Get in touch
A blue and black McGill Counselling Logo
A blue and black McGill Counselling Logo

Privacy Policy

Privacy Notice

McGill Counselling
Last updated: February 2026

Summary

  • I am the data controller for McGill Counselling.
  • I collect personal and health information in order to provide counselling services.
  • I rely on contract and health-care legal bases to process your information.
  • Client records are retained for seven years (longer where required for those under 18).
  • Your information is confidential, subject to safeguarding and legal limits.
  • You have rights under UK data protection law.
  • Non-essential website cookies are used only with your consent.

Full details are set out below.

Table Of Contents

1. Who I Am

Danny McGill, trading as McGill Counselling, is the data controller for the personal information you provide.

Email: danny@mcgillcounselling.com
ICO Registration Number: ZB770488

I am a member of the British Association for Counselling and Psychotherapy (BACP) and adhere to its Ethical Framework.

If you require a postal address for formal correspondence, please contact me by email.

2. Who This Notice Applies To

This notice applies to:

  • Clients aged 16 and over
  • Prospective clients making enquiries
  • Visitors to the McGill Counselling website

For clients aged 16–17, therapy is confidential between myself and the young person. Parents, carers, partners, or employers who fund sessions are contacted only in relation to payment matters unless safeguarding or legal obligations require otherwise.

3. What Information I Collect

Enquiries

When you make an enquiry (via email, website form, phone message, or social media), I may collect:

  • Your name
  • Email address and/or phone number
  • Preferred appointment times
  • A brief description of your presenting concerns
  • How you heard about the service

Assessment and Therapy

If you proceed to therapy, I may collect:

  • Full name
  • Date of birth
  • Home address
  • Contact details
  • Preferred method of contact
  • Emergency contact details and relationship
  • Relevant medical and mental health history
  • Medication information
  • Accessibility needs or preferences
  • Brief factual session notes
  • Outcome measures
  • Safety plans (where clinically appropriate)

If you disclose information about criminal matters, safeguarding concerns, or other sensitive topics during sessions, this may be recorded where clinically relevant.

I do not record therapy sessions.

4. Lawful Basis for Processing

Under UK GDPR, I rely on the following lawful bases:

Article 6 – Personal Data

  • Contract – to provide counselling services.
  • Legitimate Interests – to retain records for professional, insurance, and legal protection.

Article 9 – Special Category (Health) Data

  • Provision of health or social care (Article 9(2)(h)).

Processing is undertaken under a professional duty of confidentiality.

5. How Your Information Is Used

Your information is used to:

  • Provide counselling services
  • Manage appointments and communication
  • Maintain professional clinical records
  • Comply with legal, safeguarding, and regulatory obligations
  • Defend potential legal claims

6. Confidentiality and Supervision

All counselling sessions are confidential.

However, information may be disclosed where:

  • There is a risk of serious harm to you or others
  • Safeguarding concerns arise
  • Disclosure is required by law or court order
  • Necessary for insurance, complaints handling, or legal defence

I undertake individual, group, and peer supervision. All discussions are fully anonymised and conducted verbally only.

Where appropriate and safe to do so, I aim to discuss any necessary disclosure with you first. However, this cannot always be guaranteed.

7. Communication Methods

Email, SMS, and WhatsApp are primarily used for administrative purposes (for example, appointment reminders or scheduling changes).

Email and WhatsApp may occasionally be used to share therapeutic resources or blank worksheets discussed in session. If you choose to return completed materials electronically, please be aware that email and messaging services carry some inherent security risks and are not fully secure.

These communication channels are not suitable for crisis communication or detailed therapeutic processing.

Social media platforms may be used for initial enquiries only. Clients are advised not to share sensitive personal information via social media. Where possible, communication is transferred to secure channels. Inactive enquiries are archived or deleted within a reasonable period.

8. How Long I Keep Your Information

Records are retained in accordance with professional indemnity insurance and legal obligations:

  • Adult client records: 7 years after the final session
  • Clients aged 16–17: 7 years after turning 18, or 7 years after the final session (whichever is longer)
  • Enquiries that do not proceed to therapy: up to 12 months
  • Financial records and invoices: minimum 6 years (HMRC requirement)

After retention periods expire, records are securely destroyed.

9. How Your Information Is Stored and Protected

I use appropriate technical and organisational measures to protect your information, including:

  • Secure locked storage for paper records
  • Encrypted devices with password protection and multi-factor authentication
  • Secure cloud storage services
  • Email systems with access controls
  • Scheduling software holding only minimal identifying information
  • Accounting and payment processing systems

Only the minimum necessary information is stored within administrative systems.

While reasonable steps are taken to protect electronic communications and stored data, no online method can be guaranteed completely secure.

10. International Data Transfers

Some third-party service providers used to support the operation of the practice (such as cloud storage, analytics, email, scheduling, or payment processing services) may process data outside the United Kingdom.

Where this occurs, appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses or International Data Transfer Addendums, to ensure your information remains protected.

11. Your Data Protection Rights

Under UK data protection law, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate information
  • Request erasure (subject to professional and legal obligations)
  • Restrict or object to certain processing
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests should be made by email. I will respond within one month. Proof of identity may be required.

In certain circumstances, information may be withheld or redacted where disclosure would cause serious harm or involve third-party data.

ICO website: www.ico.org.uk

12. Website Cookies

This website uses:

  • Essential cookies (necessary for site functionality)
  • Analytics cookies (used only with your consent)
  • Embedded services such as Google Fonts and Google Maps

Non-essential cookies are used only with your consent via the website cookie banner. You may accept, reject, or customise cookie preferences. Consent can be withdrawn or changed at any time using the cookie settings link on the website.

13. Changes to This Notice

This Privacy Notice may be updated periodically to reflect changes in legal, professional, or operational requirements. The most recent version will always be available on this website.

A blue and white McGill Counselling logo

Services Offered

Useful Links

McGill Counselling © 2024. All Rights Reserved.