MRM Learning & Development
MRM Learning & Development
  • Home
  • About
  • Fees
  • Contact
  • How it works
  • Therapy Thoughts
  • More
    • Home
    • About
    • Fees
    • Contact
    • How it works
    • Therapy Thoughts
  • Home
  • About
  • Fees
  • Contact
  • How it works
  • Therapy Thoughts

Privacy Policy

Controller: Madeleine Mansfield, trading as MRM Learning and Development Ltd
Contact: mm@madeleinemansfield.com
ICO registration number: ZC008588 

Effective date: 13th October 2025 · Version:1.0


This notice explains what I collect, why I collect it, how I use and store it, how long I keep it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

What I collect

  • Enquiries:     name, email, phone, and your message.
  • Intake      and administration: contact details, emergency contact, GP details      (optional unless risk management requires it), accessibility needs, brief      background, consent and agreement forms, invoices and payment records.
  • Therapy      records: dates of attendance and brief session/process notes.

I aim to collect only what is necessary. Please avoid sending sensitive details by email or text.

Why I collect it (purposes) and lawful bases

  • Responding      to enquiries and arranging appointments – to take steps at your      request before entering into a contract (Article 6(1)(b) Contract).      Where appropriate I may rely on Article 6(1)(f) Legitimate Interests     to respond to general enquiries; my interest is running a counselling      service and you can reasonably expect a reply.
  • Providing      counselling and keeping appropriate records – necessary to deliver a      health service by a professional bound by confidentiality (Article      6(1)(b) Contract and/or Article 6(1)(f) Legitimate Interests).      Because therapy involves health information, I also rely on Article      9(2)(h) (health or social care) with safeguards in the Data      Protection Act 2018 Schedule 1. I keep an Appropriate Policy      Document (APD) that describes these safeguards.
  • Business      operations (accounts, tax, insurance, supervision in anonymised form)      – Article 6(1)(c) Legal Obligation and Article 6(1)(f)      Legitimate Interests (running a safe and effective practice). Where I      use Legitimate Interests, I have balanced your rights and expectations      against my interests and found the impact on you to be low.

Who receives your data

  • My      professional supervisor – client material discussed in anonymised form      to maintain standards.
  • Service      providers (data processors) – secure email, website hosting/forms,      cloud storage/backup, and video‑conferencing (Zoom). These providers act      on my instructions under written terms. I do not sell your data.
  • Others      only when necessary – for example with your explicit consent, to      protect you or others from serious harm, or when required by law or a      court order. Where possible I will discuss this with you first.

International transfers

Some providers may store or access data outside the UK. Where this happens, they use approved safeguards such as the UK Addendum to the EU Standard Contractual Clauses. Details are available on request.

How long I keep your data (retention)

  • Adult      client records: usually 7 years from our last contact, then      securely destroyed.
  • Enquiries      that do not proceed: up to 6 months, then deleted.
  • Financial      records: 6 years to meet tax requirements. Retention may be      extended if a legal claim is in progress. When a period ends, I securely      delete or shred the data.

Your rights

You have the right to access your data, rectifyinaccuracies, erase data in certain circumstances, restrict or objectto processing, and data portability for information you have provided. To exercise a right, contact me using the details above; I will respond within one month. I will ask for ID before releasing information. Some rights may be limited, for example where disclosure would adversely affect another person or where I must keep data for legal reasons.

Security

Paper notes are stored in a locked cabinet within a locked room. Digital records are stored on encrypted devices with strong passwords and two‑factor authentication, with encrypted backups. Access is restricted to me. For online sessions I use Zoom with additional security controls (waiting room, passcodes, no default recording).

How to complain

If you have concerns about how I handle your data, please contact me first. You also have the right to complain to the Information Commissioner’s Office (ICO). Visit ico.org.uk or call 0303 123 1113.

Children

My service is for adults aged 18 and over.

Last updated: 13/10/2025

Copyright © 2025 MadeleineMansfield - All Rights Reserved.

Powered by

  • Contact
  • Privacy
  • Cookies

This website uses cookies.

We use essential cookies to make this site work, and optional analytics cookies to improve it. You can accept, reject, or manage your settings. 

DeclineAccept