Privacy Policy

I respect and value the privacy of everyone who visits this website, (“This Site”). I, Ernesto L Brea am committed to ensuring that your privacy is protected. Should you provide certain information by which you can be identified when using this website, it will only be used in accordance with this Privacy Statement or any specific privacy notice that you are personally issued.

This privacy statement is issued on behalf of Ernesto L Brea Counselling. When I mention, “I”, “me”, “my”, or “myself” in this Privacy Statement, I am referring to the relevant person responsible for processing your data, Ernesto L Brea (“Data Controller”).​

This Privacy Statement sets out how this site uses the personal information that you provide, or which is collected during your visit to my pages. It explains in detail what types of personal data I may collect from you and why, how it is handled, and how it is kept safe, both during and following your visits to this site and in any other interactions with this site and Ernesto L Brea, and importantly, what rights you have in relation to this.

I may change this statement from time to time by updating this page. You should check this page occasionally to ensure that you are happy with any changes. This Privacy Statement is effective from 14th February 2021.

This Privacy Statement is not applicable to any Internet websites controlled by third parties not affiliated with myself, Ernesto L Brea that this site may link to (“Third Party Sites”). Please review the privacy statements of Third Party Sites as I am not responsible for and have no influence on the content or the privacy practices of Third Party Sites.

This statement is subject to any additional terms of disclaimers or other contractual terms you have entered into with me such as client privacy statements or notices, and any applicable mandatory laws and regulations.

Please read this Privacy Statement carefully and ensure that you understand it. Your acceptance of this Privacy Statement is deemed to occur upon your first use of this site. If you do not accept and agree with this Privacy Statement, you must stop using this site immediately.

I know that there’s a lot of information here, but I want you to be fully informed about your rights, and how I may use your personal information. I hope the following sections will answer any questions you have but if not, please do get in touch with me by contacting me on the details below.

Privacy Statement

Data Controller

A data controller is the individual or legal person who controls and is responsible to keep and use personal information in paper or electronic files. I am the data controller as defined in accordance with current Data Protection Legislation. Details of Data Protection Legislation can be found in the “Legal Information” section below.

The lawful basis I use to hold or process your information

Data Protection law says that I can use personal information only if I have a proper reason to do so. The law on data protection sets out several different reasons where I may collect and process your personal data, including:

  • Contractual obligations: In certain circumstances, I need your personal information to comply with my contractual obligations with you.
  • Legal duty: In rare cases, where I am required by law to provide your details. If this happens I will let you know in advance.
  • Legitimate interest: In most instances, I will require your information to pursue my legitimate interests in a way which might reasonably be expected as part of running the business of psychotherapy and counselling provision; as long as this does not materially impact your rights, freedom or interests.
  • Consent: In specific situations, I can collect and process your information with your consent.

When do I collect your personal data?

In most instances the personal information about you I collect is gathered directly from the therapy sessions I will have with you if you are a client, I may also collect information from the following sources:

Data you give to me:

  • When you engage with me on social media
  • When you contact me by any means with enquiries, queries, complaints etc.
  • When you ask your GP, a family member or partner, another health professional, your Health Insurance provider or when you’ve given any other third-party permission to share the information they hold about you with me
  • When you book any kind of appointment with me
  • When you comment on or review my services
  • When you fill in any forms I may have provided you

When you visit this website my web server may automatically record details about your visit, including:

  • IP address
  • Website from which you visited us
  • Type of browser software used
  • Website pages that you visit
  • Date and duration of your visit to our website

Data from third parties I work with:

  • Interaction with External Social Networks and Platforms: This type of service allows interaction with social networks or other external platforms directly from the pages of applications on this site. The interaction and information obtained through these applications are always subject to the User’s privacy settings for each social network.
  • Google Analytics: Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the information collected to track and examine the use of this site, to prepare reports on its activities and share them with other Google services.
  • Organisations that introduce you to me: psychotherapist and counsellor directories or registers, such as the BACP find a therapist, or Counselling Directory websites
    Other companies or service providers you ask to share your information with me.

Why do I collect your personal information and what do I do with it?

I want to give you the best possible therapy experience. If you contact me or use my services I have a legitimate or sometimes, contractual basis to use your personal information.

Under a legitimate interest, data privacy law allows me to collect your information as part of being able to understand your needs and provide you with the highest levels of professional service.

Here are some of the ways I may use your personal data:

  • For making services available or providing services to you
  • Where I need to perform under an agreement or contract I have entered into with you
  • For on-going administrative purposes
  • Where I need to comply with a legal obligation
  • Where you’ve provided me with consent to contact you directly
  • For internal record keeping
  • Of course, if you wish to change how I use your data, you’ll find details in the ‘Your rights over your personal data’ section below.

Remember, if you choose not to share your personal information with me, or refuse certain contact permissions, I might not be able to provide some services you’ve asked for.

I will inform you where I require your consent to process your personal data. Otherwise, I will process your personal information to meet my legitimate business interests or where it is needed to comply with a legal obligation. In addition, I may also process your personal information prior to entering into an agreement with you, or in order to perform an existing arrangement.

Who I share your personal information with

In most cases if I need to share your personal information I will seek your consent or advise you that I have a legal obligation to share your data. I may share your personal information with the following:

  • HM Revenue & Customs, regulators and other authorities
  • Any party linked with you or your business’s product or service if you are a supplier to me
  • Health insurance providers
  • If there are safeguarding issues and I have a legal obligation to contact the relevant authorities or bodies
  • Insurance companies
  • Other health professionals or your GP
  • Other companies or service providers you ask me to share your information with

Further information is collected from you if you decide to engage in personal psychotherapy or counselling or a contractual agreement with me. Details of what personal information is gathered and how it is managed will be made available to you through a separate Privacy Notice that will be issued to you if you engage further with me in any way.

Controlling your personal data

You may choose to restrict the collection or use of your personal information, details of how can be found below in the “Your rights over your personal data’” section. I do not require your information for direct marketing purposes as I do not undertake such activities.

I will not distribute your personal information to third parties unless I have your permission or am required by law to do so.

What location do I process your personal information in?

Your personal information is only processed within the United Kingdom of Great Britain and European Economic Area (“the EEA”) (the EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein), and as such is subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. I will not disclose your personal information to parties who are not authorised to process them.

How long do I keep your personal information?

I will keep your personal information for as long as you are a client or supplier of mine. I will only retain your personal information for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

Details of my retention periods will be made available to you through a separate Privacy Notice that will be issued to you if you engage further with me in any way.

At the end of a retention period, your information will either be deleted completely or anonymised, for example by aggregation with other information so that it can be used in a non-identifiable way for statistical analysis, publications and business planning.

I may keep your information for longer than 7 years if I cannot delete it for legal, regulatory or technical reasons. If I do, I will make sure that your privacy is protected and only use it for those purposes.

Your rights over your personal data

In any of the situations below, if you are looking to have me provide, correct or erase your personal information please contact me directly via the details already provided in this Privacy Statement.

Where permitted by relevant Data Protection Legislation you have the right to request:

  • Access to the personal information I hold about you (free of charge in most instances), and to learn the origin of the data, the purposes and ends of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the information may be disclosed
  • The correction of your personal information when it’s incorrect, out of date or incomplete
  • That I stop using your personal information and delete it from my records if it is no longer needed for the purposes indicated in this Privacy Statement
  • That I stop any consent-based processing of your personal information after you withdraw that consent
  • The restriction of the processing of your personal information in certain circumstances, e.g. where you have contested the accuracy of your personal data, for the period enabling me to verify its accuracy
  • In certain circumstances, to request the transfer of your personal information to you. This data portability enables you to have your information transferred to other third-parties too
  • File a complaint with me and/or the relevant data protection supervisory authority (details can be found below)

Checking your identity

In order for me to protect the confidentiality of your information, I will ask you to verify your identity before proceeding with any request you make under this Privacy Statement.

How to complain

Please let me know if you are unhappy with how I have used your personal information. You can contact me by email:

You also have the right to complain to the Supervisory Authority, the Information Commissioner’s Office (ICO). Find out on their website:

Security of data

I am committed to ensuring that your personal information is secure. To prevent unauthorised access or disclosure, I have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information I collect online.

Treatment of electronic messages sent to and from my website

All electronic messages sent to and from Ernesto L Brea Counselling are protected by reasonable technical and organisational measures and may only be accessed in justified cases in line with applicable laws and regulations (e.g. court order, suspicion of criminal conduct, violation of regulatory obligations) to specific persons in defined functions (e.g. Legal, IT).

Considerations when communicating with me over the Internet

The Internet is generally not regarded as a secure environment, and information sent via the Internet (such as to or from my website or via electronic message) may be accessed by unauthorised third parties, potentially leading to disclosures, changes in content or technical failures. Even if both sender and receiver are in the same country, information sent via the Internet may be transmitted across international borders and be forwarded to a country with a lower data protection level than exists in your country of residence.
Please note that I accept no responsibility or liability for the security of your information whilst in transit over the Internet to me.

Use of cookies

To find out more about how I use cookies please see my cookie notice.

Notice to European Users: this Privacy Statement has been prepared in accordance with current Data Protection Legislation. By this I mean, the Data Protection Act 1998, the Data Protection Directive (95/46/EC), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) (as amended), the Human Rights Act 1998, the European Convention on Human Rights, General Data Protection Regulation (GDPR) (EU 2016/679) and all applicable laws and regulations relating to the processing of the personal information and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner, and the equivalent of any of the foregoing in any relevant jurisdiction. References to legislation include any amendments made to those laws from time to time.

This website may contain links to other websites of interest. However, once you have used these links to leave this site, you should note that I do not have any control over that other website. Therefore, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Statement. You should exercise caution and look at the privacy statement applicable to the website in question.

How to contact me

If you have any queries about how I use your personal data, you can contact me by email: