Legal

Privacy Policy

Last updated: 21 June 2026

Wave Therapies is committed to protecting your privacy and handling your personal data with care and respect. This policy explains what information I collect, why I collect it, how it is used, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. If you have any questions, you are welcome to contact me directly.

1. Who is responsible for your data?

The data controller is:

Wave Therapies

Dylan — Person-Centred Counsellor

Email: [email protected]

Phone: +44 (0) 7713 167293

As a sole practitioner, I am the only person who handles your data. I am registered with the Information Commissioner's Office (ICO) as required by law.

2. What personal data I collect

I may collect and hold the following categories of personal data:

  • Contact information — your name, email address, and phone number, provided when you get in touch or complete a booking enquiry.
  • Session-related information — brief anonymised notes made during or after our sessions for my own professional reflection and supervision purposes.
  • Sensitive personal data — information about your mental and physical health shared during therapy. This is classified as special category data under UK GDPR and is handled with the highest level of care.
  • Website usage data — basic technical information such as your IP address and browser type, collected automatically when you visit this website.

I only collect data that is necessary and relevant to providing you with a counselling service.

3. Why I collect your data and the legal basis

I process your personal data for the following purposes:

  • To provide counselling services — processing is necessary for the performance of a contract (our therapeutic agreement) and, for health data, is based on your explicit consent.
  • To respond to enquiries — processing is based on your consent when you contact me via the website or by phone.
  • To fulfil legal and professional obligations — I am required by my professional body (BACP) and by law to maintain certain records. This processing is based on legal obligation and legitimate interests.
  • To protect vital interests — in rare circumstances where there is a serious risk of harm, I may need to share information with relevant authorities. This is based on vital interests.

4. How long I keep your data

I retain personal data only for as long as necessary:

  • Client records — held for a minimum of 7 years after the end of therapy, in line with BACP guidance and professional indemnity insurance requirements.
  • Enquiry data — if you contact me but do not proceed to therapy, your data will be deleted within 6 months unless you have given consent for me to retain it longer.
  • Website data — basic technical logs are retained for a short period for security purposes and then deleted.

After the retention period, your data will be securely deleted or anonymised.

5. Who I share your data with

Your information is treated as strictly confidential. I do not sell, rent, or share your personal data with third parties for marketing purposes.

In limited circumstances, I may share information with:

  • My clinical supervisor — as required by my professional obligations. Supervision is conducted confidentially and your identity is protected wherever possible.
  • Healthcare professionals — only with your explicit consent, for example if you ask me to liaise with your GP.
  • Statutory authorities — only where I am legally required to do so, or where there is a serious and immediate risk of harm to you or others.

Any third parties I work with are required to handle your data securely and in accordance with UK GDPR.

6. How I keep your data secure

I take the security of your personal data seriously. Measures I take include:

  • Storing electronic records in password-protected, encrypted systems.
  • Using secure, end-to-end encrypted communication for online sessions.
  • Keeping any paper records in a locked, private location.
  • Ensuring that devices used to access your data are password protected.

No method of transmission over the internet is completely secure. While I take all reasonable steps to protect your data, I cannot guarantee absolute security.

7. Cookies and website tracking

This website may use cookies — small text files stored on your device — to help the site function correctly. I do not use cookies for advertising or to track your behaviour across other websites.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of some parts of this website.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data I hold about you.
  • Right to rectification — you can ask me to correct inaccurate or incomplete data.
  • Right to erasure — in certain circumstances, you can ask me to delete your data. Note that professional and legal obligations may mean I am required to retain some records.
  • Right to restrict processing — you can ask me to limit how I use your data in certain circumstances.
  • Right to data portability — you can request your data in a structured, commonly used format.
  • Right to object — you can object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact me at [email protected]. I will respond within one month.

9. Complaints procedure

I take all complaints seriously and am committed to handling them promptly, fairly, and confidentially. If you have a concern — whether about how I handle your personal data or about any other aspect of the service — please follow the steps below.

Step 1 — Contact me directly

In the first instance, please raise your concern with me directly. You can do this by email or telephone:

Dylan Jane — Wave Therapies

Email: [email protected]

Phone: +44 (0) 7713 167293

I will acknowledge your complaint within five working days and aim to provide a full response within 28 days. If the matter is complex and requires more time, I will keep you informed of progress.

Step 2 — BACP

If your complaint relates to my professional conduct as a counsellor and you remain unsatisfied after contacting me directly, you may refer the matter to the British Association for Counselling and Psychotherapy (BACP), of which I am a registered member:

British Association for Counselling and Psychotherapy (BACP)

Website: bacp.co.uk

Phone: 01455 883300

Email: [email protected]

Step 3 — ICO (data protection complaints only)

If your complaint relates specifically to how I handle your personal data and you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

10. Changes to this policy

I may update this privacy policy from time to time. Any changes will be posted on this page with an updated date at the top. I encourage you to review this policy periodically.

Wave Therapies

A calm, confidential space for adults navigating anxiety, stress, and life's quieter struggles.

Professional

Wave Therapies is a registered counselling practice committed to ethical, person-centred care.

Member of the British Association for Counselling and Psychotherapy (BACP)

[email protected]

© 2026 Wave Therapies. All rights reserved.

Privacy Policy

You deserve to be heard.