Privacy Policy & General Data Protection Regulation (GDPR)


On 25th May 2018 it became a legal requirement under the GDPR (General Data Protection Regulation) 2016 for your counsellor/psychotherapist make clear to you their data processing procedure. Most importantly the GDPR made it a legal requirement for you to actively opt in and consent to these arrangements and the handling of your data. I collect information for the purposes of running therapy whilst providing an ethical service in accordance with the British Association of Counsellors and Psychotherapist (BACP) and National Counselling Society (NCS) Code of Ethics. I abide by the General Data Protection Regulation (GDPR) 2016 and the UK Data Protection Act 2018 and am the data controller and processor for Vanessa Zopp. You can find out more about the GDPR and the UK Data Protection Act from the ICO (Information Commissioner’s Office) – I am registered as Data Protection Officer ZA405483.

What information is collected

Personal details, such as name, address, DOB, contact details, GP details. Therapeutic information, such as, background information, psychological and physical health, previous and current social and family circumstances during your appointments. Those may include personal information defined as ‘special category data’ such as your sexual orientation or behaviour. I also collect information when you complete questionnaires. I also keep brief, minimal as possible session notes as per BACP good practice, they enable me to follow the topics of our conversation, this is a very common practice.

Why this information is collected

I collect relevant personal information from clients as ‘Legitimate Interest’ as defined under GDPR. To enable a working record of contacts, in case of emergencies and for the ongoing work to deliver the services that clients have requested. To maintain my own accounts and records.

How this information is used

Personal details are used for contacting you directly. I will be keeping your mobile number on my phone in case I need to contact you via text or call. I also store your e mail address in my contacts on my PC, tablet, and phone (unless you explicitly express that you do not want me to do so) and platforms I use for my work with you. My devices are all password and/or face/fingerprint recognition protected. I must discuss aspects of my work in supervision with a supervisor who is a counsellor and psychotherapist. The information is treated with strict confidence and, in compliance with GDPR, your identity is protected, and any details that might identify you are not disclosed. The duty of confidentiality extends to my supervisor, who is also a qualified and accredited professional. I also produce invoices for remittance.

How this information is stored, and how long

I keep your information in an online practice management tool called (Our Security:; Privacy Policy available at : All collected data abides to Power Diary’s Privacy Policy, which is compliant with international legislative and regulatory requirements, including UK & EU GDPR, US HIPAA and the Canadian PIPEDA. Any data entered is encrypted end to end from browser to server. Power Diary’s security monitoring is in place to ensure any suspicious or unusual activity is flagged for immediate review.

I also use (Privacy statement available at

I access the information stored in both systems using devices protected by password/facial/fingerprint recognition. I keep the information for 7 years, at which point it will permanently deleted. Website: none of your personal information is stored on my website, other than to momentarily collect & send it to my mail account for the purposes of our initial contact.

We may decide to use different platforms for Video Calls (Zoom, Skype, WhatsApp, Telehealth), this mainly depending on your preferences and needs. Please note that Zoom, Skype, WhatsApp, are third-party applications and potentially introduce privacy risks. A better, safer way is to use Telehealth, which uses end-to-end encryption with peer-to-peer connections, the call does not pass through any third-party servers. It is secure and compliant with all health standards (including HIPAA). We will discuss this during our first meeting. However, you are always welcome to switch at any time.

Sharing your information with third parties

I take confidentiality very seriously and I will not discuss with anyone what is said to me ,unless you ask me so, with the following exceptions.


I am required by the British Association for Counselling and Psychotherapy (BACP) to engage in regular supervision, the duty of confidentiality extend to my supervisor. When discussing your case your identity will remain anonymous. . Your identity is not disclosed, and you will be referred with your first name.

Therapeutic will

your personal details may be passed on to my Therapeutic Executor so that they can inform you in case anything happens to me that prevents me to attend session and from communicating with you directly (death, illness).


I am required to breach confidentiality by law if I assess that there is serious grounding to make me believe that there are severe life-threatening risks to you or others, or in cases in which children are put at risk (such as by sexual, physical abuse, neglect). I may disclose such information with the most appropriate person/body in the circumstances. If therefore an issue arises where I believe it necessary to disclose session content, because I feel that you are a danger to yourself or others, or if there is sufficient evidence to raise a concern of the health, welfare or safety of children or vulnerable adults, I will try to discuss beforehand. I will initially encourage you to contact an appropriate source of support/help. Yet, if I feel that you are unable to do so, I will have to make this contact myself. Whilst I will try to discuss this with you first before passing any information on to others and explain why I am taking this course of action; this might not always be possible.


Under the GDPR the counsellor/psychotherapist/supervisor also has a legal requirement to disclose data if you are involved in drug money laundering, planning terrorist’s offences or if a Court Order has been made. Counsellors/psychotherapists/ are not able to guarantee confidentiality in these circumstances.

Public Health – COVID

Should you, another client, a person in the building, or I, the therapist, test positive for Coronavirus, then confidentiality will be broken if necessary, for reasons of public interest in the area of public health. I may need to share your name and contact details with the NHS/Track Tracer, who will contact you then to offer support and testing. However, there will be no information sharing about what you were doing and why you were in the premises.


I want to acknowledge that electronic intrusion by the online communication provider, practice management and invoicing system is to some degree unavoidable. I am not using an encryption program for my email communication, this means they can be vulnerable to viruses and human error. Please be mindful of this when it comes to what information we might exchange through email and what material you chose to include in emails to me. When sending mail/texts be aware that also with phones there is always possibility for confidentiality to be breached, for example shall my phone be stolen, even if it is locked by passwords or fingerprints, so you may wish to ask me to delete your communication after having read it. Risks related to third-party applications (Zoom, Skype, WhatsApp) have been highlighted in previous section.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

The right to request a copy of your personal data which I hold about you;
The right to request that I correct any personal data if it is found to be inaccurate or out of date;
The right to request for your personal data to be erased
The right to withdraw your consent to the processing of your data at any time
The right to lodge a complaint with the Information Commissioners Office about the processing of your personal data: although I trust that you will try to discuss with me in the first instance

On Social media & Session Recordings

Social Media

I do not accept friend or contact requests from current or former clients on any social networking site (Facebook, LinkedIn, etc). I believe that adding clients as friends or contacts on these sites can compromise your confidentiality and our respective privacy. I also believe that it is best if I learn about you and your life directly from yourself within the therapeutic context apart a few exceptions such as referrals. Also, note that I will not follow you back or search for you online. If you wish to share something with me, please bring it into our sessions where we can view and explore it together. You are welcome to follow my Practice on Facebook or other medias.

Session Recordings & Case Material

I will never record a video/phone session and I ask that the agreement is mutual unless we discuss and agree otherwise. It is not permissible to publicise the content of our exchanges or share them with a third party using social media or any other means


In order for us to work together you will receive a copy of this policy to read and sign before the first appointment.

This Policy is reviewed regularly and kept up to date. Last review dated 13 February 2022