Effective Date: 22nd July 2025

​

This Privacy Policy explains how I, Layla Eissa, as a registered member of the British Association for Counselling and Psychotherapy (BACP), collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Who I Am​

Data Controller: Layla Eissa
Email: Contact
Website: www.laylaeissa.com
ICO Registration Number: Available on request

As a sole trader and therapist, I am the data controller for any personal information you provide.

​

2. What Personal Data I Collect​

When you contact me through my website, I collect the following information:

• Full name (first name and surname)

• Email address

• Message content, which may include sensitive personal data about your mental health or reasons for seeking therapy​

This information is considered personal data and, in some cases, special category data under UK GDPR.

​

3. Legal Basis for Processing Your Data​

Under the UK GDPR, I must have a lawful basis for processing your personal data. These are:

• Consent – When you voluntarily complete my contact form, you are giving explicit consent for me to process the information you provide.

• Legitimate Interests – To respond to your enquiry and assess whether I can offer appropriate services.

• Special Category Data – If you share health-related or other sensitive information, I rely on Article 9(2)(h) of the UK GDPR: processing is necessary for the provision of health or social care.

​

4. How I Use Your Data​

I use the personal data you provide to:

• Respond to your enquiry

• Assess your needs for psychotherapy

• Arrange consultations or appointments

• Fulfil any legal or professional obligations

I will never use your information for marketing purposes.

​

5. How Your Data Is Stored and Protected​

Your data is securely stored and protected against unauthorised access, loss, or misuse. Measures include:

• Password-protected email and devices

• Secure website hosting and SSL encryption

• Professional confidentiality in line with BACP ethical standards

​

6. How Long I Keep Your Data​

If you do not become a client, your enquiry and any related data will be securely deleted within 3 months.

If you do become a client, your data will be stored in line with professional and legal obligations, typically for 7 years after therapy ends, unless otherwise required by law or regulatory guidance.

​

7. Sharing of Personal Data​

I do not share your data with any third parties for marketing or commercial purposes. Your data may only be disclosed:

• If required by law (e.g. court order, safeguarding)

• If there is a serious risk of harm to yourself or others

• With your explicit consent (e.g. GP referral)

​

8. Your Rights Under UK GDPR​

You have the right to:

• Access the personal data I hold about you

• Request correction of inaccurate data

• Request erasure of your data, under certain conditions

• Restrict processing of your data

• Object to processing

• Data portability, where applicable

• Withdraw consent at any time

To exercise your rights, please contact me.

​

9. Cookies

My website may use minimal cookies to improve your browsing experience. A cookie consent banner will be shown when you visit the site. You can control cookie settings in your browser at any time.

​

10. How to Complain​

If you have any concerns about how I handle your personal data, please contact me directly.

You also have the right to complain to the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Helpline: 0303 123 1113

​

11. Updates to This Policy​

This policy is reviewed regularly and may be updated to reflect changes in legal obligations or practice operations. Please check back periodically for updates.

​

By submitting a message through my contact form, you acknowledge that you have read and understood this Privacy Policy.

​

​

​

​