PRIVACY POLICY

This privacy notice explains how I collect, use, store and protect personal information in my therapy practice.

I am Nina Jellinek, a counsellor working online. I am the data controller for personal information I collect through Nina Jellinek Counselling.

This means I am responsible for deciding how personal information is used and for keeping it safe.

If you have any questions about this privacy notice, or about how your information is handled, you can contact me at:

Email: nina@jellinek.com

Phone: 07891 024 100

Website: NinaJellinek.com

This privacy notice applies to people who contact me about therapy, current and former clients, and visitors to my website.

Information I collect

I may collect and use the following information.

When you contact me, I may collect:

  • your name
  • your email address
  • your phone number
  • the information you choose to share in your enquiry
  • any preferences around contact, availability, or therapy format

 

If we arrange an initial call or begin therapy, I may also collect:

  • your address
  • your date of birth
  • your GP details
  • emergency contact details, where appropriate
  • relevant health, mental health, or wellbeing information
  • information about your personal history, relationships, work, identity, family, circumstances, and reasons for seeking therapy
  • brief clinical notes
  • attendance, payment, and appointment information
  • correspondence between us

Some of this information may be classed as special category data under UK data protection law. This includes information about health, mental health, sexuality, ethnicity, religion, or other sensitive areas where these are relevant to therapy.

I only collect information that is necessary for providing therapy safely, ethically, and professionally.

How I use your information

I use your personal information to:

  • respond to enquiries
  • arrange initial calls and appointments
  • provide therapy
  • keep appropriate clinical records
  • manage payments, invoices, and appointments
  • communicate with you about sessions
  • meet legal, professional, and ethical responsibilities
  • manage risk, safeguarding or emergency situations where necessary
  • maintain insurance, tax, and accounting records
  • respond to data protection requests or complaints

I do not sell your personal information.

Lawful basis for using your information

Under UK GDPR, I need a lawful basis for using personal information.

For different parts of my work, I may rely on different lawful bases under Article 6 UK GDPR. For example, I may rely on contract where processing is needed to arrange or provide therapy, legitimate interests where I need to run my practice safely and keep appropriate records, and legal obligation where I need to keep or share information to comply with the law.

  • contract: where information is needed to arrange and provide therapy
  • legitimate interests: where I need to use information to run my practice safely, respond to enquiries, keep appropriate records, and protect both you and me
  • legal obligation: where I need to keep or share information to comply with the law

 

Where I process special category data, such as information about health or mental health, I must also identify a separate condition under Article 9 UK GDPR before I begin that processing and reflect this in my privacy information. Depending on the reason for processing, I may also need to meet additional conditions and safeguards under the Data Protection Act 2018.

Where I ask for your consent for something specific, I will explain what I am asking for and whether you can withdraw that consent. Consent is not the only lawful basis available under data protection law, and I will only rely on it where it is appropriate to do so.

Confidentiality

Therapy is confidential, but confidentiality is not absolute. I will not share what you tell me unless there is a lawful, ethical, or safeguarding reason to do so, and where possible I will limit any sharing to the minimum information necessary.

There are some limits to confidentiality. I may need to share information if:

  • I believe there is a serious risk of harm to you or someone else
  • there is a safeguarding concern involving a child, vulnerable adult, or person at risk
  • I am required to do so by law, court order or legal process
  • disclosure is necessary to prevent or detect a serious crime
  • there is a medical emergency and information is needed to protect life
  • I need to consult my clinical supervisor, while protecting your identity as far as possible

 

Where possible and appropriate, I would aim to discuss this with you before sharing information. However, I may not be able to do so if this would increase risk, prejudice safeguarding action, undermine the purpose of the disclosure, or would otherwise not be possible.

Supervision

Like other ethical therapists, I use clinical supervision to support safe and effective practice.

In supervision, I may discuss aspects of client work to support safe and effective practice. I aim to minimise identifying detail where possible and appropriate, and my supervisor is also bound by confidentiality and professional standards.

Clinical notes and records

I keep brief clinical notes to support safe and ethical therapy. These are usually factual, proportionate, and relevant to the work.

Clinical records may include:

  • session dates
  • brief themes discussed
  • relevant risk, safeguarding or clinical information
  • agreed actions or important decisions
  • contact and administrative information

I do not aim to keep a full transcript of sessions.

How long do I keep information

I keep information only for as long as necessary for the purpose for which it was collected. Retention periods may vary depending on the type of record, the nature of the work, legal and professional requirements, and whether the work involved a child or young person. As a general guide:

  • enquiry information may be deleted if we do not begin therapy, usually within 3-6 months.
  • client records may be kept for up to 7 years after therapy ends, based insurance and ethical practice requirements
  • if the work involved a child or young person, a different retention period may apply
  • financial records may be kept for the period required for tax and accounting purposes
  • emails, messages, and administrative records are reviewed periodically and deleted when no longer needed
  •  

There may be times when I need to keep records for longer, for example where there are safeguarding, legal, insurance, complaint-related or professional-body reasons. I keep my retention periods under review and aim to make sure they remain justified and proportionate.

Where your information is stored

Your information may be stored in the following systems:

  • Website / contact form
  • Email: My private email server for @Jellinek.com or occasionally Gmail
  • Practice management or client records: Writeupp (A secure, GDPR compliant service for counsellors for recording notes; notes use partial initials, and no contact details are on Writeupp. Client contracts are kept on a secure computer and password protected.
  • Online sessions: I use Zoom for these sessions but links use initials
  • Payments / invoicing: bank transfer
  • Phone / messages: I use text, WhatsApp, and phone for contact

 

I use appropriate technical and organisational measures to keep information secure. This may include password protection, device security, two-factor authentication, restricted access, and secure storage.

Where I use external providers, they may process data on my behalf. I aim to use reputable providers with appropriate data protection and security arrangements.

Online therapy

If we work online, sessions will take place using Zoom. I will take reasonable steps to protect confidentiality from my side, and I ask that you also choose a private space where you cannot easily be overheard or interrupted.

Online platforms may process technical information such as IP address, device information or connection data. Please also check the privacy notice of the platform we use if you would like more detail.

Info re AI tools, transcription and recording

I do not record, transcribe, or use AI tools to process therapy sessions.

I may use digital tools for general practice administration, writing, planning or education. Where I do, I avoid putting identifiable client material into tools that are not appropriate for confidential clinical information, and I take data protection and confidentiality into account when choosing how to use those tools.

Website visitors and cookies

When you visit NinaJellinek.com, some technical information may be collected automatically, such as your IP address, device type, browser type, pages visited and the time of your visit. This may happen through website hosting, security, analytics, or cookie tools.

My website is hosted by Timpani Group Ltd. The website may use cookies or similar technologies to make the site work, improve performance, understand visitor behaviour, or support security.

You can usually control cookies through your browser settings. If I use cookies or similar technologies that are not strictly necessary, I will endeavour to make sure the website provides the level of notice, choice or consent required by law. In some cases, current UK rules may allow limited exemptions for certain analytics or functionality cookies, but only where the legal conditions for those exemptions are met.

Sharing your information

I will not share your personal information unless there is a clear reason to do so. Depending on the circumstances, I may share limited information with the following people or organisations where this is necessary, proportionate, and lawful:

  • my clinical supervisor
  • professional advisers, such as an accountant, insurer, or legal adviser
  • my professional body (NCPS), if required in relation to a complaint or ethical matter
  • safeguarding services, emergency services or your GP, where there is serious risk or safeguarding concern
  • a court or legal authority, if required by law
  • an appointed clinical executor if I die or become unable to contact clients myself
  • trusted digital service providers who process data on my behalf
  •  

Where I share information, I aim to share only what is relevant and necessary for that purpose. If I or one of my providers transfers personal information outside the UK to a separate organisation, I will only do so where the law allows it and an appropriate transfer mechanism or other safeguard is in place where required.

Clinical will

I aim to have arrangements in place so that clients can be contacted if I die or become seriously incapacitated.

This may involve a trusted professional colleague or clinical executor having access to the minimum information needed to contact current clients and manage records appropriately. That person would be bound by confidentiality, would only access information if necessary, and would not take on an ongoing therapeutic role unless separately agreed and appropriate.

Your rights

Under UK data protection law, you have rights over your personal information. These may include the right to:

  • be informed about how your data is used
  • access a copy of your personal information
  • ask for inaccurate information to be corrected
  • ask for information to be deleted in some circumstances
  • restrict or object to certain processing
  • complain about how your information has been handled

 

Some rights are not absolute and may depend on the circumstances. For example, I may need to keep some information for legal, professional, safeguarding, insurance or complaint-related reasons, and there may be limits on what can be disclosed where information includes third-party data or where a relevant exemption applies.

If you would like to exercise your rights, please contact me using the details above. I will respond to a request about your rights within one month. If a request is particularly complex, or if I need to consider whether any restriction or exemption applies, I may need longer, in which case I will let you know.

Data protection concerns and complaints

If you have a concern about how I have handled your personal information, you can make a data protection complaint by contacting me using the details in this notice. I will acknowledge your complaint within 30 days and take appropriate steps to look into it without undue delay.

Please include:

  • your name
  • what your concern is about
  • what you would like me to look into
  • how you would prefer me to respond

 

I will investigate your complaint as appropriate, keep you informed where necessary, and tell you the outcome without undue delay.

If you are not satisfied with my response, or if you would prefer to contact the UK regulator directly, you can contact the Information Commissioner’s Office:

 

Information Commissioner’s Office

Website: www.ico.org.uk

Telephone: 0303 123 1113

 

If you are not satisfied with my response, you can also contact my professional membership body here:

 https://ncps.com/complaints/complaints-concerns-procedure

Changes to this privacy policy

I may update this privacy notice from time to time to reflect changes in my practice, legal requirements, professional guidance or the systems I use.

The latest version will be available on my website.