Huw Davies Therapy and Supervision

Privacy Notice

Confidentiality and maintaining your privacy and your trust in us is vital for the successful conclusion of our time together.

HMD Therapy and Supervision Privacy Notice

Maintaining your privacy and your trust is very important to Huw Davies Therapy and Supervision (HMDTS and subsequently named as we/our). We aim to be especially clear on why and when we collect your personal information, how we use it, and on the ways in which we can work together to protect your privacy. The Data Protection Act 1998 & General Data Protection Regulation (GDPR) apply. Clients/supervisees may also find the British Association for Counselling and Psychotherapy (BACP) useful for discovering/enquiring about the ethical way in which your personal information will be used by counselling, psychotherapy and supervisory professionals.

This Privacy Notice explains the:

  • Identity and contact information of the data controller

  • Purpose of the processing and the lawful basis for the processing

  • Legitimate interests of the data controller

  • Categories of personal data to be processed

  • Details of whether personal data came from direct or indirect sources

  • Recipients or categories of recipients of the personal data

  • Details of data transfers to a third country and safeguards

  • Length of time personal data is held and reasons for this

Data Subject's Rights (Your rights):

  • Right to complain to the supervisory authority/regulator

  • Details of any part of a statutory or contractual requirement and possible consequences of failing to provide the personal data

  • The existence of any automated decision making, including profiling and information about how decisions are made

What products and services are covered by this notice?

This Privacy Notice applies to the information that we may obtain from you through your use of our counselling, psychotherapy, supervision services or website, collectively called the “services”. If you have any questions or need more information about these services, please contact us at the email address in the section below.

Data Controller:

For the purposes of the data protection & privacy legislation the Data Controller is: -

Huw Davies

Legal Status:

Sole Trader Trading as:

HMD Therapy and Supervision

12 Hammet Street

North Petherton




Purpose and lawful basis:

How do we use the information we collect?

We may use the information we collect for a variety of purposes, including to:

  • Make our Services work for you;

  • Provide, operate, maintain, improve, personalise, and promote our Services;

  • Develop new products, services, features, and functionality;

  • Process and complete transactions, and send you related information, including appointment confirmations and invoices;

  • Communicate with you, including responding to your comments, questions, and requests; providing client/supervisee service and support;

  • Providing you with information about services, transmitting technical notices, updates, security alerts, administrative messages, or Selected advertising or marketing messages;

  • Providing other news or information about us;

  • Monitor and analyse trends, usage, and activities in connection with our Services;

  • Investigate and prevent fraudulent transactions, unauthorised access to our Services and other illegal activities;

  • We may also use the information we collect for other purposes about which we notify you in subsequent versions of this document.

Legitimate Interest:

How do we get your consent for collecting and storing your information?

  • We only process personal data on the basis that such processing is necessary to enter into or perform a contract for our services.

  • Personal data is only processed on the basis that the data subject has consented to such processing.

  • Personal data is only processed on the basis we have a legitimate interest which is not overridden by the rights or freedoms of the affected data subjects.

Categories of personal data and sources:

What information do we collect from you?

  • ​When you ring, text or email us, we will store the information you provide which may include your name and telephone number, voicemail, text or email address and email content in paper format and electronically. If you book an appointment, we will ask you for either a contact number and/or email contact. If you become a client/supervisee, we will collect additional information such as your address and discuss why we collect further information, how we process information and that we may need to collect other information as we work together. During the first session contracting we will discuss our Privacy Policy.

Why this information is collected?

  • Your name, email address or telephone number and the content of your enquiry are necessary for us to respond and/or to make an appointment. The lawful basis for its collection is legitimate interests to allow us to respond to your enquiry. If you book an appointment, we will ask you to provide your address and a contact number to establish you as a genuine client/supervisee and for your protection should an emergency situation arise. The lawful basis for this processing is the contract to provide counselling/supervision services. As the counselling/supervision relationship continues, further personal information may be collected such as GP details. If this collection of information occurs the reasons for the collection will be discussed and made clear.

Analytics: We use analytics provider(s) who use cookies to collect and store analytics information when you use our web services.

We may partner with selected third-party vendors such as and in this instance Google Analytics (and/or other services) to allow tracking technologies on this site, whether accessed through PC, smart phone, or tablet. These tracking and analysing services use cookies to among other things analyse and track user’s use of the site, determine the popularity and usefulness of certain content and better understand online activity to improve our service for you. We use Google Analytics to see how you use this site and our services. We do this to help:

  • Make sure the site meets the needs of its users

  • Make improvements to content

  • Gather feedback to improve our service, for example how we respond to enquiries

  • Allow you to access online services eg payments

  • Monitor use of the site to identify malicious intent or security threat

When accessing the site through whatever means, you are encouraged to review the 3rd parties privacy policy and contact them directly for responses to your questions regarding their use of the anonymous information they collect. It is important to note that we do not transfer or allow the transfer of any of your personal information described in the Categories of personal data and sources:’ section above to these third-party vendors nor is this type of personal information collected by your use of our website.

When you access our website, you will be notified ‘This site uses cookies from Google to deliver its services and to analyse traffic. Information about your use of this site is shared with Google. By using this site, you agree to its use of cookies.’

This privacy notice should be read in conjunction with our cookies page information.

How might we share information?

We do not sell your personal information. We consider personal information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your personal information with other people or organisations (data processors) and these are set out below: (Please note 'personal information' in this context has a different definition than the anonymous information collected during analytics and described in the analytics section above).

We will not share your personal information with companies, organisations, or individuals who are not associated with us unless we have your affirmative consent to do so.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights:

There are occasions when we may disclose your information (including your personal information) to another person or organisation, for example; GP, your designated emergency contact or police. This course of action would most usually be discussed with you to gain your consent. There may be occasions within the therapeutic/supervisory relationship when it is appropriate to take action outside of this consenting relationship.

  • If we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request.

  • To protect the security or integrity of our services

  • To protect our property, rights, and safety and that of our clients/supervisees or the public from harm or illegal activities

  • To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person

  • To allow instructed parties e.g. insurance companies to investigate and defend ourselves against any third-party claims or allegations.

  • To protect you, a vulnerable person, a child or the public if you disclose circumstances where serious harm is likely. The lawful basis for this processing is vital interests.

  • We have a legal obligation to disclose information about serious crimes (money laundering, drug trafficking, acts of terrorism) and pass this information to the police.

  • We also must disclose information if requested to by a court of law. The lawful basis for disclosing serious crime and court disclosure is legal.

  • In our work as counsellors/supervisors we may discuss our work with you anonymously in clinical supervision. This forms part of our professional obligation to ethical practice.

  • When you become a client/supervisee, we will discuss the reasons why we might need to break confidentiality and this forms part of our counselling/supervision contract.

Data Transfers:

The data controller does not transfer personal data outside of the United Kingdom or European Union, apart from the following exceptions where indicated below. All data processors acting on behalf of the data controller have appropriate safeguards in place to comply with the GDPR.

Data Processor Information:

The following describes some of the service providers used by us and they process data in accordance with the GDPR and their own privacy policies (This list is an example and further third parties may be used): –

Website Hosting & payments;



Google Sites


Website analytics;

Google analytics

Email and texting;

Microsoft - Outlook

Vodafone mobile

Other communication;

Microsoft - Skype, Teams

Apple - Facetime



Facebook - WhatsApp, Messenger

This privacy notice does not cover how or to what extent external organisations collect and/or process personal information, ours or yours. Where we use external companies to operate or provide links to websites of other organisations, for example to process payments, we encourage you to read their privacy notices.

How long will we keep the personal data?

Retaining some data may be subject to a statutory retention period and this must be adhered to, (to keep certain data for a minimum period of time). This may include personal data (name, address, contact details), but on expiry of such statutory requirement, such data will be destroyed securely. Where possible any personally identifiable data will be anonymised or pseudonymised. For example, to fulfil the requirements of our personal liability insurance a minimum amount of personal data, including any notes taken during counselling/supervision are required to be kept securely for a period of 5 years from the cessation of our counselling/supervision relationship.

The Data Controller:

The data controller does not process personal data in respect of any statutory requirement. The personal information/data supplied forms part of our contractual counselling/supervisory agreement, and certain communications may not be possible without such personal data being supplied, for example an email to make and/or confirm appointments etc.

Profiling and Automated Decision Making:

No profiling or automatic decision-making processes are undertaken by the data controller in respect of any personal data processing activities.

Your rights:

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

  • The right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

  • The right of rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

  • The right of erasure (often known as the right to be forgotten)

You have the right to ask us to erase your personal information in certain circumstances.

  • The right to prevent processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

  • The right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. If we are processing your information for criminal law enforcement purposes, your rights are slightly different. You are not required to pay any charge for exercising your rights. We have one month to respond to you.

  • The right to object

You have the right to object to processing if we are able to process your information because the process forms part of a public tasks, or is in our legitimate interests.

  • Rights in relation to automatic decision making and profiling

​Under the right of access, you have the right to obtain: -

  1. confirmation that your data is being processed;

  2. access to your personal data and other supplementary information

Use of Closed Circuit Television recording (CCTV):

Please note that 24-hour CCTV operates on, around and in the registered premises (not in counselling/supervision rooms, which are private and information is treated as strictly confidential). CCTV images are recorded for the purposes of crime prevention and public safety and the use of CCTV is registered with the Information Commissioners Office (ICO) under the GDPR. Any recorded images are automatically stored for a maximum of 30 days and then recorded over. Huw Davies, as the data controller is the only person with access to these recorded images, for further information Huw Davies is the point of contact.

Complaints or further information:

So that you are aware of and can verify the lawfulness of the processing, your right to access can be exercised by contacting the data controller as above. Any other questions or observations about the lawfulness of personal data collection, processing or storage, or wish to access any personal information held should be directed to the data controller as above.

You also have a right to complain to the supervisory authority/regulator about organisations processing your personal data. You can exercise this right by contacting the supervisory authority of the data controller as follows: -

Information Commissioner's Office

Wycliffe House

Water Lane




Tel: 0303 123 1113 or 01625 545 745

Further information about the requirements for ethical working, including the collecting, storing and possible sharing of personal data in the counselling profession may be found from contacting the BACP as follows: -

British Association for Counselling and Psychotherapy

BACP House,

15 St John's Business Park,



LE17 4HB,

United Kingdom.

Tel: 01455 883300