Privacy Policy

Lee Payton Counselling & Psychotherapy

GDPR Privacy Notice:

The General Data Protection Regulation (GDPR) which is EU wide and far more extensive than its predecessor the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA. I, Lee Payton, am pleased to provide the following information:

Who I am:

I am a Counsellor and Psychotherapist, and approach my work with the utmost regard for a client’s wellbeing and rights. The British Association for Counselling & Psychotherapy (BACP) regulates and informs my practice, and has an ethical framework to which I also adhere. You can find out more about my professional and legal responsibilities on their website:

Information I collect about you and how I use it:

For the purpose of providing treatment:

Upon starting therapy, basic personal information will be collected for contact and identification reasons. During our therapy meetings, an assessment of your/your child’s psychological health will be completed, and minimal notes will be taken during sessions. These may include personal and sensitive details about your/your child’s life. The assessment and notes are used solely for the delivery of a therapy service to you.

Website Cookies:

My website uses cookies. A cookie is a string of information which a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Cookies to help The Practice to identify and track visitors and their website access preferences. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using this website. I will only collect the information needed so that we can provide you with the services you require, I do not sell or broker your data.

Email collection:

For email addresses collected, information is stored in an automated system via an online secure, encrypted server, for which Graphene Digital Marketing also have access. They do not have access to names or email information, therefore confidentiality is assured if giving your email address. All servers associated with me assure GDPR compliance.

Google analytics:

When someone visits this website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way, which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.


The information about confidentiality in no way contravenes you and your child’s rights under the General Data Protection Regulation May 2018 to access personal data that I hold about you. I keep confidential records (and occasionally statistics) about all the clients I work with. Information (but not names) will be shared with my supervisor who is also accredited and who regularly reviews my practice. These records are subject to the General Data Protection Regulation May 2018. You and your child’s personal and sensitive personal data will only be used in order to provide the service to you/your child and for managing and quality assuring the service. Counselling and Psychotherapy are private and confidential forms of help. I hold information about each of my clients and the counselling or psychotherapy they receive in confidence. This means that I will not normally give your name or any information about you to anyone outside my organisation. However, there are exceptional cases where I might ethically or legally have to give information to relevant authorities, for example if I had reason to believe that someone, especially a child or adult, is at serious risk of harm or to prevent a miscarriage of justice. I will discuss any proposed disclosure with you unless I believe that to do so could increase the level of risk to you or to someone else. There are other supervening legal and ethical obligations, such as my duty to comply with criminal investigations when I am legally obliged to do so. If you come with a partner, or your family, I may suggest seeing each of you individually. It is important for you to know that what is said in those individual sessions will be confidential and not shared with your partner or family unless discussed otherwise. As an Individual Member of the BACP and Graduate Member of the BPS, I adhere to their ethical frameworks and guidelines to ensure that you receive a professional and quality service.

Your rights:

I recognise that on rare occasions my clients may wish to exercise their rights under the General Data Protection Regulation May 2018 and make a subject access request in respect of their personal information held by me. You have rights relating to the information I hold to verify the accuracy or to ask for them to be supplemented, deleted, updated or corrected. You have the right to request a copy of the information that I hold about you. If at any time you wish to exercise your right under the Act you should put your request in writing to me and provide evidence of your identity such as a copy of your passport or driver’s license and proof of your address. When I receive evidence of identity I will respond to your request within 30 calendar days. My response to a valid subject access request will normally be in the form of a schedule listing and describing the personal data I hold on you/your child. You have a right to request the transfer of your data to another individual or company. I want to make sure that your information is accurate and up to date. You may ask me to correct or remove information you think is inaccurate. You have a right to request the transfer of your data to another individual or company.

Lawful basis for processing your information:

The lawful basis for my holding and using your information is in relation to the delivery of a contract to you as a health care professional. As a qualified Counsellor and Psychotherapist, I operate under a strict code of confidentiality.

Data storage:

All Data is held in the United Kingdom. I do not store personal data outside the EEA. All data storage services used are fully GDPR compliant and available on request.

How long is information stored for/data retention:

Your information is kept for the time necessary to provide the therapy service requested, however, outside of this I will hold your details and session notes for a period of seven years following the end of treatment to comply with legal obligations that are placed upon me by my insurers. After this date, all data will be securely deleted.


Mobile phones:

Please switch off your mobile phone during your psychotherapy sessions as it can create an unhelpful distraction and interruption.

Unauthorised electronic recording:

In order for you to work safely and effectively with a Counsellor and Psychotherapist, it is important that the privacy of the work is respected. Please do not attempt to record your counselling or psychotherapy session using any device or app. If it is found that recordings have been made covertly, counselling and psychotherapy services for the individual responsible will be discontinued immediately and I reserve the right to seek legal advice regarding possible further action.

Reports and client records:

Occasionally I am asked by my clients or by external agencies such as Social Services or the NHS to write reports on the progress made in counselling and psychotherapy. I am not normally in a position to do this because of my duty of confidentiality. However, in some circumstances, and on receipt of written consent from the client(s) who attended counselling or psychotherapy, I can provide brief information about the dates and number of sessions attended. Children and vulnerable adults in particular must be given ample opportunity to understand the nature, purpose, and anticipated consequences of any professional information sharing, so that they may give informed consent to the extent that their capabilities allow. Whilst requests of this nature are common, and often helpful, I can only agree to participate in information sharing with informed consent and when it is my professional opinion that it is in a client’s best interest. In addition, I am occasionally also asked by clients, their solicitors, the police and the courts for access to the client records. These are not suitable as evidence in legal proceedings and I reserve the right to resist legal requests to produce the records in court. I do this in order to protect the duty of confidentiality of my clients and to preserve my reputation as the provider of confidential counselling and psychotherapy. There may be times where your information needs to be shared with 3rd parties. I will explicitly ask your consent before doing so, and the data will be sent to 3rd parties securely.

Cancellation policy:

If you intend to cancel, at least 24 hours-notice should be given to avoid cancellation charges. If less than 24 hours-notice is provided, you will be charged the full cost of your session to cover the incurred costs. If a health or insurance company is paying for your treatment, they may make you liable for the charge. Your treatment sessions could be suspended dependent on their policy.


We will review sessions regularly to ensure you feel you are getting the most out of therapy. You are not tied into any commitment you can end sessions at any time. If I consider your requirements beyond my competence I reserve the right to terminate our contract, this will be discussed in the session and recommendations would be provided.

Feedback and complaints:

If you have any feedback about the service you receive from me, or you are not satisfied with your experience, please contact me. It is possible that I can resolve your complaint and I welcome feedback. If you make a complaint, I will always take it seriously as it allows me to improve the service that I can offer to others.


At the start of treatment a consent form is given to you which enables you to agree processing your personal data for the purposes outlined above.

For further information or you wish to make a complaint please contact:

Name: Mr. Lee Payton (Counsellor and Psychotherapist and Data Protection Representative)

Contact Number: 07782 556916


Full Address: Windlass Cottage, Bank Mill Lane, Berkhamsted, Hertfordshire, HP4 2NS

ICO (Information Commissioner’s Office): Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone +44 (0) 303 123 1113