Locus of Solace GDPR Policy

General Data Protection Regulation Policy

Locus of Solace


This document outlines the policy of Locus of Solace for meeting the legal obligations with respect to the General Data Protection Regulation (GDPR) from 1st July 2020. Locus of Solace is registered with the Information Commissioner’s Office (ICO).

Locus of Solace is committed to:

  • Being transparent about the personal data held
  • Holding personal data only for legitimate purposes and only for as long as necessary
  • Ensuring that personal data is protected

Informed consent

In order for counselling services to be offered effectively, specific personal data is required to be held on a client, as detailed below. The client will be made aware of the requirement for consent to processing data for the legitimate purpose of contacting clients and offering a therapeutic counselling service under agreement, with regard to client interests and safety.

Personal Data held by Locus of Solace

  • Name
  • Email address
  • Mobile phone number
  • G.P. Surgery
  • Client notes (this may include ‘special category data’ as required for counselling)

Purposes of holding client data

The purposes of holding the data is to arrange and deliver client initial consultation, therapeutic counselling sessions and manage risk. Data may also be held for identifying new clients and marketing purposes.

Data security

Data is accessed solely by Madeleine Heffernan.

All data in the form of pseudonymised notes (under client number) is stored on the Cloud via Google One and password protected. Reliance is placed on their security arrangements.

The name, mobile number, email address and G.P. surgery are stored in Protonmail and computer access is password protected. Reliance is placed on their security arrangements.

The name, mobile number, email address, G.P. surgery and associated client number are stored in a locked notebook.

Sharing data with third parties

Locus of Solace never sells or passes on data to third parties except in circumstances outlined below.

Limited, necessary personal details may be shared with the G.P., where conditions of risk to the client have been identified. Where possible, this will be discussed with the client first.

Information regarding a crime or risk of harm to others may be shared with the Police, Social Services or other relevant authority if deemed necessary.

Your rights

Clients and potential clients have the right to know what personal data we hold on you and why we hold it. If you wish to access your data, request correction of any data held or erasure, please email Your request will be answered within 1 month.

Any serious breach of data (one in which the rights of the data subject are impacted) will be reported to the Information Commissioner’s Office (ICO) and the individual within 72 hours.

Data disposal

Personal data is only held as long as necessary. Your data will be held for 6 years in case of any query regarding your therapy. All data will be ‘hard deleted’ from the system at the end of this period such that reasonable steps have been taken to put the data beyond use.

%d bloggers like this: