Now Booking new Clients

Privacy Policy

Contact Details

Data Controller: Graham Wilson T/A Brave Journeys
Address: Tigh an Learaig, Tarves, Ellon, AB41 7LR
Phone: 07818 556866
Email: graham@bravejourneys.co.uk

What Information I Collect

The personal data I collect may include:

  • Name, address, phone number, and email address
  • Emergency contact details
  • GP/doctor information (if relevant)
  • Personal health and wellbeing information relevant to therapy or participation
  • Social media contact details (if you communicate through those platforms)

How I Collect Your Information and Why

I collect personal data directly from you when you:

  • Enquire about or register for therapy, workshops, classes, talks, or courses
  • Subscribe to newsletters or request to be kept informed of future events

This information is used to:

  • Arrange and provide appropriate services
  • Communicate with you regarding sessions, events, or updates
  • Maintain proper client records, as required by professional standards

Legal Basis for Processing

Under the UK GDPR, the lawful bases for processing your personal data are:

  • Consent (Article 6(1)(a)) – for receiving updates and newsletters
  • Contract (Article 6(1)(b)) – to provide the services you request
  • Legal obligation (Article 6(1)(c)) – for regulatory or safeguarding purposes
  • Legitimate interests (Article 6(1)(f)) – to manage and improve services

For special category data (such as health information), the additional basis under UK GDPR is:

  • Provision of health or social care (Article 9(2)(h))

How Your Information is Used

Your information is used solely to:

  • Deliver the agreed services
  • Contact you with session information, invoices, and updates
  • Share information only when necessary for safeguarding, legal requirements, or to prevent serious harm

Your information will never be shared with third parties for marketing or non-essential purposes.

How Your Information is Stored

I take all reasonable precautions to protect your data from loss, misuse, or unauthorised access.

  • Electronic records are stored on encrypted devices
  • Paper records are kept in a secure, locked location
  • Records are retained for 7 years from the end of service and then securely destroyed

Email communication is not encrypted by default. If you prefer encrypted communication, please request it in writing.

While I take care to use antivirus and secure systems, I cannot guarantee that all electronic communications will be virus-free.

Your Data Protection Rights

Under data protection law, you have the following rights:

  • Right to be informed – about how your data is collected and used
  • Right of access – to view the personal data I hold about you
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – to request deletion of your data in certain circumstances
  • Right to restrict processing – to limit how your data is used
  • Right to data portability – to request a copy of your data in a transferable format
  • Right to object – to processing based on legitimate interests
  • Rights in relation to automated decision-making and profiling – (not applicable to Brave Journeys)

You do not have to pay to exercise your rights. I will respond within one month of receiving a request.

To exercise your rights, please email: graham@bravejourneys.co.uk

More information is available at: www.ico.org.uk/your-data-matters

Transfers of Data Outside the UK

If you are based outside the UK or if services involve communication internationally, personal data may be processed outside the UK. Where this occurs, I ensure appropriate safeguards are in place, such as using secure platforms or Standard Contractual Clauses.  Please note any legal proceedings, claims, or disputes arising out of or in connection with this counselling agreement shall be governed by and construed in accordance with the laws of Scotland or of England and Wales, as applicable. By entering into this contract, the client agrees that any such proceedings will be brought exclusively within the jurisdiction of the courts of Scotland or of England and Wales, regardless of the client’s place of residence or where the services were accessed.

Complaints

If you are unhappy with how your personal data has been handled, please contact me first so I can try to resolve the issue.

If you are not satisfied, you can contact the UK’s data protection authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: www.ico.org.uk

If you are based outside the UK, you may also have the right to complain to your local supervisory authority.