top of page

Privacy & Digital Policy

Purple Blossom Counselling

Privacy Policy​​

​

Your privacy is very important to Purple Blossom Counselling and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

 

This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:

​

  • Why I am able to process your information and what purpose I am processing it for

  • Whether you have to provide it to me

  • How long I store it for

  • Whether there are other recipients of your personal information

  • Whether I intend to transfer it to another country,

  • Whether I do automated decision-making or profiling, and

  • Your data protection rights.


I am happy to chat through any questions you might have about my data protection policy and you can contact me via email at laura@purpleblossomcounselling.co.uk.


‘Data controller’ is the term used to describe the person / organisation that collects and stores and has responsibility for people’s personal data.  In this instance, the data controller is me [Laura Stoops]. 

 

I am registered with the Information Commissioner’s Office, reference number: ZB584571.


My postal address is: 18 Briar Hill, Belfast, BT8 6XW.  My phone number is: 07342498730. My email address is: laura@purpleblossomcounselling.co.uk

​

My lawful basis for holding and using your personal information

​

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have
explained these below:

 

If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.

​

If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

​

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately.  This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is consent initially. I will then retain any counselling records in case of the need to reference them in the future (the official legal basis is to defend against potential legal claims).

​

How I use your information

​

General enquiry & website

​

When you contact me via my website, Wix acts as the platform provider. Any information shared via the contact form is sent to me via Gmail. If you do not proceed with therapy, I delete this correspondence after 1 month. I use Google Analytics on my website to monitor traffic and improve my services; you can manage this via the cookie banner on the site.

 

New client initial chat appointment


When you book an initial chat appointment, I will ask for some information to help ensure you get the most from the time. This will include your name, contact number, email address and brief details of what you would like to discuss.  This information is collected and stored within Google Workspace

​

Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when booking an initial chat on your behalf.


I will ensure all your personal data is deleted within 7 years of my last contact with you. If you would like me to delete this information sooner, just let me know.

​

Before your first session

​

If you decide to begin counselling, you will be asked for some information.  This information will include, your name, your date of birth, contact details for your GP (I will only contact them if you ask me to, or if there is serious risk of harm to you), details of any medical conditions, brief details on what you would like to work on in counselling.

​

If you are having online or telephone counselling, you will be asked for some additional information.  This additional information includes, a second contact method (phone number) for use should the connection fail during a session, an emergency contact name, and an emergency contact number. 

​

All of this information will be securely stored in Google Workspace.  This information will be deleted 7 years after our last contact.  If you would like me to delete this information sooner, just let me know.

​

While you are accessing counselling


Rest assured that everything you discuss with me is confidential.  That confidentiality will only be broken if any of the below occur:

​

  • There is risk of harm to you or others

  • You share details of a serious crime (e.g. terrorist activities)

  • I am compelled by a court of law

  • You ask me to.

​

I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.

​

I will keep a record of your personal details to help the counselling services run smoothly. These details are kept securely using Google Workspace (read their privacy policy here, https://policies.google.com/privacy?hl=en-UK) and are not shared with any third party. 

 

I will keep brief, digital notes of each session, these are kept securely in Google Workspace. 

 

For security reasons I do not retain text messages for more than 1 month. If there is relevant information contained in a text message I will add it securely to your client record on Google Workspace. Likewise, any email correspondence will be deleted after 1 month if it is not important. If necessary I will add it securely to your client record on Google Workspace.

​

Communication via WhatsApp


If you choose to contact me via WhatsApp, please be aware that while the content of messages is end-to-end encrypted, WhatsApp collects metadata (such as your phone number and usage patterns) which is processed by Meta. I use WhatsApp Business for [scheduling/administrative] purposes only. To protect your privacy, I request that you do not share sensitive clinical information via this platform.  I will use this method of communication to send you appointment reminders.  You have the right to object to this method of communication at any time.

 

After counselling has ended

​

Once counselling has ended your records will be kept for 7 years from the end of our contact with each other and are then securely destroyed. If you want me to delete your information sooner than this, please tell me.

​

How long I store your data for

​

  • Enquiries: 1 month if therapy does not commence.

  • Clinical Records & Financial Data: I retain these for 7 years after our last contact. After this period, they are securely destroyed.

​

Fees and Payment

​

If you choose to prepay for your sessions, or to pay online in advance of each session, your payment details will be processed using Stripe.  To read more about Stripe and their privacy policy, click here: https://stripe.com/gb/privacy.

​

Once you have booked an individual session or prepay package, you will receive a receipt for your payment via Quickbooks.  Your contact details will be stored in Quickbooks and receipts/invoices sent to you through the Quickbooks software.  To understand more about Quickbooks and to read their privacy policy, click here: https://quickbooks.intuit.com/hk/privacy/.

​

Data Minimisation 

​

To protect your privacy, I use pseudonymised Client IDs (e.g., C-101) within QuickBooks so that financial records and tax processing do not explicitly link your name to clinical session details.

​

Third party recipients of personal data

​

I have carefully selected professional partners to ensure your data is handled securely. These include:

​

  • Google Workspace: For clinical notes and email (Privacy Policy: Google).

  • Google Analytics: For monitoring website traffic and managing marketing (Privacy Policy: Google)

  • Wix: For website hosting and initial enquiries (Privacy Policy: Wix).

  • Stripe: For secure payment processing (Privacy Policy: Stripe).

  • QuickBooks Online: For accounting and receipts (Privacy Policy: QuickBooks).

  • Whatsapp: For scheduling / administrative purposes (Privacy Policy: Whatsapp)

 

All these providers are compliant with UK GDPR. Where data is processed outside the UK/EEA, it is protected by Standard Contractual Clauses or the UK-US Data Bridge.

​

I have registered with the Information Commissioner's Office (ICO), reference number: ZB584571.  The ICO's role is to uphold information rights in the public interest.  They deal with any concerns over handling of personal information.  Your information would only be shared with them if you had a concern, or there was a data breach. 

​

 

Your rights

​

I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.


If I do hold information about you I will:

​

  • give you a description of it and where it came from;

  • tell you why I am holding it, tell you how long I will store your data and how I made this decision;

  • tell you who it could be disclosed to;

  • let you have a copy of the information in an intelligible form.

​

You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.

​

To make a request for any personal information I may hold about you, please put the request in writing addressing it to laura@purpleblossomcounselling.co.uk.

​

How to complain

​

If you have any concerns about my use of your personal information, you can make a complaint to me directly at laura@purpleblossomcounselling.co.uk.

​

I will acknowledge your complaint within 3 working days and provide a full written response within 15 working days. Under the Data (Use and Access) Act 2025, I aim to resolve all data concerns internally in the first instance.

​

If you remain unhappy with how I have used your data after my response, you can complain to the ICO.

​

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Registration Ref: ZB584571

​

Data Security

​

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure.  To ensure your data is secure I am using a system (Google Workspace) that is ISO/IEC 27001:2022 compliant, HIPAA compliant and GDPR UK and EU compliant.  

​

How I protect your data in Google Workspace

​

To ensure the highest level of confidentiality for your sensitive health information, I have implemented the following enhanced security measures within my Google Workspace environment:

​

  • Multi-Factor Authentication (MFA): Access to my professional Google account is protected by mandatory two-factor authentication, providing a vital extra layer of security beyond a password.

  • Data Encryption: All client data is encrypted "at rest" (on Google’s servers) and "in transit" (when sent between my device and Google) using industry-standard AES-256 and TLS encryption.

  • Advanced Malware Protection: I utilise Google’s built-in advanced protection to scan for and block malicious attachments or phishing attempts that could compromise client confidentiality.

  • Device Management: I only access Google Workspace from password-protected devices. Remote wipe capabilities are enabled in the event of device theft or loss.

  • Restricted Access & Sharing: Public link sharing is disabled within my Google Drive. Access to folders containing clinical notes is strictly controlled and audited.

  • Legal Safeguards: I have formally entered into a Data Processing Amendment (DPA) with Google, ensuring they process your data only according to my instructions and in compliance with UK GDPR standards.

​

If you provide me with any hard copy information, such as letters, paper contracts, or I take any written notes during sessions, these will be scanned and saved to your record on Google Workspace.  The hard copies will then be shredded as soon as they are added to Google Workspace.  Storage of any hard copies before being uploaded will be in a locket cabinet.

​

The desktop computer I use is password protected and I have a separate business mobile with password and pin code security.  The business email address requires Two Factor Authentication to access the emails.

​

Visitors to my website


When someone visits my website, I use a third party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google Analytics to make, any attempt to find out the identities of those visiting my website.


I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.


I use Google Analytics so that I can continually improve my service to you, You can read Google Analytics privacy notice here, https://policies.google.com/privacy.


I use Wix as the content management system for our website - find out about Wix and data protection here, https://support.wix.com/en/article/general-data-protection-regulation-gdpr.


Like most websites we use cookies to help the site work more efficiently - find out about our use of cookies here, www.purpleblossomcounselling.co.uk/cookie-policy.

​

This document was last updated February 2026.

​

​

Cookie Policy

​

This cookie policy (“Policy”) describes what cookies are and how they’re being used by the purpleblossomcounselling.co.uk website (“Website” or “Service”) and any of its related products and services (collectively, “Services”). This Policy is a legally binding agreement between you (“User”, “you” or “your”) and Purple Blossom Counselling (“Purple Blossom Counselling”, “we”, “us” or “our”). If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms “User”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access and use the Website and Services. You should read this Policy so you can understand the types of cookies we use, the information we collect using cookies and how that information is used. It also describes the choices available to you regarding accepting or declining the use of cookies. For further information on how we use, store and keep your personal data secure, see our Privacy Policy, http://www.purpleblossomcounselling.co.uk/privacy-policy.


What are cookies?

​

Cookies are small pieces of data stored in text files that are saved on your computer or other devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”).

Session cookies are temporary cookies that are used during the course of your visit to the Website, and they expire when you close the web browser.

Persistent cookies are used to remember your preferences within our Website and remain on your desktop or mobile device even after you close your browser or restart your computer. They ensure a consistent and efficient experience for you while visiting the Website and Services.

Cookies may be set by the Website (“first-party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the Website (“third party cookies”). These third parties can recognize you when you visit our website and also when you visit certain other websites.


What type of cookies do we use?

 

- Necessary cookies


Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our Website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account to access the content.


What are your cookie options?


If you don’t like the idea of cookies or certain types of cookies, you can change your browser’s settings to delete cookies that have already been set and to not accept new cookies. Visit internetcookies.com to learn more about how to do this.


Changes and amendments


We reserve the right to modify this Policy or its terms related to the Website and Services at any time at our discretion. When we do, we will revise the updated date at the bottom of this page. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes.


Acceptance of this policy


You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services.


Contacting us


If you have any questions, concerns, or complaints regarding this Policy or the use of cookies, we encourage you to contact us using the details below:

laura@purpleblossomcounselling.co.uk

This document was last updated February 2026

​

Social Media and Electronic Communication Policy

 

Practice Name: Purple Blossom Counselling

Data Controller: Laura Stoops

Last Updated: February 2026

 

This policy outlines how I use social media and electronic communication (Email and WhatsApp) to protect your privacy and maintain our professional relationship.

 

1. Social Media Boundaries

 

To maintain professional boundaries and protect your confidentiality, I do not engage with current or former clients on social media platforms (e.g., Facebook, Instagram, LinkedIn).

​

  • Friend/Follow Requests: I do not accept "friend" or "follow" requests from clients on my personal or professional social media accounts.

  • Searching: I do not search for clients on social media. If there is information online that you feel is relevant to our work, please bring it to our session so we can discuss it together.

  • Business Pages: You may "follow" my professional business page on Instagram (https://www.instagram.com/purpleblossomcounselling/) or Facebook (https://www.facebook.com/profile.php?id=61550079287463) if you wish to see practice updates, but please be aware that your "likes" or "comments" may be visible to others, potentially identifying you as a client.

 

2. WhatsApp & Instant Messaging

 

I use WhatsApp Business for administrative purposes only (e.g., scheduling or changing appointments).

  • Content: Please do not send sensitive clinical information or therapy-related content via WhatsApp.

  • Security: While WhatsApp is end-to-end encrypted, I recommend you enable a screen lock (FaceID/Fingerprint) on your device.

  • Availability: I do not monitor WhatsApp 24/7. If you are in a crisis, please use the emergency resources provided in our first session or contact emergency services.

 

3. Email Communication

 

I use a secure Google Workspace email account (laura@purpleblossomcounselling.co.uk).

​

  • Security: While my email is secure, please be aware that the security of your own email provider (e.g., Gmail, Hotmail) is out of my control. I recommend using a private email address that is not shared with family members.

  • Invoicing: You will receive automated receipts and invoices via QuickBooks. These are sent to your nominated email address.

 

4. Electronic Record Keeping

 

All emails and relevant WhatsApp messages are considered part of your clinical record.

​

  • Storage: Important communications are transferred to your secure file in Google Workspace.

  • Deletion: General administrative messages are deleted from my devices once they are no longer required, in line with my 1-month "Digital Hygiene" policy.

 

5. Emergencies

 

Electronic communication is not a substitute for crisis support. If you are experiencing a mental health emergency, please contact:

​

  • Your GP

  • Lifeline NI: 0808 808 8000

  • Emergency Services: 999 or 111

bottom of page