top of page

Privacy Policy

Privacy Policy

Last updated: 23rd April, 2026
 

This Privacy Notice explains how Ben Jefferson collects, uses, stores, and protects your personal data. It applies to all visitors to www.benjefferson.co.uk and to all current and former clients. Please read it carefully. By using this website or engaging with this service, you acknowledge that you have read and understood this notice.

 

1.  Who Is Responsible for Your Data

The data controller for all personal data processed in connection with this service is:

 

Name

Benjamin Ashley Jefferson

Trading as

Ben Jefferson Counselling & Psychotherapy

Email

jeffersonpsychotherapy@gmail.com

Website

www.benjefferson.co.uk

ICO Registration

ZB853677  (registered until January 2027)

 

As a sole trader processing special category data (health and mental health information), registration with the Information Commissioner’s Office (ICO) is a legal requirement. You can verify this registration at www.ico.org.uk.

 

2.  What Personal Data Is Collected

Website Visitors

This website is hosted on the Wix platform. When you visit www.benjefferson.co.uk, Wix automatically collects certain technical data including your IP address, browser type, pages visited, and time of visit. This data is processed by Wix in accordance with their own privacy policy, available at www.wix.com/about/privacy.

No contact form is hosted on this website. The contact button opens your own email client. Any email you choose to send goes directly to jeffersonpsychotherapy@gmail.com and is not processed or stored by the website itself.

This website does not use third-party advertising, tracking pixels, or profiling tools.

 

Clients

The following personal data may be collected and held in connection with the provision of therapy services:

  • Your full name and preferred name

  • Your email address

  • The name, practice, address, and telephone number of your GP

  • The name, relationship, and telephone number of your nominated emergency contact

  • Brief anonymised session notes made after each session

  • A signed copy of your Client Agreement

  • Administrative email correspondence relating to the arrangement of sessions

  • Details of sessions attended, cancelled, or not attended, and any fees charged

 

Health and mental health information is classified as special category data under UK GDPR and is afforded the highest level of protection. No detailed clinical content is stored digitally.

 

3.  Lawful Basis for Processing

All personal data is processed on one or more of the following lawful bases under UK GDPR:

 

Type of data

Lawful basis

Special category data (health / mental health)

Article 9(2)(h) — provision of health or social care treatment, and Schedule 1 Part 1(2) of the Data Protection Act 2018

Administrative & contact data

Article 6(1)(b) — performance of a contract to which you are party (the Client Agreement)

Safeguarding & risk data

Article 6(1)(c) — compliance with a legal obligation, and Article 9(2)(c) — protection of vital interests

Session notes

Article 6(1)(f) — legitimate interests of the data controller (maintaining safe, ethical practice in line with BACP requirements)

 

4.  How Your Data Is Stored

Physical Records

All clinical and personal records are stored on paper in a locked physical filing cabinet. This includes session notes, your signed Client Agreement, and any printed administrative correspondence. 

Digital Records

No clinical content is stored digitally. Digital data is limited to:

  • Administrative emails — deleted routinely on a weekly basis once no longer required. Any email containing information relevant to your care is printed, filed in your physical client file, and then deleted.

  • Your email address, retained for administrative purposes during the therapeutic relationship only.

 

Third Party Processors

In operating this service, personal data may pass through the following third-party platforms:

 

Platform

Purpose & notes

Gmail (Google)

Administrative email. Google processes data in accordance with their privacy policy. No clinical content is sent or stored via email.

Google Meet

Online therapy sessions where applicable. Sessions are not recorded. Google processes connection data in accordance with their privacy policy.

Wix

Website hosting. Wix processes visitor data as described in Section 2.

 

No personal data is sold, shared for marketing purposes, or transferred to any other third party.

 

5.  How Long Your Data Is Kept

 

Session notes

7 years from the date of the final session, in line with BACP professional guidance

Signed Client Agreement

7 years from the date of the final session

Administrative emails

Deleted weekly once no longer required; printed records follow the 7 year rule

Email address

Deleted promptly following ending of serivces, unless a legitimate reason to retain it exists

GP and emergency contact details

Deleted following ending of serivces

At the end of the seven-year retention period, all physical records are destroyed securely. Digital data is permanently deleted.

 

6.  Who Your Data May Be Shared With

Your personal data is treated as strictly confidential. It will not be shared with any third party except in the following circumstances:

  • Clinical supervision — the therapist attends regular supervision as required by the BACP Ethical Framework. Your identity is not disclosed; supervisors are bound by their own professional confidentiality obligations

  • Risk of harm — where there is a serious and credible risk of harm to yourself or others, information may be shared with your GP, emergency services, or relevant authorities

  • Legal obligation — where disclosure is required by law, for example under the Terrorism Act 2000, the Proceeds of Crime Act 2002, or by court order

  • Safeguarding — where there are concerns involving a child or vulnerable adult

Where disclosure is being considered, the therapist will wherever possible discuss this with you beforehand, unless doing so would place you or others at further risk.

 

7.  Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

 

Right of access

You may request a copy of the personal data held about you. This is known as a Subject Access Request (SAR). Requests will be responded to within one calendar month.
 

Right to rectification

You may request that inaccurate or incomplete data is corrected.
 

Right to erasure

You may request that your data is deleted, subject to any legal or professional obligations that require it to be retained (for example, the seven-year retention of clinical records).
 

Right to restrict processing

You may request that the use of your data is restricted in certain circumstances.
 

Right to object

You may object to processing based on legitimate interests
.

Right to withdraw consent

Where processing is based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
 

Right to complain

You have the right to lodge a complaint with the ICO if you believe your data has been handled unlawfully (see Section 9).

 

To exercise any of the above rights, please contact: jeffersonpsychotherapy@gmail.com. There is no charge for making a request. The therapist will respond within one calendar month of receiving a valid request.

 

8.  Cookies & Website Analytics

This website is built on the Wix platform. Wix may place cookies on your device when you visit www.benjefferson.co.uk. These are used for essential website functionality and, depending on your settings, for analytics purposes.

Ben Jefferson does not use Google Analytics, Facebook Pixel, or any other independent tracking or advertising tool on this website. Any analytics data collected is processed solely by Wix as part of their platform. You can manage cookie preferences through your browser settings or via any cookie consent banner displayed on the site.

For full details of how Wix uses cookies, please refer to: www.wix.com/about/privacy.

 

9.  How to Raise a Concern or Complaint

With the Therapist

If you have any questions or concerns about how your data is being handled, please contact:

jeffersonpsychotherapy@gmail.com

The therapist will acknowledge your concern within five working days and aim to resolve it promptly.

 

With the ICO

If you are not satisfied with how your concern has been handled, or if you believe your data has been processed unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office:

 

Website

www.ico.org.uk

Telephone

0303 123 1113

Post

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

 

10.  Changes to This Privacy Notice

This Privacy Notice is reviewed regularly and updated when necessary — for example, when the law changes, when working practices change, or when new data processors are introduced. The current version is always available at:

www.benjefferson.co.uk/privacy-policy
 

Where changes are material, existing clients will be notified by email. The date at the top of this document reflects when it was last updated.

 

This Privacy Notice should be read alongside the Client Agreement, which contains further detail on confidentiality, data handling, and your rights as a therapy client.

​

Ben Jefferson MBACP, PGDip, MSc, BSc

Counselling and Psychotherapy

jeffersonpsychotherapy@gmail.com

Privacy Policy

© 2026 Jefferson Psychotherapy

Please note

Ben Jefferson Counselling and Psychotherapy is not a crisis intervention service. I am not able to offer help in a mental health emergency, but if you do need to speak to someone you can phone the Samaritans at any time, from any phone on 116 123. My email response times vary, but I do try to respond as quickly as possible - this may take up to 48 hours during working periods and longer during annual leave.

bottom of page