Privacy Policy
Effective Date: 1st of December 2025
1. Introduction
This Privacy Policy describes how Kitti Eva Orban (the “Provider,” “I,” or “We”), operating as a psychologist, collects, uses, and protects the personal and sensitive health information (Personal Data) of clients (“Client” or “You”) in the provision of psychological and advisory services at Orban Counselling.
The Provider is committed to protecting your privacy and handling your Personal Data in a transparent and ethical manner, adhering to relevant data protection laws the UK GDPR and the Data Protection Act 2018.
2. Data We Collect
We collect various types of information, which fall into the following categories:
2.1 Identity and Contact Data
This includes your name, address, email address, telephone number, and any other contact details provided during booking or service provision.
2.2 Sensitive Health Data (Session Records)
This includes session notes, assessment results, treatment plans, and any other mental health information or personal details you share during the sessions (Online Psychological Mental Support or Parents Advice Sessions).
2.3 Financial and Transaction Data
This includes records related to payments, invoices, bank transfer details (if provided to confirm payment), and service fees. Note that we do not store full credit card details.
2.4 Technical Data
This includes IP addresses, browser type, and time zone settings related to accessing the website or the Google Meet platform, for security and service delivery purposes.
2.5 Group Application Data
For in-person Group Sessions, we collect application and selection information, which may include details necessary to assess suitability for the group environment.
3. How We Use Your Data
We use your Personal Data based on ethical and lawful grounds for the following purposes:
| Purpose | Type of Data Used | Lawful Basis |
|---|---|---|
| Service Provision | Identity, Sensitive Health | Contractual necessity and legitimate interest (providing effective care). |
| Booking & Reminders | Identity, Contact | Contractual necessity (managing appointments). |
| Billing & Payment | Financial, Identity | Legal obligation (tax and accounting requirements). |
| Ethical & Legal Compliance | Sensitive Health, Identity | Compliance with the BPS ethical framework and legal obligations (e.g., safeguarding). |
| Service Improvement | Sensitive Health (Anonymised) | Legitimate interest (improving professional practice via supervision). |
4. Confidentiality and Disclosure
4.1 Professional Confidentiality
All Sensitive Health Data and session content are held in strict professional confidence, consistent with the BPS ethical framework.
4.2 Limits to Confidentiality
Confidentiality may be lawfully and ethically broken in the following limited circumstances:
- Risk of Harm: If the Provider believes there is a significant risk of serious harm to the Client or to a third party.
- Legal Obligation: If the Provider is compelled by a court order or other legal requirement to disclose information.
- Professional Supervision: Information may be discussed in professional supervision sessions to ensure the quality of care, but identifying details will be protected and anonymized where possible.
4.3 Third Parties
We do not sell or rent your Personal Data to third-party marketing companies. We only share data with necessary third parties (like accounting software or secure cloud storage providers) under strict contracts that ensure the data is protected.
5. Data Storage, Security, and Retention
5.1 Security
We implement appropriate technical and organisational measures to secure your Personal Data against accidental loss, unauthorised access, use, alteration, or disclosure. Session notes and sensitive records are stored securely in encrypted and password-protected systems.
5.2 Retention
We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements (e.g., maintaining records for a specified period after termination of services as required by professional guidelines). This period is currently 7 years.
6. Your Rights
Under data protection laws, you have rights regarding your Personal Data, including:
- Access: The right to request a copy of the Personal Data we hold about you.
- Correction: The right to request correction of inaccurate or incomplete data.
- Erasure: The right to request the deletion of your Personal Data, subject to our legal and ethical obligations to retain certain records.
- Objection: The right to object to the processing of your data in certain circumstances.
To exercise any of these rights, please contact the Provider using the details in Section 7.
7. Contact Information
If you have any questions about this Privacy Policy or our data practices, please contact the Provider directly:
Provider: Kitti Eva Orban at Orban Counselling
Email: info@orbancounselling.co.uk
Website: https://orbancounselling.co.uk/
By booking an appointment and utilizing the services of the Provider, the Client acknowledges and agrees to the terms of this Privacy Policy.
Orban Counselling 