GDPR agreement

My GDPR agreement explains how any of the personal data collected or provided, by either myself or you, will be confidently stored or processed. 

How I gather your personal information?

  • Emails sent to
  • Phone or text messages sent to 07821 201 555
  • Start of counselling form provided at the beginning stages of therapy
  • Messages sent to me through my website at
  • Messages sent through directories (BACP, counselling-directory)
  • For online sessions, I use the platforms Zoom and Google Meet and all information, for example chats in the applications, will be discarded directly after the session finishes or when your therapy sessions end

Where will your personal information be stored?

  • Personal data that is sent through to my email or phone will be stored securely on devices that are password protected. I only have access to these devices
  • Any agreement or start/end of counselling forms will either be stored electronically on a password protected device or filed in a secure, locked drawer (if handwritten)
  •  Any brief session notes will be stored on a secure, password protected device and I will use your initials to anonymous your identity

What may I use your information for?

  • Information such as your contact details will enable me to respond to any requests or queries you may have about my service. It may also be necessary for us to notify each other about changes in circumstances throughout the course of our therapy work if this applicable
  • Due to my ethical obligation to attend regular supervision, aspects of our work may be shared confidentially with my supervisor (please refer to therapy agreement). However, I will refer to you using your initials to protect your identity.

How do I keep your information/sessional notes for? 

  • All text messages sent will be deleted straight away. If for example you message to change a date or time, I will make the amendments in my diary and delete your text 
  • Your contact name will appear in my phone as your initials and once therapy has ended, I will delete your contact information
  • Emails are deleted weekly
  • I keep all forms completed by you, and session notes completed by me, for the duration of your therapy. Once therapy has ended, I will keep all forms/notes for a further five years which is a requirement of my insurance cover. After the required five years I will securely destroy all information 

What are your rights?

  • It is your right to view, amend or delete all personal information that I hold. All requests have a month to be carried out

What happens in the event of a data breach?

  • If a data breach of your information occurs, I am legally bound to report this to you and the Information Commissioners Office (ICO) within a 72-hour period

What events may constitute disclosure of your personal information?

  • If it is a legal requirement to do so, such as terrorism or money laundering. Or for any safeguarding concerns involving children or vulnerable adults. I may also need to disclose your personal information if I am summoned to a court of law as a witness. In the event you are in crisis, I may contact your GP or any other relevant services for safeguarding purposes, however I will always endeavour to speak with you about this first
  • In the event of my death or incapacity, your information will be disclosed to my clinical executor so they can contact and inform you. Your personal information will also be destroyed in the event of my death 

What if there are any changes to this agreement?

  • If there are any changes or amendments to this GDPR agreement, I will notify you straight away and provide you with the new agreement for your approval

Your consent

  • By reading through this agreement and undertaking my services (Samantha Miller Therapy), you agree and accept this GDPR agreement. This includes my use and storage of your personal information as stated above. It is your right to withdraw your consent to my use of your personal information at any time