Data Controller: Melanie Hudson

Contact details: contact form on the website;; 0775 411 9506

Website this policy applies to: including sub domains (e.g.

Policy Purpose:

This policy is to inform you of how your data is used whilst accessing or interacting with any pages belonging to the website

Melanie Hudson Counselling & Psychotherapy (the data controller) is committed to ensuring that your privacy is protected and maintained. This policy informs you of what information is gathered about you through using this website, what it is used for and any exceptions to your confidentiality.

Website hosted by:

This website is hosted by SquareSpace

SquareSpace uses non EU servers. However, they use the EU-US Privacy Shield Framework so that they are compliant with data protection when sending  information outside of the EU.

More information on this privacy shield can be found:

Information collected about you:

When using pages from certain information may be collected from you from two methods:

  1. The contact form and
  2. Cookies (from Squarespace and Google Analytics)

The Contact Form:

The contact form on my website is hosted by SquareSpace. If you use this contact form the data you send through it passes through SquareSpace servers and is directed to my email account. No information from the contact form is retained by SquareSpace.


What are cookies?

Cookies are small files that are saved on to your computer and are used to collect information to allow myself, SquareSpace and google to monitor how my website is accessed and used. This information is used to improve usability, efficiency and visibility of my website.

What type of information do these cookies collect:

  • Date & Time;
  • The pages you visited and the length of time you spent on them;
  • Your IP address and location of your network;
  • Browser version, operating system, flash version, screen resolution;
  • Referrer - Where you accessed the website from e.g. direct, google, third party website.

Squarespace retain this information for 7 days and google analytics for 14 months.

For more information on SquareSpace Analytics:

For more information on Google Analytics:

How to opt out of cookies:

When you initially accessed you will have been presented with a banner asking if you agree for cookies to be used. If you declined this a cookie should not be placed on your computer. If you accepted and wish to change your mind and for any information from them collected to be removed please contact me at If you did agree to cookies collecting information whilst visiting this agreement expires after 30 days, if you access my website after this time a new cookie banner should appear and you are given the option again on whether you wish to agree or not.

It is possible to set your computer browser to decline the cookies from all websites. How to do this varies depending on your browser. Your website browsers help facilities should be able to explain how you can do this.

There is a tool you can download to prevent Google Analystics recording your data which can be found:  However, please be aware it only prevents Google Analitics from recording this data, SquareSpace would continue to do so unless you set your computer browser to deline all cookies from all websites.

Contact made via email or telephone:

How I use information sent to me by by email or mobile phone is used, please view practice privacy policy below for more information.

Exceptions to confidentiality:

Please view practice privacy policy below for more information.

Accessing other websites:

My website sometimes contains links to external websites that I feel may contain information of interest to you. I have no control over the information on these websites or the data that may be collected about you. This privacy statement only includes and its subdomains (e.g.

Practice Privacy Policy


Data Controller: Melanie Hudson

Contact details: contact form on the website;; 0775 411 9506

Policy Purpose:

This policy is to inform you of how your data is used when contacting me by phone, email or the contact form on this website. It also contains information on data that may be collected about you if you were to book an appointment and undertake sessions with me.

Melanie Hudson Counselling & Psychotherapy (the data controller) is committed to protecting and maintaining your privacy. The aim of this policy is to inform you of what information about you is collected and processed. It also informs you of any limitations to confidentiality.

Using your information:

Personal information which I hold on you may be used in a number of ways:

  • To contact you with regards to appointments, payments or responding to queries you may have;
  • To contact you if I received an information release form from a third party that they were claiming you had signed;
  • To show compliance with GDPR and the BACP Ethical Framework;
  • To comply with legal obligations;
  • In the event of an audit by tax officers or the Information Commissioner's Office;
  • I make factual handwritten notes to remind myself of what was discussed in the session.

Who your information will be shared with:

Your information is kept confidential, however there are exceptions to this:

  • If I was required to do so by law. This could involved sharing information with the legal authorities such as the police or the crown prosecution service;
  • If I was concerned you were at serious risk of harm or someone else was I may need to share information with the crisis team, medical professionals or the police;
  • If I was incapacitated or died your contact details would be accessed by another counsellor so that they could contact you to inform you and to cancel any further appointments;
  • Sometimes I discuss my work with my supervisor (for counselling work) or my Reiki teacher (for my Reiki work) to ensure good practice. However I would not use your name or anything I felt would identify you;
  • Any information required as part of a tax or data protection audit.

How long do you retain my information for?

The following information I retain for seven years from the date of your last appointment before being security destroyed:

  • Hand written notes;
  • Contact sheet that contains dates, times and attendance of your sessions, phone number, email address and postal address;
  • The signed agreement;
  • The signed privacy policy;
  • Bank statements that will show your name if you pay by bank transfer;
  • Transcribed text messages or printed emails.

The above information is stored in a locked filing cabinet.

Digitally stored records may be printed/transcribed and retained as above. However, digital and phone information will be retained for between 60 and 90 days before being deleted:

  • Text messages;
  • Phone call logs;
  • Emails;

The above information is secured using passwords (that only I know) in order to gain access to this data.

Your rights:

You have the right to:

  • request access or a copy of the personal data that I hold on you;
  • Request for any inaccurate or out of date information to be corrected and/or updated
  • To request for your data to be erased that is no longer necessary for me to retain. Requests for your notes and information linked to identifying them as yours will not be erased before the 7 year period. Notes are required for me to comply with legal obligations. This makes such information exempt from requests for erasure. However, any other data would be erased at your request;
  • To withdraw consent at any time for your information to be processed. Again with the exemptions of note keeping and associated information;
  • To request for your data to be portable. This means that your information can be transferred to a different data controller.

For more details on your rights you can visit the information commissioners website:

Information stored outside of the EU:

I use GSuite (google) for my email service which are GDPR compliant. Google servers may be located outside of the EU. Google uses the EU-US Privacy Shield Framework. This means google has adequate security in place for transferring data between the EU and the US for it to comply with data protection.

The contact form on my website is hosted by SquareSpace, who also use EU-US Privacy Shield. If you use the contact form on my website it passes through SquareSpace servers and directed to my email account. No information from the contact form is retained by SquareSpace.

Further information:

For further information on how I maintain security of your information, how to request to withdraw consent and your right to request access to personal information, or any other query on GDRP you can speak to me during your appointment our email me at

If you have any concerns about how your information is held:

If you have any issues or concerns on how I process information held on you you then please either discuss this on one of our sessions or contact me on    If you feel I was not able to resolve your concern you can contact the Information Commissioner's Office on 0303 123 1113, by email at or by post to The Information Comissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.