Privacy Policy

New Leaf Counselling Privacy Policy

When you entrust me with your personal data I, Karen Batty, take my responsibility to protect it very seriously. I respect your privacy and your rights and want to be clear about the data I collect, why I collect it, how it is stored, and what happens to it when we stop meeting. To this end, this privacy policy explains how I will keep and protect your data; thereby, meeting the associated legal requirements and regulation, as well as recognised good practice. Central to this is my registration, and the registration of New Leaf Counselling, with the Information Commissioner’s Office (ICO) which is a government body that upholds information rights and individual data privacy. My registration with the ICO can be found using my registration number A8492597.

What is the General Data Protection Regulation 2018 (GDPR)

The regulation of personal data is laid out in the General Data Protection Regulation 2018 (GDPR), which is available on the ICO website  In complying with these GDPR regulations I am obliged to ensure that your personal data is:

  • Accurate and up to date.
  • Stored securely to prevent data loss, misuse and unauthorised access.
  • Retained for the purpose of my work with you only.

By following the GDPR I ensure that any sensitive personal information that you may disclose to me is managed appropriately. This type of information is called ‘special category personal information’. The lawful basis for my use of special categories of personal information is to provide health treatment, in this case counselling, and is therefore a necessary part of your contract with me as a health professional.

Your personal data and how I use it

When you first enquire about therapy I will collect basic personal information for contact and identification reasons. For example, I will need your contact details to be able to get in touch with you to manage appointments and to send you appointment reminder requests if you would like them.  

As well as collecting and storing personal information such as name, email address, phone number, and date of birth, I will also ask for the address and name of your GP, but I would only contact your GP under specific circumstances (see the confidentiality section). I may also need you to give me information on medical conditions and prescribed medications relevant to the counselling service provided.

As a record of our counselling sessions, I will keep brief session notes on what we discuss in therapy to remind us both of the work we are doing. These will include personal and sensitive details about your life. The notes are used solely for the delivery of a therapy service to you.

Storage of personal data

I store all hardcopy personal information and session notes in a locked filing cabinet.  Legally, I am required to retain these for 7 years for adults and up to the age of 21 for a child or a teenager, at which time they will be shredded.  I will store your contact details and emails electronically. These will be deleted one month after your last session or, in the case of emails, printed as a hardcopy record. All text messages will be stored electronically and deleted within one month of sending. 


To ensure confidentiality, all adult sessions will be conducted in accordance with the GDPR regulations. There are particular regulations covering confidentiality arrangements when working with children and teenagers which can be found ‘Working with Children and Teenager Policy.

Irrespective of age, all session notes will remain confidential and anonymised under a case number, with the following exceptions:

  • When you have given your permission to share information for example, statistical data.
  • In cases where I am compelled to give evidence by a court of law.
  • If I consider there is a real possibility of harm to yourself or others, or in such instances when the information is of such a nature that confidentiality cannot be maintained for example:
    • Safeguarding adults (adult protection)
    • Safeguarding children (child protection)
    • Offences involving children under the age of 18.
    • In cases of terrorism, fraud or money laundering.

In all other circumstances I will seek your permission to:

  • Contact you via your preferred method and will only leave a message with your consent.
  • Share information outside of the above exceptions.
  • Use anonymous details for continued professional development (case studies or training).
  • Publish any marketing material such as case studies or testimonials including those using a pseudonym.


In managing and optimising my website I use cookies to identify which pages are being used. This helps me analyse data via Google Analytics to improve the website and tailor it to customer needs. By accepting cookies, a small file is placed on your computer’s hard drive allowing my website to recognise you and respond to you as an individual, tailoring its operations to your needs and preferences.

Google Analytics

Each time you visit a website Google Analytics automatically tracks information such as your geographical location, IP address, browser type, browser version, operating system, referral source, page views, length of visit, the times and dates you visit the site, navigation paths, and whether you are a new visitor or a returning visitor.  When you visit the information collected by Google Analytics may be used to customise the website according to your interests and help improve products and services.

Social Media

New Leaf Counselling uses Facebook. If you make contact via this means then Facebook’s own privacy policies need to be considered. To access these policies please click on the link.

Online Payments

If you use PayPal for payment, PayPal will store a record of the payment. To access their privacy policy please click on the link.

Online / Telephone Counselling 

New Leaf Counselling uses Zoom. They have their own privacy terms which you can access on their website.

Links to external websites

My website may contain links to other websites. However, once you have used these links to leave you should note that I do not have any control over these websites. Therefore, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. 

Data Breach

All personal and sensitive data held by New Leaf Counselling is held securely. Electronic data stored on a computer is stored on a password protected computer, in a password protected account held on the computer.  Hardcopy data is held securely in a locked cabinet with the only keyholder named as Karen Batty Data Controller.  In the unlikely event of a data breach, I comply with the regulations set out under Article 33 of the GDPR.

Your Rights’ Controlling your personal information

You may choose to restrict the collection or use of your personal information. If you have previously agreed to using your anonymous personal information for continued professional development or marketing purposes you may change your mind at any time by writing to Karen Batty at

You may request details of personal information which I hold about you under the General Data Protection Regulation 2018 (GDPR). If you would like a copy of any stored personal information, please email me at

I aim to keep all personal data up to date, if you believe that any information we are holding about you is incorrect or incomplete, please let me know as soon as possible and I will correct any information found to be incorrect.

Amendments and Updates

This Privacy Notice was last updated in January 2023

How to contact New Leaf Counselling about this privacy Policy

Karen Batty is responsible for this privacy notice and can answer any questions you may have regarding it. Please contact me at

The ICO can be contacted at:

ICO website: or Telephone: 0303 123 1113

Create a website or blog at