Privacy Policy

Last updated: 17th June 2026

This privacy policy explains how I, Lucy Reynolds, collect, use, and protect your personal information when you visit lucyreynolds.uk, contact me, or become a client.

I take your privacy seriously – particularly given the sensitive nature of the work I do. This policy is written in plain English wherever possible. If anything is unclear, please email me at help@lucyreynolds.uk and I’ll explain it.

Who I am

I’m Lucy Reynolds, an integrative psychotherapist working in private practice, based in Ramsbottom, Lancashire. I am the “data controller” for the purposes of UK data protection law – this means I’m responsible for deciding how and why your personal information is used.

You can contact me about anything in this policy at:

What information I collect

Depending on how you interact with my website and my practice, I may collect:

If you fill in the contact form on my website:

  • Your name
  • Your email address
  • The content of your message

If you book a free introductory call:

  • Your name
  • Your email address
  • Any information you choose to share in the booking process (for example, via Calendly)
  • Date, time, and confirmation details of the call

If you become a client:

  • Your name, contact details, and (where relevant) address
  • Information you share with me during sessions, including details about your mental health, history, relationships, and personal circumstances. This is “special category data” under data protection law because it relates to your health – I handle it with particular care, explained below.
  • Session notes, which I keep brief and factual in line with my professional and ethical obligations as a BACP-registered therapist, stored in password-protected spreadsheets on my computer
  • Records of payments for sessions (see “Payments” below)
  • Emergency contact details, if you choose to provide them

If you subscribe to my mailing list or download a resource (for example, a quiz or guide):

  • Your name and email address

Automatically, when you visit my website:

  • Basic analytics information such as pages visited, how long you spent on the site, and general location (country/region) – collected via Google Analytics. This data is anonymised/aggregated and is not used to identify you personally.

I do not collect payment card details directly. Payments for sessions are handled through Stripe, a third-party payment processor – see “Payments” below.

Why I collect this information, and my legal basis for doing so

Under UK GDPR, I must have a valid legal reason for processing your personal information. Here’s how that applies:

Contact form and free consultation enquiries I use your name, email, and message to respond to you and arrange a call. This is based on legitimate interest – it’s reasonably necessary to run my practice and respond to people who’ve reached out, and it’s what you’d reasonably expect when you fill in a contact form.

Client records and session notes I process this information to provide you with therapy. The legal basis is performance of a contract (our agreement for me to provide therapy services) combined with explicit consent for the special category (health-related) data shared in sessions, which you give at the start of our work together as part of agreeing to therapy.

Payments I process payment-related information (amounts, dates, confirmation of payment) to fulfil our contract for services and to meet legal obligations around financial record-keeping (for example, for tax purposes).

Marketing emails (if you’ve opted in) I only send marketing emails (such as newsletters or updates) if you’ve actively opted in – for example, by signing up via a form on my website. This is based on your consent, which you can withdraw at any time by unsubscribing or emailing me.

Website analytics Based on legitimate interest in understanding how my website is used so I can improve it. Where required, this is also supported by your consent via a cookie banner (see “Cookies” below).

How I keep your information secure

  • Client session notes are kept in password-protected spreadsheets on a personal computer that is itself password-protected. I take reasonable steps to keep this device secure, including keeping software up to date and not sharing access with others.
  • I follow the confidentiality and record-keeping guidance set out in the BACP (British Association for Counselling and Psychotherapy) Ethical Framework, of which I am a registered member.
  • Where I use third-party services (listed below), I have chosen providers that have their own data protection and security measures in place. I am not responsible for how those third parties secure their systems, but I choose providers who state clearly that they comply with UK GDPR or equivalent standards.
  • No method of storing or transmitting information online is 100% secure. I take reasonable steps to protect your information, but I can’t guarantee absolute security.

Who I share your information with

I do not sell your personal information, and I do not share client session content with anyone outside the limited circumstances below.

Third-party services I use, which may process some of your data:

  • Calendly – used for booking free introductory calls. This platform processes your name, email, and the time of your booking.
  • Stripe – used to process payments for sessions. I send you a secure payment link; Stripe processes your card details directly. I do not see or store your full card details.
  • Mailchimp – used if you subscribe to my mailing list, to send emails such as newsletters or resources you’ve requested.
  • Google Analytics – used to understand website traffic in an aggregated, anonymised way.

These providers act as “data processors” — they process information on my instruction and are bound by their own data protection obligations and terms.

Clinical supervision As required by my BACP ethical framework, I discuss aspects of my clinical work in regular supervision with a qualified supervisor. This is a professional requirement to ensure safe, ethical practice. Anything discussed in supervision is anonymised wherever possible – I do not share identifying details such as your name.

Legal and safeguarding exceptions I will only break confidentiality without your consent in specific, limited circumstances:

  • If I believe there is a serious risk of harm to you or to someone else
  • If I am required to disclose information by law (for example, under a court order)
  • If I am made aware of information relating to terrorism or certain serious crimes, which I am legally obliged to report

Wherever possible, I will discuss this with you first, unless doing so would increase risk.

How long I keep your information

  • Client records (including session notes): I keep these for a minimum of 7 years after our work together ends, in line with BACP guidance and standard professional practice for insurance and ethical purposes. After this period, records are securely deleted.
  • Contact form enquiries that don’t lead to ongoing work: kept for up to 12 months, then deleted.
  • Mailing list information: kept until you unsubscribe or ask me to delete it.
  • Payment records: kept for as long as required by UK tax law (currently up to 6 years).

Cookies

My website may use cookies – small files stored on your device – primarily through Google Analytics, to understand how visitors use the site. These do not identify you personally. You can control or delete cookies through your browser settings at any time. 

Your rights

Under UK GDPR, you have the right to:

  • Access the personal information I hold about you
  • Correct inaccurate information
  • Request deletion of your information, in some circumstances (note: I may need to retain certain records, such as session notes, for the periods set out above for professional and legal reasons)
  • Restrict or object to certain types of processing
  • Withdraw consent at any time, where consent is the basis for processing (for example, unsubscribing from marketing emails)
  • Data portability – request your information in a portable format, where applicable
  • Complain to the Information Commissioner’s Office (ICO) if you believe your information has been mishandled. You can contact the ICO at ico.org.uk or on 0303 123 1113.

To exercise any of these rights, please email help@lucyreynolds.uk. I will respond within one month, as required by law.

Children

My services are intended for adults. I do not knowingly collect personal information from children via this website.

Changes to this policy

I may update this policy from time to time, for example if I start using a new tool or service. The “last updated” date at the top of this page will reflect any changes. I’d encourage you to check back periodically.

Contact

If you have any questions about this policy or how your information is handled, please contact:

Lucy Reynolds Email: help@lucyreynolds.uk Website: lucyreynolds.uk