Last updated: 20 June 2026
Lee Payton Counselling & Psychotherapy is a private therapy practice based in the United Kingdom. I am Mr. Lee Payton, a qualified counsellor and psychotherapist.
You can contact me at: lee [at] leepayton.co.uk
(The email above is shown with [at] in place of @ to reduce spam — please replace [at] with @ when emailing.)
Lee Payton Counselling & Psychotherapy is registered with the Information Commissioner's Office (ICO). Our registration number is ZA883086.
When you work with me, I collect and process the following types of personal data:
Contact and identification details:
Health and therapy-related information:
Special category data:
Health and therapy-related information is classified as "special category data" under Article 9(1) of the UK GDPR. This type of data receives enhanced legal protection because of its sensitive nature. I take additional care to protect this information and only process it where I have a valid legal basis to do so.
Website enquiries:
If you contact me through the website contact form, I collect your name and email address along with any information you include in your message.
I collect personal data directly from you:
I do not collect personal data about you from third parties unless you have given explicit consent for this (for example, if a GP or other professional provides a referral letter with your knowledge and agreement).
To process your personal data lawfully, I must have a valid legal basis under UK GDPR. For the therapy services I provide, I rely on the following:
Article 6 basis (ordinary personal data):
Article 6(1)(b) UK GDPR — processing is necessary for the performance of the therapeutic contract between us.
When you engage me as your therapist, we enter into a contract for the provision of therapy services. Processing your contact details, session scheduling information, and payment records is necessary to fulfil that contract.
Article 9 basis (special category data)
Article 9(2)(h) UK GDPR — processing is necessary for the provision of health or social care treatment by a health professional.
The additional condition required under the Data Protection Act 2018 is Schedule 1, Part 1, paragraph 2 (health or social care). This condition applies because the processing is carried out by a qualified counsellor and psychotherapist who is subject to the professional obligation of confidentiality under the BACP Ethical Framework for the Counselling Professions.
I am required by BACP to attend regular clinical supervision. Clinical supervision is a professional requirement that helps me maintain the quality of care I provide to clients.
I may discuss our therapeutic work with my supervisor. When I do so:
I am currently putting arrangements in place to appoint a clinical executor — a trusted fellow professional who would take responsibility for my client records if I were to become seriously ill, incapacitated, or die unexpectedly.
Once these arrangements are complete, I will inform you of the details. The clinical executor would be bound by the same professional and legal confidentiality obligations as I am.
I do not share your personal data with anyone except where necessary for the purposes described in this policy or where required by law.
Clinical supervision:
As described above, I discuss anonymised case material with my clinical supervisor. No identifying information about you is shared.
Third-party service providers:
I use the following third-party services which may process your data:
Each of these services is bound by a data processing agreement. Links to their privacy policies are available on request.
I never sell your personal data.
The following third-party services I use may transfer personal data outside the United Kingdom:
Where data is transferred to the USA, I rely on Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) as appropriate safeguards, in accordance with UK GDPR Chapter V and the updated requirements of the Data (Use and Access) Act 2025.
The USA does not currently have a UK adequacy decision.
You can request a copy of the relevant transfer safeguards by contacting me.
I retain your personal data for the following periods:
TYPE OF RECORD RETENTION PERIOD REASON: Therapy records (session notes, assessment information, correspondence)- 7 years after our last session. In line with the Limitation Act 1980 and standard professional indemnity insurance requirements. Financial records (invoices, payment records)- 6 years HMRC legal requirement. Website enquiries (where you do not become a client)- 12 months Legitimate interest in responding to potential client enquiries
After the applicable retention period ends, paper records are securely destroyed, and electronic records are permanently deleted.
You have the following rights regarding your personal data:
Right to be informed You have the right to clear, transparent information about how I use your data. This privacy policy fulfils that right.
Right of access You can ask me for a copy of the personal data I hold about you. This is sometimes called a "subject access request." Under the Data (Use and Access) Act 2025, I will conduct a reasonable and proportionate search to locate your data and respond within one month.
Right to rectification If any personal data I hold about you is inaccurate or incomplete, you can ask me to correct it.
Right to erasure In certain circumstances, you can ask me to delete your personal data. However, this right is not absolute. I may need to retain your records until the end of the applicable retention period where this is required by professional guidelines, insurance, or law. In such cases, I will explain why I cannot comply with your request.
Right to restrict processing You can ask me to limit how I use your data in certain circumstances, for example while a complaint is being investigated.
Right to data portability Where technically feasible, you can ask me to transfer your data to another service provider in a commonly used electronic format.
Right to object You can object to certain types of processing, although this right is limited where processing is necessary for the performance of our contract or for compliance with legal obligations.
Rights related to automated decision-making I do not use automated decision-making or profiling in my practice.
To exercise any of these rights, please contact me at: lee [at] leepayton.co.uk
(The email above is shown with [at] in place of @ to reduce spam — please replace [at] with @ when emailing.)
I will respond to your request within one month. There is no fee for making a request in most circumstances.
You have the right to make a data protection complaint directly to me.
To submit a complaint, you can:
I take all complaints seriously and will respond promptly.
If you are not satisfied with my response, you have the right to escalate your complaint to the Information Commissioner's Office (ICO):
Everything you share with me in therapy is confidential. However, there are limited circumstances where I may need to share information without your consent:
Wherever possible, I will discuss any potential disclosure with you first, unless doing so would itself put someone at risk.
I review this privacy policy annually and whenever my practices change significantly.
If I make substantial changes that affect how your personal data is processed, I will inform you directly.
The current version of this policy is always available on my website at https://leepayton.co.uk and at https://leepaytoncounsellingpsychotherapy.policydiary.co.uk.
----------
Last updated: 20 June 2026
Cookies are small text files that websites place on your device when you visit. They help websites remember your preferences and understand how visitors use the site. Most websites use cookies, and they are generally harmless.
These cookies are necessary for the website to function properly. They enable basic features such as page navigation and access to secure areas. The website cannot function properly without these cookies, and they do not require your consent.
Essential cookies on this website may include:
We do not currently use analytics or statistical cookies on this website.
We do not use advertising or tracking cookies on this website.
We do not currently use a cookie consent tool on this website. If our cookie use changes in future to include non-essential cookies that require consent, we will implement an appropriate consent mechanism.
This website uses third-party services that may set their own cookies:
WordPress
This website runs on WordPress. WordPress and any installed plugins may place cookies on your device to enable website functionality, remember preferences, or collect technical information about your visit.
WebHealer
This website is built on the WebHealer platform. WebHealer may place cookies to enable the website to function correctly and to collect basic technical data about visitors.
These third parties have their own privacy and cookie policies. I encourage you to review their policies if you would like more information about how they use cookies.
You can control and delete cookies through your browser settings. Most browsers allow you to:
Please be aware that blocking all cookies may affect how this website functions.
For detailed instructions on managing cookies in your browser, visit www.aboutcookies.org, which provides guidance for all major browsers.
You have the right to opt out of statistical cookies at any time without affecting the core functionality of this website. As noted above, we do not currently use statistical cookies, but should this change, you will be able to manage your preferences through your browser settings or any consent tool we implement.
I will update this cookie policy if my use of cookies changes. Any significant changes will be reflected here, and the date at the top of this page will be updated accordingly. I encourage you to check this policy periodically.
If you have any questions about this cookie policy or how I use cookies, please contact me:
Mr. Lee Payton
Lee Payton Counselling & Psychotherapy
Email: lee [at] leepayton.co.uk
You can also view my full compliance documentation at https://leepaytoncounsellingpsychotherapy.policydiary.co.uk
----------
Last updated: 20 June 2026
Lee Payton Counselling & Psychotherapy
This policy explains how long I retain your personal information, why I need to keep it, and what happens to it afterwards.
As a counsellor and psychotherapist in private practice, I am required to keep records for several important reasons:
The records I keep may include:
I take the security of your information seriously:
Under UK GDPR, you have the right to request that your personal data be erased. However, this right is not absolute. Where I am required to retain your records by professional guidelines, insurance requirements, or law, I must keep them until the end of the applicable retention period.
If you ask me to delete your data before the retention period ends, I will explain clearly why I need to continue holding it and for how long. Once the retention period has passed, I will securely dispose of your records as described below.
At the end of the relevant retention period:
I maintain a disposal log to record when records have been destroyed.
I am currently putting arrangements in place with a trusted colleague (a clinical executor) who would manage client records securely in the event I become incapacitated or pass away. I will inform clients when these arrangements are complete.
If you have any questions about how long I keep your data, or if you wish to make a complaint about how your information has been handled, please contact me:
Email: lee [at] leepayton.co.uk (The email above is shown with [at] in place of @ to reduce spam — please replace [at] with @ when emailing)
You can also use the complaints form at:https://leepaytoncounsellingpsychotherapy.policydiary.co.uk
If you are not satisfied with my response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Mr. Lee Payton Lee Payton Counselling & Psychotherapy ICO Registration: ZA883086