top of page

Privacy, Cookie & Digital Policy

Purple Blossom Counselling

Privacy Policy

 

Practice Name: Purple Blossom Counselling

Data Controller: Laura Stoops

Last Updated: April 2026

 

Policy Scope & Third-Party Platforms

This policy applies to every client I work with at Purple Blossom Counselling. If we are working together via a third-party therapy platform, please note that while you have already agreed to their individual terms of service, I remain your personal Data Controller for the clinical care I provide. This means I apply the same high standard of UK GDPR protection, secure clinical note-keeping in Kiku, and ethical oversight to your care as I do for my private practice clients. 

Your privacy is very important to Purple Blossom Counselling and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

 

This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:​

  • Why I am able to process your information and what purpose I am processing it for

  • Whether you have to provide it to me

  • How long I store it for

  • Whether there are other recipients of your personal information

  • Whether I intend to transfer it to another country,

  • Whether I do automated decision-making or profiling, and

  • Your data protection rights.


I am happy to chat through any questions you might have about my data protection policy and you can contact me via email at laura@purpleblossomcounselling.co.uk.


‘Data controller’ is the term used to describe the person / organisation that collects and stores and has responsibility for people’s personal data.  In this instance, the data controller is me [Laura Stoops].

 

I am registered with the Information Commissioner’s Office, reference number: ZB584571.

My postal address is: 18 Briar Hill, Belfast, BT8 6XW.  My phone number is: 07342498730. My email address is: laura@purpleblossomcounselling.co.uk.

My Lawful Basis for Holding and Using Your Personal Information

 

​The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have
explained these below:

  • If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.

  • ​If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

 

​The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately.  This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is consent initially. I will then retain any counselling records in case of the need to reference them in the future (the official legal basis is to defend against potential legal claims).

How I use Your Information

 

​General Enquiry & Website

 

​When you contact me via my website, Wix acts as the platform provider. Any information shared via the contact form is processed via Wix and sent securely to my Google Workspace email account.

If you do not proceed with therapy, I delete this correspondence after 1 month.

 

I use Google Analytics on my website to monitor traffic and improve my services; you can manage this via the cookie banner on the site.

 

New Client Initial Chat Appointment

 

When you book an initial chat appointment, I will ask for some information to help ensure you get the most from the time. This will include your name, contact number, email address and brief details of what you would like to discuss.

​This information is stored securely within Kiku (practice management system) or Google Workspace if you choose not to use Kiku (practice management system).

 

​Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when booking an initial chat on your behalf.

 

I ensure all your personal data is securely deleted seven years after our last contact. While I am required to hold clinical records for this period for professional and insurance purposes, please let me know if you have any questions about your data or would like me to review a request for earlier deletion of non-clinical information.

Before Your First Session

 

​If you decide to begin counselling, you will be asked for some information.  This information will include, your name, your date of birth, contact details for your GP (I will only contact them if you ask me to, or if there is serious risk of harm to you), details of any medical conditions, brief details on what you would like to work on in counselling.

​If you are having online or telephone counselling, you will be asked for some additional information.  This additional information includes a second contact method (phone number) for use should the connection fail during a session, an emergency contact name, and an emergency contact number

 

​This information will be securely stored within Kiku (practice management system). If you choose not to use Kiku for communication or administration, some information may instead be stored within Google Workspace where necessary. In line with clinical ethics and insurance policies, your data is held for a seven-year period. Following this, I will ensure all your records are promptly and securely deleted. 

 

​While you are Accessing Counselling

 

Rest assured that everything you discuss with me is confidential.  That confidentiality will only be broken if any of the below occur:​

  • There is risk of harm to you or others

  • You share details of a serious crime (e.g. terrorist activities)

  • I am compelled by a court of law

  • You ask me to.

 

​I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.

​I will keep a record of your personal details to help the counselling services run smoothly. These details are stored securely within Kiku (practice management system) and are not shared with any third party.

 

​I will keep brief, digital notes of each session. These are stored securely within Kiku (practice management system).

 

Administrative communications (such as relevant emails or messages) may be stored within Google Workspace where appropriate.


Video sessions are conducted via Google Meet, which is part of my secure, paid Google Workspace. Sessions are encrypted in transit and never recorded without prior explicit consent.

For security reasons I do not retain text messages for more than 1 month. If there is relevant information contained in a text message I will add it securely to your client record on Kiku (practice management system). Likewise, any email correspondence will be deleted after 1 month if it is not important. If necessary I will add it securely to your client record on Kiku (practice management system).

​Practice Environment & Security

My practice is located in a private garden room. Please note that there is no indoor waiting area or bathroom facilities on-site; I kindly ask that you arrive no more than 10 minutes before your session and plan for your comfort accordingly. For our mutual safety and the security of the premises, a video doorbell is in use at the front entrance of the main residence which you will pass to access the garden. These recordings are encrypted, stored securely, and automatically deleted after 30 days. You have the right to request that footage of your arrival and departure be deleted immediately following our session.

Communication with Your Therapist

 

Communication will usually take place via the secure messaging system within Kiku (practice management system), or via email using Google Workspace, depending on your preference.

 

​For security reasons, I do not retain text messages or administrative communications for longer than necessary. Where relevant, important information may be securely added to your client record.

Communication via WhatsApp

 

If you choose to contact me via WhatsApp, please be aware that while messages are end-to-end encrypted, metadata (such as your phone number and usage patterns) is processed by Meta.

 

​Communication will usually take place via the secure messaging system within Kiku or via email. WhatsApp is offered as an alternative contact method if these are not your preference.

 

I use WhatsApp Business for administrative purposes only (e.g. appointment scheduling or reminders) if you have requested the use of WhatsApp.  Please do not share sensitive clinical information via this platform.

 

Use of WhatsApp is entirely optional. By choosing to contact me via WhatsApp, you are consenting to this method of communication. You have the right to withdraw this consent at any time.

After Counselling has Ended

 

​Once counselling has ended, in line with clinical ethics and insurance policies, your data is held for a seven-year period. Following this, I will ensure all your records are promptly and securely deleted.

How Long I Store Your Data For​

  • Enquiries: 1 month if therapy does not commence.

  • Clinical Records & Financial Data: I retain these for 7 years after our last contact. After this period, they are securely destroyed.

Fees and Payment

 

​If you choose to book a session via my website or directly through the Kiku (practice management system) your payment details will be processed securely using Stripe (integrated via Kiku).  To read more about Stripe and their privacy policy, click here.

​​

Once you have booked an individual session or prepay package of 4 sessions, you will receive a receipt for your payment via Kiku (practice management system).  If you have set your preference for contact to email in the Kiku system you will automatically receive a payment receipt from Kiku via email.  If your chosen method of contact is Kiku secure messaging you can log into your account at any time to access your payment receipts. 

 

I use Quickbooks software to manage finances, however your contact details will not be stored in Quickbooks.  Instead I will use a client code when adding any receipts to Quickbooks.  If you choose not to use the Kiku system, your details will instead be stored in Quickbooks to allow me to request payment and send sales receipts.  To understand more about Quickbooks and to read their privacy policy, click here.

Data Minimisation 

 

​To protect your privacy, I use pseudonymised Client IDs (e.g., C-101) within QuickBooks so that financial records and tax processing do not explicitly link your name to clinical session details.

Third Party Recipients of Personal Data

 

​I have carefully selected professional partners to ensure your data is handled securely. These include:​

  • Kiku: Practice management system: For client records, appointments, and clinical notes (Privacy Policy: Kiku)

  • Google Workspace: For email and document storage (Privacy Policy: Google).

  • Google Analytics: For monitoring website traffic and managing marketing (Privacy Policy: Google)

  • Google Meet:  For conducting video sessions (Privacy Policy: Google)

  • Wix: For website hosting and contact forms (Privacy Policy: Wix).

  • Stripe: For secure payment processing via Kiku (Privacy Policy: Stripe).

  • QuickBooks Online: For accounting and tax purposes (Privacy Policy: QuickBooks).

  • WhatsApp: For scheduling / administrative purposes, if the client prefers (Privacy Policy: WhatsApp).

 

​All these providers are compliant with UK GDPR. Where data is processed outside the UK/EEA, it is protected by Standard Contractual Clauses or the UK-US Data Bridge.

​I have registered with the Information Commissioner's Office (ICO), reference number: ZB584571.  The ICO's role is to uphold information rights in the public interest.  They deal with any concerns over handling of personal information.  Your information would only be shared with them if you had a concern, or there was a data breach. 

Your Rights

 

​I am committed to being as open and transparent as possible regarding your personal information. You have the right to request a copy of the data I hold about you, to ask me to limit how your information is used, or to object to its processing in certain circumstances.

You may also request the deletion of your personal data; please note that this is fulfilled in accordance with my professional and ethical requirements to securely retain clinical records for a period of seven years. After this time, your information is permanently erased. You can read more about the full scope of your rights here.

If I do hold information about you I will:​

  • give you a description of it and where it came from;

  • tell you why I am holding it, tell you how long I will store your data and how I made this decision;

  • tell you who it could be disclosed to;

  • let you have a copy of the information in an intelligible form.

 

​You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.

 

​To make a request for any personal information I may hold about you, please put the request in writing addressing it to laura@purpleblossomcounselling.co.uk.

How to Complain

 

​If you have any concerns about my use of your personal information, you can make a complaint to me directly at laura@purpleblossomcounselling.co.uk.

 

​I will acknowledge your complaint within 3 working days and provide a full written response within 15 working days. Under the Data (Use and Access) Act 2025, I aim to resolve all data concerns internally in the first instance.

​If you remain unhappy with how I have used your data after my response, you can complain to the ICO:

 

​Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Registration Ref: ZB584571

To find out more, read my full Complaints Procedure.

Data Security

 

​I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure.  To ensure your data is secure I am using a system (Google Workspace) that is ISO/IEC 27001:2022 compliant, HIPAA compliant and GDPR UK and EU compliant.  

 

​I also use Kiku as a secure practice management system designed specifically for therapists. This system includes appropriate safeguards for storing sensitive client data and operates in line with data protection requirements.

Data Security and Backups

While your personal information and clinical notes are primarily stored on Kiku’s secure, UK-based encrypted servers, I am professionally required to maintain a contingency plan in the event of a system failure. To ensure the continuity of your care, I perform a monthly backup of essential clinical records onto an encrypted, password-protected external hard drive.

This hardware is stored in a secure, locked location at my business premises and is only accessible by me. These backups are regularly updated and securely overwritten to ensure that only the most current and necessary data is retained. All data handled in this manner is protected by Full Disk Encryption to ensure that information remains unreadable to any unauthorised parties.

How I Protect Your Data in Google Workspace

 

​If you choose not to use my secure practice management system, Kiku, your data will be held in Google Workspace.  To ensure the highest level of confidentiality for your sensitive health information, I have implemented the following enhanced security measures within my Google Workspace environment:

​Multi-Factor Authentication (MFA): Access to my professional Google account is protected by mandatory two-factor authentication, providing a vital extra layer of security beyond a password:

  • Data Encryption: All client data is encrypted "at rest" (on Google’s servers) and "in transit" (when sent between my device and Google) using industry-standard AES-256 and TLS encryption.

  • Advanced Malware Protection: I utilise Google’s built-in advanced protection to scan for and block malicious attachments or phishing attempts that could compromise client confidentiality.

  • Device Management: I only access Google Workspace from password-protected devices. Remote wipe capabilities are enabled in the event of device theft or loss.

  • Restricted Access & Sharing: Public link sharing is disabled within my Google Drive. Access to folders containing clinical notes is strictly controlled and audited.

  • Legal Safeguards: I have formally entered into a Data Processing Amendment (DPA) with Google, ensuring they process your data only according to my instructions and in compliance with UK GDPR standards.

 

​If you provide me with any hard copy information, such as letters, paper contracts, or I take any written notes during sessions, these will be scanned and saved to your record on Kiku or Google Workspace.  The hard copies will then be shredded as soon as they are added to Kiku / Google Workspace.  Storage of any hard copies before being uploaded will be in a locket cabinet.

​The desktop computer I use is password protected and I have a separate business mobile with password and pin code security.  The business email address requires Two Factor Authentication to access the emails.

Visitors to my Website

 

When someone visits my website, I use a third party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google Analytics to make, any attempt to find out the identities of those visiting my website.

I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.

I use Google Analytics so that I can continually improve my service to you, You can read Google Analytics privacy notice here.

 

I use Wix as the content management system for our website - find out about Wix and data protection here.

Like most websites we use cookies to help the site work more efficiently - find out about our use of cookies in the Cookie Policy below.

 

​​Cookie Policy

 

Practice Name: Purple Blossom Counselling

Data Controller: Laura Stoops

Last Updated: April 2026

​This cookie policy (“Policy”) describes what cookies are and how they’re being used by the purpleblossomcounselling.co.uk website (“Website” or “Service”) and any of its related products and services (collectively, “Services”). This Policy is a legally binding agreement between you (“User”, “you” or “your”) and Purple Blossom Counselling (“Purple Blossom Counselling”, “we”, “us” or “our”). 

If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such an entity to this Policy, in which case the terms “User”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access and use the Website and Services. 

You should read this Policy so you can understand the types of cookies we use, the information we collect using cookies and how that information is used. It also describes the choices available to you regarding accepting or declining the use of cookies. For further information on how we use, store and keep your personal data secure, see our Privacy Policy above.

What are Cookies?

 

​Cookies are small pieces of data stored in text files that are saved on your computer or other devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”).

Session cookies are temporary cookies that are used during the course of your visit to the Website, and they expire when you close the web browser.

Persistent cookies are used to remember your preferences within our Website and remain on your desktop or mobile device even after you close your browser or restart your computer. They ensure a consistent and efficient experience for you while visiting the Website and Services.

Cookies may be set by the Website (“first-party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the Website (“third party cookies”). These third parties can recognize you when you visit our website and also when you visit certain other websites.

 

What Type of Cookies Do We Use?

- Necessary Cookies

Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our Website and using its features. For example, these cookies let us recognise that you have created an account and have logged into that account to access the content.

 

What are Your Cookie Options?

If you don’t like the idea of cookies or certain types of cookies, you can change your browser’s settings to delete cookies that have already been set and to not accept new cookies. Visit internetcookies.com to learn more about how to do this.

 

Changes and Amendments

 

We reserve the right to modify this Policy or its terms related to the Website and Services at any time at our discretion. When we do, we will revise the updated date at the beginning of the Policy. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes.

Acceptance of This Policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorised to access or use the Website and Services.

 

Contacting Us

If you have any questions, concerns, or complaints regarding this Policy or the use of cookies, we encourage you to contact us using the details below:

laura@purpleblossomcounselling.co.uk
 

​Digital Policy

 

Practice Name: Purple Blossom Counselling

Data Controller: Laura Stoops

Last Updated: April 2026

 

​Policy Scope & Third-Party Platforms


This policy applies to all clients of Purple Blossom Counselling. If we are working together via a third-party therapy platform, please note that while you have already agreed to their individual terms, the digital boundaries and professional standards outlined below apply to our work together.

This policy outlines how I use social media and electronic communication (Email and WhatsApp) to protect your privacy and maintain our professional relationship.

1. Social Media Boundaries

To maintain professional boundaries and protect your confidentiality, I do not engage with current or former clients on social media platforms (e.g., Facebook, Instagram, LinkedIn).​

  • Friend/Follow Requests: I do not accept "friend" or "follow" requests from clients on my personal or professional social media accounts.

  • Searching: I do not search for clients on social media. If there is information online that you feel is relevant to our work, please bring it to our session so we can discuss it together.

  • Business Pages: You may "follow" my professional business page on Instagram or Facebook if you wish to see practice updates, but please be aware that your "likes" or "comments" may be visible to others, potentially identifying you as a client.

 

2. WhatsApp & Instant Messaging

 

I use WhatsApp Business for administrative purposes only, if you choose this instead of my practice management system, Kiku (e.g., scheduling or changing appointments).

  • Content: Please do not send sensitive clinical information or therapy-related content via WhatsApp.

  • Security: While WhatsApp is end-to-end encrypted, I recommend you enable a screen lock (Face ID/Fingerprint/Pin) on your device.

  • Availability: I do not monitor WhatsApp 24/7. If you are in a crisis, please use the emergency resources provided on my crisis support page or contact emergency services.

 

Kiku Practice Management System Messaging

 

I use the secure Kiku system to message you for administrative purposes and to send session follow up messages, and check-ins following a period of no-contact.

  • Content: As Kiku is a secure system you can message for administrative purposes (e.g. booking) and/or to provide brief updates where necessary.

  • Security: While Kiku is a secure system, I recommend you enable a screen lock (Face ID/Fingerprint/Pin) on your device.

  • Availability: I do not monitor Kiku messaging 24/7. If you are in a crisis, please use the emergency resources provided on my crisis support page or contact emergency services.

3.  Online Video Sessions

 

I use Google Meet (part of my secure, professional Google Workspace) for our online therapy sessions. This platform is specifically chosen for its high security and privacy standards:

  • Encryption: All video and audio data is encrypted in transit using DTLS (Datagram Transport Layer Security) and SRTP (Secure Real-time Transport Protocol) standards. This ensures that our conversation remains private between us.

  • Data Processing: As a Google Workspace user, I have a Data Processing Amendment in place with Google. This means Google acts as a data processor only; they do not own our session data and do not use information from our meetings for advertising purposes.

  • Privacy & Storage: I do not record sessions, and Google does not store the video or audio of our calls. No "attention tracking" software is used.

  • Access: You do not need to create a Google account to join our sessions from a laptop or desktop; you can simply click the unique link I provide. If using a mobile device, you may be prompted to download the Google Meet app.

 

Lawful Basis for Processing

 

Under the UK GDPR, I process your data on the following legal bases: 

  • Contractual Necessity: To provide the therapeutic services you have requested, including the delivery of online sessions via Google Meet.

  • Legitimate Interests: To maintain professional standards, manage appointments, and ensure the security of our digital communications.

  • Special Category Data (Health): I process sensitive health data under the condition of providing healthcare or social care (clinical therapy).

 

Your Role in Digital Privacy

 

While I ensure security at my end, you also play a role in protecting your own privacy during our sessions: 

  • Secure Connection: Please avoid using public or unsecured Wi-Fi networks for our sessions.

  • Private Space: Ensure you are in a location where you cannot be overheard and will not be interrupted.

  • Hardware: Use a personal device rather than a shared or work-issued one wherever possible.

  • No Recording: To protect the privacy and therapeutic integrity of our work, you agree not to make any video or audio recordings of our sessions.

4. Email Communication

I use a secure Google Workspace email account (laura@purpleblossomcounselling.co.uk).​

  • Security: While my email is secure, please be aware that the security of your own email provider (e.g., Gmail, Hotmail) is out of my control. I recommend using a private email address that is not shared with family members.

  • Invoicing: You will receive automated receipts and invoices via Kiku if you set your contact preference to  'Email'. These are sent to the email address you added to your Kiku account.  If you have chosen not to use Kiku, you will receive receipts via Quickbooks.


 

5. Electronic Record Keeping

All emails and relevant Kiku or WhatsApp messages are considered part of your clinical record.​

  • Storage: Important communications are transferred to your secure client record within Kiku (practice management system) or, where appropriate, Google Workspace.

  • Deletion: General administrative messages are deleted from my devices once they are no longer required, in line with my 1-month Privacy Policy.

6. Practice Environment & Security


My practice is located in a private garden room. Please note that there is no indoor waiting area or bathroom facilities on-site; I kindly ask that you arrive no more than 10 minutes before your session and plan for your comfort accordingly. For our mutual safety and the security of the premises, a video doorbell is in use at the front entrance of the main residence which you will pass to access the garden. These recordings are encrypted, stored securely, and automatically deleted after 30 days. You have the right to request that footage of your arrival and departure be deleted immediately following our session.


6. Emergencies

Electronic communication is not a substitute for crisis support. If you are experiencing a mental health emergency, please contact:​

  • Your GP

  • Lifeline NI: 0808 808 8000

  • Emergency Services: 999 or 111

bottom of page