top of page

Privacy Policy

Effective Date: August 1, 2025

Last Updated: August 1, 2025
 

About This Policy
Northlight Counselling and Psychotherapy recognises the importance of client confidentiality and privacy, particularly regarding the personal and sensitive information shared when engaging counselling and psychotherapy services. This privacy policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) 2018, the Irish Data Protection Act 2018, and ethical guidelines set by the Irish Association for Counselling and Psychotherapy (IACP).


Data Controller
Alan McCormack trading as Northlight Counselling and Psychotherapy is the data controller responsible for your personal information. You can contact us at:
    •    Email: email address
    •    Phone: phone number
    •    Address: Dublin, Ireland
 

Information We Collect


Personal Information
We collect and process the following types of personal information

Contact Details:
    •    Name, email address, telephone number
    •    Address (if required for invoicing)
    •    Preferred contact method and times
Therapy-Related Information:
    •    Initial assessment information
    •    Therapy session notes and records
    •    Risk assessments (where relevant)
    •    Correspondence between us
    •    Information about your mental health and wellbeing
    •    Details of referrals from other professionals (if applicable)
Administrative Information:
    •    Appointment scheduling details
    •    Payment and billing information
    •    Session attendance records
    •    Consent forms and agreements
 

How We Collect Information
We collect information:
    •    Directly from you during initial contact, assessment, and therapy sessions
    •    Through our website contact forms and booking system
    •    Via email or telephone communications
    •    From referral sources (with your consent)

 

Legal Basis for Processing
Under GDPR, we process your data on the following legal bases:

  • Contract Performance: Processing necessary to provide therapy services as agreed in our therapeutic contract

  • Legitimate Interest: Maintaining therapy records for clinical supervision, professional development, and business administration

  • Vital Interests: Where necessary to protect your safety or the safety of others

  • Legal Obligation: Where required by law or professional regulations

  • For special category data (health information), we process this data because it is necessary for the provision of healthcare treatment.

 

How We Use Your Information
We use your personal information solely for:
    •    Providing counselling and psychotherapy services
    •    Scheduling and managing appointments
    •    Billing and payment processing
    •    Clinical supervision (in anonymised form where possible)
    •    Complying with professional and legal obligations
    •    Risk assessment and management
    •    Communication regarding your therapy
 

Website, Cookies, and Analytics
Our website is hosted on Wix and uses the following technologies:

  • Essential Cookies: Required for booking appointments, processing payments, and managing member accounts

  • Google Analytics: We utilize Google Analytics to gain insight into how our website is utilized. This data is anonymised and helps us improve our services.

  • Third-Party Services: Our website integrates with payment processors and booking systems that may use cookies for functionality

​

You can control cookie settings through your browser preferences. However, disabling essential cookies may affect your ability to book appointments or access member areas.


Information Sharing and Disclosure
Your information remains strictly confidential. We do not share your data with third parties except:

  • With Your Consent: When you explicitly agree to information sharing

  • Legal Requirements: When required by law or court order

  • Risk of Harm: If there is a serious risk of harm to yourself or others (we will discuss this with you beforehand, where possible)

  • Professional Supervision: Clinical supervision may involve discussion of therapy work in anonymised form

  • Service Providers: Secure payment processors and booking systems necessary for our services

We will never share your information with commercial organisations or use it for marketing purposes.

 

Data Security
We implement appropriate technical and organisational measures to protect your data   

    •    Secure, encrypted communication channels
    •    Password-protected systems and devices
    •    Regular security updates and monitoring
    •    Limited access to personal data on a need-to-know basis
    •    Secure backup and storage procedures
 

Data Retention
We retain your personal information for:

  • Therapy Records: 7 years after our last session, following IACP guidelines

  • Contact Information: Duration of therapy plus a reasonable time for administrative purposes

  • Financial Records: As required by Irish tax law (typically 6 years)

  • Email/Text Communications: Duration of treatment plus 1 year

All records are securely destroyed once the retention period has expired.

 

Your Rights Under GDPR
You have the following rights regarding your personal

  • Access: Request copies of your personal information

  • Rectification: Request correction of inaccurate information

  • Erasure: Request deletion of your data (subject to professional retention requirements)

  • Portability: Request the transfer of your data to another provider

  • Restriction: Request limitation of processing in specific circumstances

  • Objection: Object to processing based on legitimate interests

  • ​

To exercise these rights, please contact us using the details provided above. We will respond within one month of receiving your request.


International Data Transfers
Your data is processed within Ireland and the European Economic Area. If we need to transfer data outside the EEA, we will ensure appropriate safeguards are in place.


Children’s Privacy
Our services are provided to adults (18+). If you are under 18, please ensure you have parental/guardian consent before contacting us.


Changes to This Policy
We reserve the right to update this privacy policy to reflect changes in our practices or applicable laws. We will notify you of any material changes via email or by posting a prominent notice on our website.
 

Complaints
If you have concerns about how we handle your data, you can:
    1.    Contact us directly using the details above
    2.    Complain to the Data Protection Commission (Ireland):
       •    Website: www.dataprotection.ie
       •    Email: info@dataprotection.ie
       •    Phone: +353 57 868 4800
 

Contact Us
For any questions about this privacy policy or our data practices, please contact:
Northlight Counselling and Psychotherapy


Email: northlightpsychotherapy@gmail.com

Phone: +353 87 03 44 533


This privacy policy was last updated on date and is reviewed annually to ensure compliance with current legislation and professional standards.

bottom of page