Abi Hearn Counselling St Columb Major Newquay Cornwall

Disclosure and Barring service (DBS)

As a professional counsellor, I understand the importance of safety and trust in a therapeutic relationship. That’s why I pay a yearly fee to hold an enhanced Disclosure and Barring Service (DBS) check. This means that all of my information is held online and can be easily accessed by anyone using my unique code.

Downloads

BACP Registration

Safeguarding Policy

Confidentiality Policy

Please get in touch to request a copy of my Certificate of Insurance

BACP Abi Hearn Counselling - 92936
Abi Hearn Counselling Suicide Prevention Training

Privacy Notice & GDPR

This Privacy Notice explains how I, Abi Hearn, a person-centred counsellor and clinical supervisor, collect, store, and process your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I am committed to protecting your confidentiality and privacy. I am a registered member of the British Association for Counselling and Psychotherapy (BACP) (Membership No. 00749079, Register No. 92936) and abide by their ethical framework. I am also registered with the Information Commissioner’s Office (ICO), Registration No. ZA541843. Additionally, I am insured with Holistic Insurance.

What Data I Collect and Why

Type of Data Reason for Collection & Legal Basis
Name, Date of Birth, Occupation To understand the background and tailor counselling services.
Address, Email, Phone Number To contact you about appointments or in an emergency.
Emergency Contact In case you become unwell during a session.
GP Details If I have serious concerns about your safety.
Session Notes To keep professional records of therapy.
Sensitive Personal Data (e.g., mental health, ethnicity, beliefs) To assess needs and provide appropriate therapy.

Children and Young People:

When working with children and young people, I may also collect the contact details of parents or carers, as well as information relevant to the child’s well-being. This ensures appropriate communication and safeguarding measures.

Consent for Data Processing and Counselling

  • For clients under 16 years old: Written parental or carer consent is required to collect, store, and process personal data. However, a young person under 16 may consent to counselling themselves if they are assessed to be Gillick competent—meaning they have sufficient maturity and understanding to make their own decisions.
  • For clients aged 16 and over: Young people can provide their own consent for both data processing and counselling unless there are specific reasons that indicate parental involvement is necessary.

How I Store Your Data

Paper records (signed agreements, written notes) are stored in a locked filing cabinet.

Electronic records are password-protected and encrypted.

Phone numbers may be stored in my password-protected mobile phone.

How Long I Keep Your Data

  • Session notes are retained for 5 years after the end of therapy, as required by my Holistic Insurance policy and BACP ethical guidelines.
  • The following data is deleted/shredded 3 months after therapy ends:
    Personal information form
    Phone number from my mobile
    Emails regarding appointment arrangements

Freelance Work in Schools

When working in a school setting, I adhere to both my own GDPR privacy policy and the school’s data protection policies.

  • Data Control: If the school has referred a student, they may act as the data controller for certain information.
  • Information Sharing: Confidentiality is maintained, but safeguarding concerns may be shared with the school’s Designated Safeguarding Lead (DSL).
  • Record Keeping: Therapy notes remain confidential and are stored securely.
  • Communication: School email systems or communication tools may be used in line with their data security requirements.

Information for Parents and Carers

  • Confidentiality: While therapy is confidential, if there are safeguarding concerns or risks of harm, information may be shared with relevant authorities, including parents or carers.
  • Progress Updates: General updates can be provided to parents or carers upon request, without breaching the confidentiality of the therapy sessions.
  • Access to Records: Parents or carers may request access to their child’s records, subject to legal and ethical considerations.

Your Rights Under UK GDPR

You have the right to:

  • Request access to your personal data (Subject Access Request) – response within one month.
  • Request correction of inaccurate data.
    Withdraw consent for processing of special category data.
  • Request deletion of data (right to be forgotten) unless legally required to keep it.
  • Object to processing or restrict how data is used.
  • Complain to the ICO at www.ico.org.uk if you believe your data has been mishandled.

Data Sharing & Confidentiality

I will not share information with third parties unless:

  • You give explicit consent for me to liaise with another professional (e.g., GP, psychiatrist).
  • There is a risk of serious harm to you or someone else (safeguarding concerns).
  • I must legally disclose information (e.g., court order, terrorism laws).
  • My Clinical Supervisor needs to contact you if
  • I become incapacitated.

Contact Information

If you have any concerns about how your data is handled, please contact me directly. For further information, visit the ICO website www.ico.org.uk.

Last updated: February 2025