Privacy policy.
Jenna Rooke Therapy
Jenna Rooke
MBACP 396554
ICO Registration Number: ZB987284
Email: jennarooketherapy@outlook.com
Effective Date: June 2026
Next Review Date: June 2027
Purpose of this Privacy Notice
This Privacy Notice explains how Jenna Rooke collects, stores, uses, and protects your personal information when you enquire about or engage in counselling, clinical hypnotherapy, or group wellbeing services.
I am committed to handling personal information responsibly and in accordance with:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Privacy and Electronic Communications Regulations (PECR)
Data (Use and Access) Act 2025
British Association for Counselling and Psychotherapy (BACP) Ethical Framework
Jenna Rooke is the Data Controller responsible for the personal information collected through this practice.
Information I Collect
To provide counselling, clinical hypnotherapy, and related services safely and ethically, I may collect the following:
Personal Information
Name
Date of birth
Address
Telephone number
Email address
Health and Wellbeing Information
Information relating to your physical or mental health
Information shared during counselling or hypnotherapy sessions
Assessment information
Brief factual session notes
Professional and Emergency Information
GP details
Emergency contact details
Administrative Information
Appointment records
Communication records
Signed contracts and consent forms
Payment records, invoices, and receipts
Children and Young People
Where services are provided to a person under the age of 18, relevant information may initially be provided by a parent or person with parental responsibility.
How Information Is Collected
Information may be collected:
Through website enquiries and contact forms
By email, telephone, or WhatsApp
During consultations and assessments
During counselling or hypnotherapy sessions
Through administrative communications relating to appointments and payments
I do not normally collect information about you from third parties without your knowledge and consent.
How Your Information Is Used
Your information may be used to:
Provide counselling, clinical hypnotherapy, IEMT and related services
Assess suitability for therapy
Maintain appropriate clinical records
Manage appointments
Communicate regarding appointments and enquiries
Process payments and maintain financial records
Fulfil professional, ethical, legal, and safeguarding responsibilities
Your personal information will never be sold to third parties or used for marketing purposes without your consent.
Legal Basis for Processing
Personal Data
Personal information is processed under:
Article 6(1)(b) UK GDPR – Performance of a contract
Article 6(1)(c) UK GDPR – Compliance with legal obligations
Article 6(1)(f) UK GDPR – Legitimate interests in operating a safe and professional practice
Special Category Data
Information relating to physical or mental health is classified as Special Category Data.
This information is processed under:
Article 9(2)(h) UK GDPR – Provision of health or social care
Schedule 1, Part 1, Paragraph 2 of the Data Protection Act 2018
Confidentiality
Confidentiality is fundamental to counselling and clinical hypnotherapy.
Information shared during sessions will remain confidential except where:
There is a serious risk of harm to yourself
There is a serious risk of harm to another person
A child or young person is at risk of significant harm
A vulnerable adult is at risk of abuse or neglect
Disclosure is required by law
Disclosure is required by a court order
Where appropriate, I will endeavour to discuss any disclosure with you before taking action unless doing so would increase risk.
Clinical Supervision
As a registered member of the British Association for Counselling and Psychotherapy (BACP), I attend regular clinical supervision to support safe, ethical, and effective practice.
During supervision, aspects of client work may be discussed for professional reflection and support. Information shared is limited to what is necessary and discussed in a way that protects client confidentiality. Identifying information is not routinely shared and I would normally indicate only whether a client is an adult or a child where relevant to the discussion.
My supervisor is bound by professional confidentiality and ethical obligations.
Third-Party Service Providers
To operate my practice safely and effectively, I use trusted third-party service providers including:
Squarespace – website hosting and contact forms
Microsoft Outlook and Microsoft 365 – email communications and administration
Doxy.me – secure online counselling sessions
WhatsApp – appointment reminders and administrative communications where agreed or for secure online counselling sessions
Monzo Business Bank – payment processing and financial administration
These providers maintain their own privacy and security measures and process information only as necessary for the services they provide.
International Data Transfers
Some service providers may process or store personal information outside the United Kingdom.
Where international transfers occur, appropriate safeguards are used in accordance with UK GDPR requirements. These may include:
Adequacy Regulations
International Data Transfer Agreements (IDTAs)
Standard Contractual Clauses (SCCs)
Other recognised transfer mechanisms
Further information can be provided upon request.
Cookies and Website Use
My website may use cookies and similar technologies to support website functionality, security, and performance.
Contact forms may collect information that you choose to submit in order to make an enquiry.
Google reCAPTCHA may be used to protect website forms from spam and misuse. Information collected through reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.
You may manage cookie preferences through your browser settings.
Retention of Information
Information is retained only for as long as necessary and in accordance with professional, insurance, legal, and risk-management requirements.
Record Type Retention Period:
Adult client records – 7 years after the final session
Client records where counselling ended before age 18 – Until age 25
Financial records – 6 years
General enquiries that do not become clients – Up to 12 months
At the end of the retention period:
Paper records are securely destroyed.
Electronic records are securely deleted.
Storage, Security and Business Continuity Arrangements
I take appropriate technical and organisational measures to protect personal information from unauthorised access, misuse, alteration, loss, or disclosure.
These measures include:
Password-protected systems and devices
Secure email and electronic record systems
Secure storage of paper records where applicable
Restricted access to personal information
Business Continuity Arrangements
In the event of my death, serious illness, incapacity, or any circumstance that prevents me from continuing to practise safely, a designated professional colleague may be given limited access to the names and contact details of active clients.
This access is solely for the purpose of informing clients that I am no longer able to provide services and, where appropriate, signposting them to alternative support.
Counselling notes, assessments, health information, and the content of therapeutic work will not be routinely shared with or accessed by this individual unless required by law.
Any person involved in these arrangements will be subject to professional confidentiality obligations and will only access the minimum information necessary to carry out this role.
Your Rights
Under UK GDPR, you have the right to:
Be informed about how your information is used
Access the personal information I hold about you
Request correction of inaccurate or incomplete information
Request erasure where legally appropriate
Restrict processing in certain circumstances
Object to certain types of processing
Request transfer of your information where applicable
Lodge a complaint
To exercise these rights, please contact:
I will normally respond within one month.
Requests for Information, Records and Reports
You have the right to request access to personal information held about you.
Requests will be considered in accordance with UK GDPR, the Data Protection Act 2018, and any other relevant legal obligations.
Information will normally be provided directly to the client concerned, or to a person legally entitled to act on their behalf.
I do not routinely prepare reports or release counselling records to solicitors, insurers, employers, schools, family members, or other third parties acting on a client's behalf unless:
I have the client's valid written consent;
I am satisfied that the individual has legal authority to act for the client; or
I am required to do so by law.
Data Protection Complaints Procedure
If you have concerns about how your personal information has been collected, stored, used, or shared, you have the right to make a complaint.
Complaints may be made by:
Email: jennarooketherapy@outlook.com
Website: www.jennarooketherapy.com
I encourage you to raise concerns with me in the first instance so that I have the opportunity to investigate and resolve them.
I will:
Acknowledge receipt of your complaint within 30 days
Investigate your concerns fairly and appropriately
Keep you informed where necessary
Provide a response without undue delay
If you remain dissatisfied after I have responded, you have the right to contact the Information Commissioner's Office (ICO).
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
You may also raise concerns regarding my professional conduct with the British Association for Counselling and Psychotherapy (BACP).
Changes to This Privacy Notice
This Privacy Notice is reviewed regularly and may be updated to reflect changes in legislation, professional guidance, or working practices.
The most current version will always be available on my website.