GDPR & Privacy Policy

This Privacy & GDPR Policy explains how Novissimo Counselling ("we", "our", or "us") collects, uses, shares, and protects your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


As a counselling and psychotherapy practice, we understand the highly sensitive nature of the information shared with us, and we are committed to maintaining the highest standards of confidentiality and data protection.


Who We Are

Novissimo Counselling is a counselling and psychotherapy practice operated by Tony Novissimo, a registered [list qualifications, memberships to professional bodies such as BACP, UKCP, etc.].


For data protection purposes, Tony Novissimo is the Data Controller and can be contacted at:


Email:  counselling@novissimo.co.uk

Phone: 07773 385165

Address:  78 Southam Rd, Radford Semele, Leamington Spa CV31 1UA, UK


Information We Collect

We collect and process the following types of personal information:

  • Essential Information
  • Name and contact details (email address, phone number)
  • Appointment scheduling preferences
  • Session notes and therapeutic documentation
  • Technical Information


When you use our online services (Google Forms, Google Meet):

  • IP address
  • Device information
  • Browser type and version
  • Time zone setting


How We Collect Your Information

We collect information through:

  • Direct interactions with you during therapy sessions
  • Client information forms
  • Email or telephone correspondence
  • Google Forms submission
  • Google Calendar and Google Meet usage data


How We Use Your Information
We use your personal information for the following purposes:

GDPR and Privacy for Novissimo Counselling

Our Use of Google Services
We use the following Google services to facilitate our practice:

  • Google Forms
  • Used to collect client information
  • Data stored in associated Google Sheets
  • Access is restricted to the therapist only
  • Data is encrypted in transit and at rest

Google Calendar

  • Used to schedule and manage appointments
  • Calendar entries contain minimal identifying information
  • Notifications sent to your provided email address

Google Meet

  • Used to conduct video therapy sessions
  • No sessions are recorded unless explicitly agreed in writing
  • Meets standard encryption protocols for video conferencing


Data Sharing and Third Parties

We do not sell, rent, or share your personal information with third parties except in the following limited circumstances:

  • With your explicit written consent
  • To comply with legal obligations
  • With clinical supervisors (anonymised information only)
  • With Google as our service provider (subject to their privacy policies)


Data Retention

We retain your personal information for the following periods:

  • Client contact details: Duration of the therapeutic relationship plus 7 years
  • Session notes: 7 years after the end of our therapeutic relationship
  • Financial records: 7 years (as required by HMRC)


After these periods, your information will be securely deleted or anonymised.


Your Rights Under GDPR

Under the UK GDPR, you have the following rights:

  • Right to be informed about how your data is used
  • Right of access to your personal data
  • Right to rectification if information is inaccurate or incomplete
  • Right to erasure (the "right to be forgotten") in certain circumstances
  • Right to restrict processing in certain circumstances
  • Right to data portability allowing you to obtain and reuse your data
  • Right to object to certain processing of your data
  • Rights related to automated decision making and profiling


To exercise any of these rights, please contact Tony Novissimo using the contact details provided above.


Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of digital files
  • Password protection on all devices
  • Secure, locked storage for any physical documents
  • Regular security updates and reviews
  • Limited access to personal information


Third-Country Transfers

Google may process data outside the UK and European Economic Area (EEA). Google has implemented appropriate safeguards through Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner's Office.


Use of Cookies

Our website uses cookies to enhance your browsing experience. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies.


Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website with a revised effective date. We encourage you to periodically review this page for the latest information on our privacy practices.


Complaints

If you have concerns about our data processing activities, please contact us first so we can address your concerns. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF


Telephone:  0303 123 1113

Website: www.ico.org.uk


Effective Date 
This Version of our Privacy & GDPR Policy is effective as of 10th March 2025
Last Updated: 10th March 2025