Privacy Policy

Last updated: 14th June 2026

 

1. Who we are

Dawn Saxton Counselling & EMDR provides counselling and psychotherapy services to adults, children, and young people in the United Kingdom, including online therapy.

 

This privacy policy explains how Dawn Saxton Counselling & EMDR collects, uses, and protects your personal information.

 

I am Dawn Saxton, a counsellor/psychotherapist providing therapy services through Dawn Saxton Counselling & EMDR. I am registered with the Information Commissioner's Office (ICO) under registration number ZA796858, and I am an accredited registered member of BACP under registration number 385727.

 

For the purposes of data protection law, I am the Data Controller and Data Processor of your personal information under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

 

Contact Name: Dawn Saxton

Contact Email: dscounselling@protonmail.com

Contact Telephone No: 07915204031

 

Therapeutic Executor Name: Jayne Wassell (MBACP)

 

If you have any questions about this policy or how I handle your data, please contact me at dscounselling@protonmail.com.

 

2. What personal data we collect

I collect and process the following types of personal information:

Contact and administrative information:

• Your name, address, telephone number, and email  address

• Emergency contact details

• GP details (where relevant)

• Enquiry details submitted via our website contact form

 

Health and therapy-related information:

• Your presenting issues and reasons for seeking therapy

• Relevant medical and mental health history

• Information about current medications or treatments

• Brief session notes documenting our therapeutic work      together

• Assessment and progress information

 

Children & Young People:

• Parent/guardian contact details

• Parental responsibility information

• Developmental and educational background

• Consent forms

• Safeguarding and school information (if relevant

 

Important: Your health and therapy-related information is classified as "special category data" under Article 9(1) of the UK GDPR. This means it receives enhanced legal protection, and I can only process it under specific conditions set out in law.

 

3. How we collect your data

I collect your personal information directly from you in the following ways:

• When you first contact me to enquire about therapy (by phone, email, or through the website contact form

• During your initial assessment or intake session

• Throughout our ongoing therapy sessions

• Via email, telephone, or video call communications between sessions

• Through any forms or questionnaires, you complete as part of your therapy

 

I do not collect information about you from third parties without your knowledge, except where you have been referred through an Employee Assistance Programme (EAP), in which case I may receive limited referral information as part of that arrangement. 

This may also be through other online enquiry directories such as BACP, Counselling Directory and/or Psychology Today. 

 

4.Data storage and Web Cookies

Dawn Saxton Counselling & EMDR is hosted on the Wix.com platform. Wix.com provides us with an online platform that allows us to advertise our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.

Web cookies are used to:


• To provide a great experience for visitors and customers.


• To monitor and analyse the performance, operation and effectiveness of Wix's platform.


• To ensure our platform is secure and safe to use.

​



For more information about how cookies are managed, please see the Wix web page , where you can find further details.


I may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.


When you contact me via my website, as part of the process, I use personal information you give me, such as your name, address, and email address, so that I can respond to your query. Your personal information will be used for the specific reasons stated above only. Once I have responded to your query, I will delete your information, unless you then become a client. At that point, your details are kept in my secure record system as discussed when we contracted during our initial session. 

 

5. Why we process your data — lawful basis

Under UK GDPR, I need a lawful basis to process your personal information. Because therapy involves special category health data, I need to satisfy two separate legal requirements:

Article 6 basis (general personal data):

I rely on Article 6(1)(b) UK GDPR — processing is necessary for the performance of the therapeutic contract between us. When you engage me as your therapist, we enter into a contract for me to provide therapy services. Processing your personal data is essential for me to fulfil that contract.

Article 9 basis (special category health data):

I rely on Article 9(2)(h) UK GDPR — processing is necessary for the provision of health or social care treatment by a health professional. As a qualified counsellor/psychotherapist bound by professional confidentiality obligations, I am permitted to process your health information for the purpose of providing your therapy.

The additional condition required under UK law is found in DPA 2018 Schedule 1, Part 1, paragraph 2 (health or social care purposes).

 

6.How we Use Your Data

I use your data to:

• Provide counselling and psychotherapy

• Assess risk and protect safety

• Create and maintain confidential clinical records

• Communicate with you

• Manage appointments

• Process payments, which will be visible on banking statements and banking logs

• Comply with safeguarding responsibilities

• Undertake professional supervision (anonymised where possible)

• Respond to legal or regulatory requirements

 

I do not sell your data.

 

If you decide not to proceed, your personal data will be deleted within 14 DAYS. If you would prefer your information to be deleted sooner than this, please provide a written notice.

 

7.Online Therapy & Digital Security

When providing online therapy:

• Sessions are conducted via secure, encrypted platforms

• I do not use a recurring Zoom link

• I use a waiting room facility that only permits the person/s attending the therapy session

• I select providers that are GDPR-compliant where possible

• You are responsible for ensuring you are in a private space

• I recommend secure Wi-Fi connections

• I advise limiting sensitive details via email

 

Please note: no online system can be guaranteed 100% secure.

 

8.Professional Boundaries on Social Media

To protect your privacy and the therapeutic relationship:

• I do not accept friend or connection requests from current or former clients on personal social media accounts (e.g., Facebook, Instagram, LinkedIn, TikTok, etc.).

• I do not follow current clients on social media.

• I will not engage in therapeutic conversations via social media platforms.

• The content of sessions shall never be mentioned by me on social media, in blogs or anywhere else publicly, respecting client confidentiality. I shall never directly refer to my client work with any of my posts on social media platforms

 

This is not a rejection; it is to maintain clear professional boundaries and protect your confidentiality.

 

9. Confidentiality & Its Limits

Your information will not be shared without your consent except in the following circumstances:

I may disclose information if:

• There is a serious risk of harm to you or someone else

• There is a safeguarding concern involving a child or vulnerable person

• I am required by law or court order

• There is concern about terrorism, money laundering or other serious crime

• We are compelled by regulatory or professional body requirements

 

Where possible, I will inform you before disclosure.

 

10. Safeguarding Children & Young People

When working with children:

• I obtain parental consent before therapy begins (unless legally inappropriate)

• I explain confidentiality to the child in age-appropriate language

• I prioritise the child’s welfare

• I follow statutory safeguarding guidance

• I may liaise with parents, schools, GPs, or safeguarding agencies if required

 

Children’s rights to confidentiality will be respected in line with professional judgment and legal guidance.

 

11. How I Store Your Information

I use appropriate technical and organisational measures, including:

• Encrypted electronic record systems

• Password-protected devices

• Secure cloud storage (where applicable)

• Two separate locked filing cabinets (for paper records)

• Secure disposal methods (shredding/digital deletion)

 

Access is limited to authorised individuals only.

 

12.Contact information

• I will contact you as appropriate, for example, with appointment reminders, payment reminders, with requested information, in response to your contact via the contact form on my website, social media, or other electronic or other means.

• I may contact you to ask how you are if you have not attended a session and have not made any contact to ensure you are safe and/or if you wish to continue therapy. 

 

13. Professional obligations and supervision

I am required by the BACP to attend regular clinical supervision. Supervision is an essential part of ethical therapeutic practice — it helps me reflect on my work and ensures I am providing you with the best possible care.

When I discuss my therapeutic work with my supervisor:

• Your name and any identifying details are not shared with my supervisor

• I use anonymised or pseudonymised case material only

• My supervisor is a qualified professional bound by the same confidentiality obligations as I am

• My supervisor is bound by their own professional body's ethical framework

 

Supervision discussions are focused on the therapeutic process and my professional development, not on identifying individual clients.

​

14. Confidentiality exceptions

Everything you share with me in therapy is treated as confidential. However, there are rare circumstances where I may need to share information without your consent:

• Risk of serious harm: If I believe there is a serious and imminent risk of harm to you or to another person

• Safeguarding concerns: If I become aware of concerns about the safety or welfare of a child or vulnerable adult

• Legal requirement: If I receive a court order requiring disclosure, or in other limited circumstances required by law

In most cases, I will try to discuss any disclosure with you first, unless doing so would itself put someone at risk.

​

15. Clinical will — what happens to your records if I am unable to practise

In the event of being unable to practise due to serious illness, incapacity, or death.  I would be unable to contact you. In the event of this, I have a Therapeutic Executor, as named above on the policy. They will take care of contacting you. The clinical will ensure that a nominated professional (also bound by professional confidentiality) can securely manage or destroy records and, where appropriate, contact clients to offer support or referral.

 

 They will only have access to your details in this circumstance/ instance.

 

16. Who we share your data with

I treat your information as confidential and do not share it without good reason. However, the following parties may have access to your data in limited circumstances:

Clinical supervisor: As explained above, I discuss my therapeutic work in supervision using anonymised case material only. Your name and identifying details are not shared.

EAP or referral platform: Where you have been referred to me through an Employee Assistance Programme or similar referral arrangement, I may share limited information with the commissioning organisation as part of that arrangement. This is typically limited to confirming attendance and session count, not the content of our sessions. The specific information shared will be explained to you at the outset of therapy.

 

Third-party service providers: I use the following third-party services, which may process your data:

• Sign-request – This online e-signature website collects your personal details such as Name, Email address and details within the counselling contract.            

• Zoom — used for video therapy sessions where agreed

• Proton Mail- used for email communication

            

Each of these services is bound by a data processing agreement. Links to their privacy policies are available on request.

 

17. International data transfers

Some of the third-party services I use may transfer personal data outside the United Kingdom:

 

Where data is transferred to the USA, I rely on Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) as appropriate safeguards, in accordance with UK GDPR Chapter V and the updated requirements of the Data (Use and Access) Act 2025.

The USA does not currently have a UK adequacy decision, which is why these additional safeguards are necessary.

You can request a copy of the relevant transfer safeguards by contacting me at dscounselling@protonmail.com

 

18. How long we keep your data

I keep your personal information only for as long as necessary. My retention periods are:

Therapy records (adult clients)

7 years after our last session

In line with the Limitation Act 1980 and standard professional indemnity insurance requirements

​

Therapy records (clients under 18 at time of therapy)

Until the client reaches the age of 25

Extended retention to allow time for any claims after reaching adulthood

​

Financial records

6 years

HMRC legal requirement

​

Website enquiries 

12 months

​

Legitimate business purposes

After the applicable retention period:

• Paper records are securely shredded

• Electronic records are permanently deleted 

 

19. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right to be informed You have the right to know how I use your data. This privacy policy fulfils that right.

Right of access You can request a copy of the personal information I hold about you. This is known as a Subject Access Request. Under the Data (Use and Access) Act 2025, I will conduct a reasonable and proportionate search to locate your information and respond within one month.

Right to rectification If any information I hold about you is inaccurate or incomplete, you can ask me to correct it.

Right to erasure In certain circumstances, you can ask me to delete your personal data. However, this right does not apply where I need to keep your records to comply with professional guidelines or insurance requirements, or to defend potential legal claims.

Right to restrict processing You can ask me to limit how I use your data in certain circumstances, for example while a complaint is being investigated.

Right to data portability Where technically feasible, you can ask me to transfer your data to another provider in a commonly used electronic format.

Right to object You can object to certain types of processing. However, this is unlikely to apply to therapy records processed under the lawful bases I use.

Rights related to automated decision-making I do not use automated decision-making or profiling in my practice.

To exercise any of these rights, please contact me at dscounselling@protonmail.com I will respond within 30 days. There is no fee for most requests, though I may charge a reasonable fee if a request is manifestly unfounded or excessive.

 

20. Data protection complaints — your right under the Data (Use and Access) Act 2025

You have the right to make a data protection complaint directly to me. I take all complaints seriously and will investigate and respond promptly.

To make a complaint:

• Submit a complaint at https://www.dawnsaxtoncounselling.co.uk/contact (Contact me tab)

• Or contact me at dscounselling@protonmail.com

 

If you are not satisfied with my response, you may escalate your complaint to the Information Commissioner's Office (ICO):

• Website: ico.org.uk

• Telephone: 0303 123 1113

• Address: ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

 

21. Changes to this policy

I review this privacy policy annually and whenever my practices change significantly. If I make important changes that affect how I use your data, I will inform you directly.

The date at the top of this policy shows when it was last updated.

 

Contact

If you have any questions about this privacy policy or your personal data, please contact:

Dawn Saxton

dscounselling@protonmail.com