Data Retention

Last updated: 07 July 2026

Introduction

This policy explains how long I keep your personal information, why I keep it, and what happens to it when I no longer need it. I am committed to keeping your data secure and only holding it for as long as necessary.

I am Claudia Gridelli, a counsellor registered with the Information Commissioner's Office (ICO registration number: ZB879569). This policy applies to all personal data I collect and process at Core Support Therapies.

Why I Retain Your Data

I keep your personal information for several important reasons:

  • Legal obligations - UK law requires me to keep certain records for specific periods, particularly financial records for tax purposes

  • Professional standards - As a counsellor, I am expected to maintain adequate records to support continuity of care and to demonstrate professional practice

  • Insurance requirements - My professional indemnity insurance requires me to retain records in case a claim is made after therapy ends

  • Your protection and mine - Retaining records allows me to respond to any future queries about your care and provides evidence of the work we did together if ever needed

Retention Periods

Type of Record: Client therapy records (adults)

How Long I Keep It: 7 years after our last session

Reason: In line with the Limitation Act 1980 and standard professional indemnity insurance requirements

——————————————————

Type of Record: Enquiry and contact data (non-clients)

How Long I Keep It: 12 months from last contact

Reason: To respond to your enquiry and follow up if appropriate

——————————————————

Type of Record: Financial records and invoices

How Long I Keep It: 6 years

Reason: HMRC legal requirement

——————————————————

Type of Record: Insurance records

How Long I Keep It: 7 years

Reason: To support any potential insurance claims

——————————————————

Type of Record: Website contact form submissions

How Long I Keep It: 12 months

Reason: Unless you become a client, in which case the client retention period applies

What Information I Retain

The types of personal information I may keep include:

  • Contact details - your name, address, telephone number, and email address

  • Session notes - brief notes about our work together, including themes discussed and progress made

  • Assessment and intake information - details you provide when we first begin working together

  • Correspondence - emails, letters, and messages between us

  • Payment records - invoices, receipts, and records of payments made

  • Consent forms and agreements - including your signed therapy contract

How I Store Your Data

I keep both electronic and paper records, and I take the security of your information seriously.

Electronic records:

  • Stored on encrypted devices with password protection

  • Access restricted to me only

  • Regular security updates applied

Paper records:

  • Kept in a locked filing cabinet

  • Located in a secure room

  • Access restricted to me only

Limited access by others:

  • My clinical supervisor may hear anonymised case material during supervision sessions — this means I discuss our work without using your name or identifying details

  • My external bookkeeper has access to invoice data only (your name, service provided, and payment amount) for accounting purposes — they do not have access to therapy records or session notes

Your Right to Erasure

Under UK GDPR, you have the right to request that I delete your personal data. However, this right is not absolute. I may need to decline or limit your request where:

  • I am required to keep records for legal reasons (such as HMRC requirements for financial records)

  • Retention is necessary to meet professional standards expected of counsellors in private practice

  • My professional indemnity insurance requires me to retain records

  • The data is needed to establish, exercise, or defend legal claims

If I cannot fully comply with an erasure request, I will always explain my reasons clearly and in plain language. I will delete any data that is not subject to these limitations.

Secure Disposal

When the retention period ends, I dispose of your data securely:

  • Paper records - Shredded using a cross-cut shredder

  • Electronic records - Permanently deleted using secure deletion software that overwrites the data to prevent recovery

I conduct regular reviews to identify records that have reached the end of their retention period and dispose of them promptly.

Clinical Will Arrangements

I am currently putting arrangements in place for a clinical will. This is a plan that ensures your records are handled appropriately and confidentially if I become unable to continue practising due to illness, incapacity, or death. Once these arrangements are finalised, I will update this policy and inform clients accordingly.

Questions or Complaints

If you have any questions about how long I keep your data, or if you would like to discuss your records, please contact me:

Email: claudia@coresupporttherapies.co.uk

If you are unhappy with how I handle your data, you have the right to complain to the Information Commissioner's Office (ICO). However, I would welcome the opportunity to address your concerns first. You can also raise a data protection concern via my compliance page:

Compliance page: http://coresupporttherapies.co.uk

Changes to This Policy

I may update this policy from time to time to reflect changes in law or my practice. The "last updated" date at the top of this page shows when the policy was last revised.

Claudia Gridelli Core Support Therapies ICO Registration: ZB879569