your health, race, sexuality, or religion. To lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you. The condition of the GDPR that I apply to the processing of your special category information is that it is 'pursuant to contract with a health professional'. This means that if you either commence psychotherapy with me or ask me to assess your eligibility for psychotherapy with me, then I will likely need to process some particular category information about you. Usually, this is information about your mental health, and I need to process it to fulfil my contractual responsibilities to deliver safe, efficient psychotherapy.


How do I store your information?

I will store your personal information electronically. Even if initially I may collect physical details, they will be transferred to electronic storage. Personal information is stored electronically on passwords and/or fingerprint I.D. protected and in files that are password protected and only accessible by me. Names and contact details will be anonymised and stored separately from other personal information.


How is your information used?

When you contact me with an enquiry about my counselling services, I will collect information to help me fulfil your enquiry. This will include your name, address, contact number/e-mail address, availability, any psychological issues you would like to talk about, and symptoms.

Once we have decided that psychotherapy with me is suitable for you and your therapy commences, I will collect further information from you that may include: your G.P. contact details, previous treatment, any goals you may want to focus on, current medication,  your support network, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, an overview of your family situation, and early memories of caregivers.

 Alternatively, your G.P. or other health professionals/referrer may send me your details when making a referral. A parent or trusted individual may give me your details when enquiring on your behalf.

If you decide not to proceed, I will ensure all your data is deleted within one year. If you would like me to delete this information sooner, just let me know.


How long will you store my personal information?

According to the GDPR, your personal information should be stored for no longer than is necessary. I will typically keep your data for a minimum of 7 years following the termination of our contract with each other and then securely destroyed. However, I may need to store your information for longer than this, for instance, to defend myself in a claim situation or comply with my insurance terms and conditions.


What about my confidentiality while I am accessing counselling?

Rest assured that everything you discuss with me is confidential.

That confidentiality will only be broken if I feel you may be at risk of harm to yourself or others or if I am compelled to by a court of law.

I will always try to speak to you about this first unless safeguarding issues prevent this.


Whom will my personal information be shared with?

I sometimes share personal data with third parties (for example, G.P. or other healthcare professionals, telephone providers, etc.) under certain exceptional circumstances), where I have contracted with a supplier to carry out specific tasks. In such cases, I have carefully selected which partners I work with. Some of your personal information, such as telephone call data, or payment information, is shared with the website provider, mobile phone operator, or card payment provider, respectively. These providers operate under their privacy policies, and these can be provided upon request.

Can I receive a copy of the personal information that you store about me?

Yes. The DPA gives you the right to find out what information I store about you by requesting a copy. Any request you make to obtain a copy of the personal data that I hold about you is called a 'Subject Access Request'. You can write to me and ask for a copy of the information I hold about you via emailing I must respond to your request without delay, and usually within one month at the latest. I may charge a fee for providing this information based on the administrative costs involved.

Can I request that you delete the information you hold about me?

Yes. This is known in the new legislation as the Right to Erasure. You can request for your personal information to be deleted either verbally or in writing. There may be an administrative charge for this. It may mean that I may have the right to refuse to comply with your request, for example, to defend myself in a claim situation or comply with my insurance terms and conditions, and I will let you know my response to your request within one month of receiving it. It may also mean that I will not be able to offer you therapy any longer.


Can I object or complain about the processing of my personal information? 

Yes. Although I hope you are appropriately reassured after reading the policy outlined above of the security of your personal information, should you wish to object or complain about how I am handling your data, please do feel free to communicate this to me at the earliest possible opportunity. I will do my best to address your concerns and take steps to try and resolve whatever issues you may raise. You can write to me directly via email.

Should you wish to take the matter further, please contact the Information Commissioner's Office on 0303 123 1123, or visit for more information.

bottom of page