Privacy Statement and Data Protection

Last updated: 12.02.26

Your Sounding Boards is a service provided by Ayanda Dlamini-Wolff MBACP (ayanda@indlelacounselling.co.uk) and Diya Bhatnagar MBACP (bhatnagar.diya1@gmail.com ). Under the Data Protection Act 2018, we are “data controllers”. This means that we responsible for deciding how we hold and use the personal information we hold about you.

Your privacy is very important to us and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to us. We are both registered with the ICO (Information Commissioners Office)

  • Ayanda Dlamini-Wolff – ICO Registration No.: ZB601048
  • Diya Bhatnagar  – ICO Registration No.: ZB591920

We both therefore adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

To provide you with the best service possible, we will hold your personal contact details and a brief Arecord of your Sounding board session. Please find below important information about how this information will be held and used.

How do we collect information about you?

We collect information (including contact information) from you during calls and by email when discussing your needs. If you become a client, we make minimal written notes of your session/s. As a general policy, we keep written (whether electronic or otherwise) records containing personal information to a minimum and regularly delete emails and documents where there is no legal or business need to retain that information.

Our insurance companies requires that we keep some notes for a period of 5 years after your Sounding board session/s. This means that we cannot erase certain information we hold about you in that period.

We collect, store, and use the following categories of personal information about you:

  • the information you provide to us when you initially contact us (typically name, email and telephone number)
  • the information you provide to us in your introductory call; and
  • if you become a client, the information you provide to us in your sounding board session/s and any communications between sessions should you have a follow up session or multiple sessions.

How do we use your personal information?

The main purpose for using your personal information is to provide services to you under contract. We will never provide your personal details to a third party without your consent except in the following circumstances:

  • We may discuss some Sounding board sessions in clinical counselling supervision should they bring up anything in our personal processes that needs to be discussed. In these cases, we will, as with our counselling clients, keep identifying information about you to a minimum. These sessions are, however, bound by confidentiality.
  • We may use individual consultants for administrative purposes (for example, if we engage a bookkeeper or accountant, there is a possibility that individual may see your name as part of checking payments). If so, we have a contract with those individuals which places restrictions on when and how they can access your personal information. We do not allow them to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
  • We use third party software (Mircosoft365, Gmail, Adobe Acrobat, Docusign, Calendly, Squarespace and WordPress) which will capture certain information about you when you sign your contract and privacy policy, contact me or book a session. Our contracts with those companies places restrictions on when and how they can access your personal information. Here are links for the privacy policies of Mircosoft, Calendly, Google , Adobe Acrobat, Docusign, Squarespace and WordPress. We also use Zoom to conduct online sessions with the link to this session being sent via your email address. You can find Zoom’s privacy policy here.
  • Ayanda also uses accounting software (Freshbooks) to manage session payments. Here is the link for the privacy policy of FreshBooks.
  • When someone visits our website, we use a third-party service (WordPress) to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow WordPress to make, any attempt to find out the identities of those visiting my website. We use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit our website. Like most websites we use cookies to help the site work more efficiently. No user-specific data is collected by us or any third party.
  • In rare circumstances, to my legal professional advisors and / or underwriters in the context of seeking legal advice or in the context of legal action.
  • Where we are required by law, including by court order.

How long do we keep personal information?

If you become a client, we keep your personal information for as long as you remain client and for 5 years thereafter except where there is a legal or insurance need to retain the information for longer. If you approach us but do not become a client, we will retain personal information you provide for no more than six months. We keep your personal information for these periods for my ‘legitimate business interest’, which means a reasonable use in line with our business activities. We also retain your personal information for that period so that we can show, in the event of a legal or other claim, that we have acted in a lawful and transparent way.

Your rights

Where we have asked for your consent to process personal information, you have the right to withdraw your consent. However, we do not typically ask for your consent to use personal information about you as we use your personal information in order provide services to you under contract and for legitimate business purposes.

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information I hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have corrected any incomplete or inaccurate information we hold about you.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Request the restriction of processing of part or all of your personal information. This can include asking us to stop processing your information for a particular period of time.
  • Request the transfer of your personal information to another party.

If you want to exercise any of these rights, please contact me in writing (which can be by email). Please be aware that we may nonetheless be required to keep some of your personal information for legal or insurance reasons.

How we protect your personal information

We store your personal information using secure physical safeguards and secure IT systems (e.g. password protected computers, back-up drive). Your personal information and client notes are store separately as password-protected files on a password protected computer. Your personal information may also be included in emails or text messages between us, and in the Acuity Scheduling app if you book sessions online. Access to these is password protected.

Contact us

If you have any questions about this privacy notice or how I handle your personal information, please contact yoursoundingboards@gmail.com. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. For more information go to www.ico.org.uk/make-a-complaint.