Debra Canning 

Counsellor & Crisis Worker

Privacy Policy

This privacy policy sets out how I use and protect any information that you give when you use this website and other means of communication such as email, telephone, verbal and written.


I am committed to ensuring that your privacy is protected. Should I ask you to provide certain information by which you can be identified when communicating with me, you can be assured that it will only be used in accordance with this privacy statement.


I may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.


The GDPR defines a ‘data controller’ as the person in an organisation who ‘determines the purposes and means of processing personal data’. For the purposes of the DPR, the data controller I ‘Debra Canning am the data controller.


I am member of the I.C.O. (Registration ZA258713)


I will collect several types of information about you in several different ways. For instance when you visit  I will collect information about your visit: IP address, location, search engine, date, time, operating system and device.


If you request a call back via the web form, I will collect the following information: Name, telephone number, date and time.


When committing to counselling I will hold the following information: name, telephone number, address, availability, the psychological issues that you would like to address and symptoms.


Once therapy commences, I will collect further information from you such as, GP contact details, previous therapy, current medication, previous criminal convictions, network of support, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, overview of your family situation and early memories of caregivers.


Your personal information will be stored no longer than necessary. In practical terms, I will usually store your information for a minimum of seven years following the terminal of your treatment. However, I may need to store your information for longer than this, for example in order to defined myself in a claim situation or to comply with my insurance terms and conditions.


I am committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, I have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information I collect online.


How I use cookies - A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.


I use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. I only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


I will not sell, distribute or lease your personal information to third parties unless I have your permission or are required by law to do so.

You may request details of personal information which I hold about you under the Data Protection Act 1998. 


If you believe that any information I am holding on you is incorrect or incomplete, please email me as soon as possible. I will promptly correct any information found to be incorrect in the time frame set out by the new GDPR requirements.


If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:

  • The right to be informed – that’s an obligation on us to inform you how I use your personal data (and that’s what I am doing that in this privacy policy);
  • The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data I hold about you;
  • The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate;
  • The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data I have about you (unless there’s an overriding legal reason I need to keep it);
  • The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
  • The right to data portability – that’s a right for you to ask us for a copy of your personal data
  • The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
  • Rights in relation to automated decision-making and profiling – that’s a right you have for us to be transparent about any profiling wIdo, or any automated decision-making.

These rights are subject to certain rules around when you can exercise them. You can see a lot more information on them, if you are interested, on the UK Information Commissioner’s Office website.


If you wish to exercise any of the rights set out above, please contact me.


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.

I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up our response.


I try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.


You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.