Data Protection Policy

1. Who We Are

The Welcome Room (“we”, “us”, “our”) is a UK-based affordable counselling service dedicated to providing accessible counselling. Your privacy and the security of your personal information are very important to us.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Information We Collect

We may collect and store the following personal data:

  • Contact details: name, email address, phone number

  • Demographic details: age, gender (if provided)

  • Emergency contact information

  • Relevant health/medical information: mental health history, medication (if disclosed voluntarily)

  • Session notes: brief factual notes from counselling sessions

  • Communication records: emails, texts, or messages between you and us

3. How We Use Your Data

We use your data to:

  • Provide counselling services to you

  • Communicate with you about appointments or services

  • Maintain appropriate client records

  • Meet legal or regulatory requirements (including risk of serious harm and safeguarding of a child or vulnerable adult)

  • Improve our service quality and accessibility

4. Lawful Basis for Processing

We process your data under the following lawful bases:

  • Consent: You give clear consent for us to process your personal data.

  • Contract: Processing is necessary to deliver the counselling services you’ve requested.

  • Legal obligation: To comply with the laws of England and Wales.

  • Legitimate interest: For administrative or service improvement purposes, in ways that do not override your rights.

5. Confidentiality & Data Sharing

Your information is kept confidential. We do not share your data with third parties unless:

  • We are legally required to (including risk of serious harm and safeguarding of a child or vulnerable adult, court order)

  • It is necessary to protect your life or the life of another person

  • You disclose information related to serious criminal activity

6. How We Store Your Data

Your data is stored securely using encrypted digital storage, password-protected files and locked filing cabinets. We use the principle that ‘sensitive information should be destroyed when its usefulness has expired’, BACP good practice in action guidelines.

7. Your Rights

You have the right to:

  • Access the data we hold about you

  • Request correction of inaccurate information

  • Request deletion of your data (in certain circumstances)

  • Restrict or object to data processing

  • Data portability (request your data in a digital format)

  • Withdraw consent at any time

To exercise your rights, please contact us at hello@thewelcomeroom.co.uk.

8. Data Breach Procedure

In the event of a data breach, we will take immediate steps to minimise harm, notify affected individuals, and report the breach to the Information Commissioner’s Office (ICO) where required.

9. Contact Us

If you have any questions, concerns, or requests relating to this Data Protection Policy, please get in touch with us using the contact details provided on our website.

You can also contact the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

Effective Date: 30/07/2025
Last Updated: 30/07/2025