This page explains Thistle Counselling’s Privacy Policy. We adhere to GDPR regulation which comes into force from 25th May 2018. This policy will be regularly reviewed as and when regulation is updated. This policy endeavours to explain how I collect, protect and use your information when you enquire about my services, as a client, or as a visitor to the website. It will also explain your rights as a prospective client/client.


I, Tiffany Elliott, am the Data Controller for Thistle Counselling and as such am registered with the ICO (number available upon request).


Information Collected

  • Contact information (name, address, telephone number, email address and preferred method of contact) and other information (age, gender, details of past/present relationships where relevant).

  • Emergency contact information – this will either be a nominated person or GP. It is advisable you let your emergency contact know you have provided this information to me, however you don’t need to gain explicit consent from your GP.

  • Information from emails, texts and phone calls.

  • Contracts and consent – this covers any documentation completed in respect of our counselling contract and any necessary consents (for example – contacting your emergency contact).

  • Information required to fulfil the agreement between us.

  • Information about financial transactions made – receipts and invoices.

  • Information derived from sessions (case notes). Please note - this is anonymised information.

Information that third parties may collect

  • Derived from the use of cookies on the website (such as time, date, IP address)

  • Derived from our email, text message or phone contact.

  • Information about our financial transactions

  • Information from the location of our phones (a lot of modern phones upload location information to their application servers and this can result in applications such as Facebook deriving a connection between us).

  • For more information on the privacy policy of Wix, who hosts this website, or who the domain is registered with, please refer to their privacy policies - and


How is this information collected?

Any information I collect on behalf of Thistle Counselling comes solely from our communications via email, text message and phone calls.

Information others may hold will derive from online communication and/or from any financial transactions that take place between us for payment of services.


Why do I collect this information?

I, on behalf of Thistle Counselling, can only collect personal information for proper and lawful purposes. Your information will only be processed if it meets the following:

  • To ensure I fulfil my counselling agreement with you. This regards the collection of information before we enter into a counselling agreement, during your sessions and following the end of our sessions.

  • To ensure I establish and maintain an ethical and professional services that follows the Ethical Framework from the BACP, a professional organisation which I am a member of, and fulfils obligations from my insurers.

  • A legal duty to collect, store, use or transfer any information when complying with legislation or a court of law.

  • To maintain safety in respect of you as a client, me as a counsellor, or a third party.

  • To enable financial transactions to take place between us in payment for our services.


How will I store this information?

  • Digitally or on paper

    • Contact information

    • Emails

    • SMS messages

    • Calendar appointments (anonymised).

    • Anonymised case notes from our sessions (held in a locked filing cabinet).

    • Correspondence in respect of counselling agreements, signed consent, letters etc. (held in a locked filing cabinet).

    • Information about financial transactions (bank statements).

Please note that third parties may hold information in any form.


When would I share information? Who would I share this with?

  • Personal information

    • Statutory bodies when required by law, or requested by a court of law

    • Emergency contacts in event of an emergency (please note this may be a GP if this is the information you provide)

    • My professional membership body (BACP), insurer or any professional adviser in the event you make a complaint.

    • My professional executor in the event of my incapacity or death.

    • A lawyer – in the event your information is requested by a court of law or you take legal action against me, I may seek legal advice to clarify jurisdiction and to learn whether the request meets legal criteria required in these cases. In this circumstance, I may seek advice to ensure an informed decision can be made on whether to release some or all the information I hold.

  • Anonymised information

    • Clinical supervisors to provide and maintain an effective and ethical service to my clients.

    • Other counsellors who are members of a professional body to gain insight and make benefit of their experience.

  • With written permission from you

    • In the event of a CPD (Continuous Professional Development) event.

    • To tutors or examiners in respect of me obtaining any additional qualifications and accreditations.


How long will this information be kept?


  • Basic contact information such as emails, texts and phone call records. This information cannot be entirely erased for technical reasons and could remain accessible to a technically competent person until the storage device is securely wiped, reformatted or destroyed.


  • Notes and paper copies of contact information, contact between us will be confidentially destroyed after counselling ends in accordance with my insurance policy. Any information gathered during an enquiry that doesn’t result in a formal counselling relationship proceeding will be confidentially destroyed after 14 days if no further contact is received after that information is taken.


Please be aware, no information of yours is used for marketing purposes unless explicit written consent is received.


Information outside of the E.U

I will not knowingly send information outside the EU unless I am required to comply with the instructions from a court of law or I must do so because of legal action brought against me by you as a client.


How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a site.

We use traffic log cookies to identify which pages are being used. This helps Thistle analyse data about web page traffic and improve our website to tailor it to your needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us any personal information. The only information we collect is that which you provide to us via our site or via emailing us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.

Your rights

Legally, you have a number of rights, which include:

  • the right to access your personal information

  • the right to require me to change any factual mistakes in the information I hold.

  • the right to withdraw your consent to the non-essential processing of information

  • the right to request the deletion/destruction of your personal information


You can withdraw consent to the use of your personal information and/or request its destruction however there are limits to this right laid down in the legislation. As an example, you cannot demand the destruction of records of financial transactions.

For more information about your Information Privacy Rights or to make an Information Privacy orientated complaint you can contact the Information Commissioners Office through their website

Changes to this policy

If changes must be made to this policy that differ to the original purpose for which your data was collected, I shall notify you in advance wherever possible and you will have the opportunity to make an information decision to withdraw consent for your information to be processed.