Privacy Policy
This policy explains how Counselling Matters collects, uses, stores, shares and protects personal data when people use this website, contact the organisation, complete forms, book events, sign up for updates or otherwise interact with the site.
Contents
- Who we are
- What personal data we collect
- Special category data
- How data is collected
- How we use personal data
- Lawful bases
- Mailing list and event updates
- Cookies and similar technologies
- Who data may be shared with
- International transfers
- Retention
- Security
- Your rights
- How to complain
- Changes to this policy
Who we are
Counselling Matters is a trading style of Counselling Connections, a private limited company registered in England and Wales with company number 11564334. The registered office and other organisation details are as set out on this website.
For the purposes of UK data protection law, Counselling Connections is the controller of the personal data collected through this website unless this policy states otherwise.
The organisation is registered with the Information Commissioner’s Office under registration number C1541097.
What personal data we collect
Depending on how this website is used, personal data collected may include:
- Name, email address, telephone number and postal details.
- Information submitted through the contact form, referral form, event booking form and mailing list sign-up form.
- Booking and attendance information relating to events.
- Communications sent by email, web form or other contact routes made available on the site.
- Technical information such as IP address, browser type, device information, referral source, pages viewed and interaction data.
- Comment data, where comments are enabled, including the information entered in the comment form and associated anti-spam information.
- Information required to administer accounts, website security, anti-spam and analytics services.
Special category data
Some forms and assessments available through this website may collect information relating to mental health, including depression and anxiety assessment responses. Information about an individual’s mental health is special category personal data under UK GDPR and receives additional legal protection.
Special category data will only be processed where a valid condition under data protection law applies in addition to a lawful basis under Article 6 UK GDPR. Depending on the service, this may include explicit consent, the provision of health or social care, safeguarding-related reasons, or the establishment, exercise or defence of legal claims where applicable.
People should avoid including unnecessary sensitive personal data in general enquiries unless it is relevant to the support, referral or service requested.
How data is collected
Personal data is collected directly from individuals when they complete website forms, book onto events, sign up for the mailing list, complete assessments, leave comments, email the organisation or otherwise contact Counselling Matters.
Technical data is collected automatically through cookies, analytics technologies, server logs, security tools and anti-spam services used to operate and protect the website.
Form responses are stored in the website database where the relevant forms or assessments are configured to do so.
How we use personal data
Personal data may be used to:
- Respond to enquiries and administer requests made through the website.
- Process referrals, event bookings and mailing list subscriptions.
- Provide information about events and related activities where a person has subscribed to receive updates.
- Administer assessments and related support or signposting functions.
- Operate, maintain, troubleshoot and secure the website.
- Prevent spam, abuse, fraud and unauthorised access.
- Measure website use and improve website content, structure and performance.
- Comply with legal, regulatory, safeguarding and risk-management obligations.
Lawful bases
Personal data is processed only where there is a lawful basis under UK GDPR. The lawful basis used depends on the activity involved.
| Purpose | Typical data | Lawful basis |
|---|---|---|
| Responding to enquiries and managing requests | Contact details, message content, related records | Legitimate interests, and where applicable steps requested before entering into a contract |
| Referrals, event bookings and service administration | Identity, contact and booking/referral information | Legitimate interests, contract-related steps, and other bases as required by the circumstances |
| Event mailing list | Name, email address, subscription preferences | Consent |
| Depression and anxiety assessments and related sensitive information | Mental-health-related responses and associated identifiers | Article 6 lawful basis plus an additional special category condition under Article 9 UK GDPR, depending on the context |
| Security, anti-spam and website protection | IP address, device/browser data, request metadata | Legitimate interests |
| Website analytics and performance improvement | Usage data, identifiers, device and browser information | Legitimate interests, subject to PECR and cookie rules |
Where consent is relied on, consent may be withdrawn at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.
Mailing list and event updates
The website includes a sign-up form for email updates about upcoming events. These messages are sent on the basis of consent.
Subscriptions are gathered through a form on the website and are configured to use double opt-in. This means a person must confirm their subscription before being added to the mailing list.
Each email should contain a clear unsubscribe option. If consent is withdrawn, mailing list records should be updated promptly so that future event messages are not sent.
International transfers
Counselling Matters does not transfer personal data outside the UK or EU as part of its ordinary operations. However, some service providers used through this website may process data in other countries in the course of providing their services.
Where an international transfer takes place, appropriate safeguards will be used where required under UK data protection law, such as an adequacy decision or approved contractual protections.
Retention
Personal data is kept only for as long as necessary for the purpose for which it was collected, together with any period needed for legal, regulatory, safeguarding, insurance, dispute-resolution or legitimate business purposes. Unless a different retention period is required in a specific case, the following default periods apply.
- General enquiries that do not lead to an ongoing service: normally up to twelve months after the last substantive contact.
- Referral and event booking records: normally up to two years after the event or referral closure, unless a longer period is justified.
- Mailing list records: active while subscribed; unsubscribe and suppression records may be kept for up to seven years to demonstrate compliance with consent and opt-out requirements.
- Assessment responses and related sensitive form submissions: retained only for as long as necessary for the relevant support, referral, safeguarding or administrative purpose, and normally reviewed at least annually. Assessment responses are not stored unless the user asked us to contact them.
- Analytics data: retained in accordance with the settings of the analytics tools in use and normally no longer than 26 months.
- Server, security and anti-spam logs: normally between 30 days and 12 months depending on operational need and incident history.
- Comment data and associated metadata: retained until deletion is requested, moderation requires removal, or the comments function is discontinued.
Different periods may apply where the law requires longer retention or where shorter retention is appropriate.
Security
Appropriate technical and organisational measures are used to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These measures may include access controls, software updates, secure hosting, spam and intrusion protection, encryption where appropriate, backups and restricted administrative access.
Although reasonable steps are taken to protect data, no method of transmitting information over the internet or storing data electronically can be guaranteed to be completely secure.
Your rights
Under UK data protection law, individuals may have the right to:
- be informed about how personal data is used;
- request access to personal data;
- request correction of inaccurate or incomplete personal data;
- request erasure in certain circumstances;
- request restriction of processing in certain circumstances;
- object to processing in certain circumstances;
- request data portability where applicable; and
- withdraw consent at any time where consent is the basis relied on.
Requests may be made by email using the contact details set out in this policy. Proof of identity may be required before a request is actioned.
How to complain
If there are any concerns about how personal data is handled, a complaint may be made by email to directors@counselling-matters.org.uk or by using the website contact form.
A complaint will be acknowledged within thirty days of receipt and appropriate steps will then be taken to investigate and respond without undue delay. The outcome of the complaint will be communicated as soon as reasonably possible.
If a complaint is not resolved satisfactorily, there is also a right to complain to the Information Commissioner’s Office. Information about the ICO is available at ico.org.uk.
Changes to this policy
This policy may be updated from time to time to reflect legal, technical or operational changes, or future changes to forms, cookies, analytics, embeds or service providers.
When material changes are made, the updated version will be published on this page and the revision date will be changed accordingly.






