Privacy Policy
Privacy Policy
David Pearce — Burnout & Stress Psychotherapy | MBACP Website: davidpearce.co Last updated: June 2026
1. Who We Are
This website is operated by David Pearce, a sole practitioner providing burnout psychotherapy and coaching services. David Pearce is a registered member of the British Association for Counselling and Psychotherapy (MBACP, membership number 416175) and is registered as a data controller with the Information Commissioner’s Office (ICO).
For all data-related enquiries, please contact: David Pearce Email: hello@davidpearce.co Website: davidpearce.co
2. What This Policy Covers
This Privacy Policy explains how we collect, use, store, and protect your personal data when you:
- Visit this website
- Submit an enquiry or contact form
- Book a free consultation
- Sign up to the Burnout Regulation Hub
- Become a client and engage in 1:1 sessions or messaging support
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
3. Data We Collect
3.1 Website Visitors
When you browse this website, we may collect:
- IP address and browser type (via standard server logs)
- Pages visited and time spent on the site
- Referring website or search term
This data is collected automatically and is used only to understand how the website is used. It is not linked to your identity.
3.2 Enquiries and Consultations
When you contact us or book a free consultation (via Calendly), we collect:
- Your name and email address
- Any information you voluntarily provide in your message
- Booking preferences and availability
3.3 Sign-ups (Burnout Regulation Hub)
When you sign up for free resources, we collect:
- Your name
- Your email address
3.4 Clients (Intake and Sessions)
When you become a client, we collect and process:
- Name, contact details, and relevant background information provided on intake forms
- Session notes (brief and anonymised — see Section 6)
- Communications via Signal messaging (see Section 6)
- Payment records (name, invoice details)
4. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
| Data Type | Legal Basis |
|---|---|
| Website analytics | Legitimate interests (understanding site usage) |
| Enquiries and consultation bookings | Legitimate interests / pre-contractual steps |
| Email marketing (Burnout Hub sign-ups) | Consent |
| Client intake data and session notes | Contract performance; legitimate interests |
| Clinical session notes | Substantial public interest (mental health) — Schedule 1, Data Protection Act 2018 |
| Payment records | Legal obligation; contract performance |
5. How We Use Your Data
We use your personal data to:
- Respond to enquiries and arrange consultations
- Deliver 1:1 psychotherapy or coaching sessions
- Provide between-session messaging support
- Send free resources and guides (where you have signed up)
- Maintain clinical records as required by professional and legal obligations
- Invoice and process payments
- Comply with our obligations under the BACP Ethical Framework
We will never sell your data to third parties. We do not use your data for automated decision-making or profiling.
6. How We Store and Protect Your Data
We take the security of your personal data seriously. The following measures are in place:
6.1 Intake Forms
Contact details and intake forms are collected and stored via Jotform, a GDPR-compliant platform, protected by two-factor authentication (2FA).
6.2 Session Notes
Clinical session notes are brief, anonymised, and stored digitally on Proton Drive, which uses end-to-end encryption. Access is restricted to the Practitioner only and is protected by a strong unique password and 2FA.
6.3 Messaging (Signal)
Between-session messaging support is provided via Signal, which uses end-to-end encryption and device-level security. Clinically relevant communications may be summarised in anonymised session notes stored on Proton Drive. By engaging in messaging support, you consent to this process.
6.4 Video Sessions
Sessions are conducted via Google Meet. Google acts as a data processor in this context. Please refer to Google’s Privacy Policy for information on how Google processes data during video calls. Session content is not recorded by the Practitioner unless explicit written consent is obtained.
6.5 Email
General correspondence is conducted via standard email. Please be aware that email is not end-to-end encrypted by default. Do not share highly sensitive personal information via email.
7. Third-Party Services (Data Processors)
We use the following third-party platforms, each of which processes your data only as instructed and under appropriate data processing agreements:
| Service | Purpose |
|---|---|
| Jotform | Intake forms and e-signatures |
| Proton Drive | Encrypted storage of session notes |
| Calendly | Consultation booking |
| Google Meet | Video sessions |
| Signal | Between-session messaging |
8. How Long We Keep Your Data
We retain your personal data for the following periods:
- Client records (session notes, intake forms): 7 years from the date of the last session, in line with BACP guidance and UK legal requirements. For clients who were minors at the time of treatment, records are retained until their 25th birthday or 8 years from the last session, whichever is later.
- Email and enquiry correspondence: 2 years, or until no longer needed for the purpose it was collected.
- Marketing sign-ups (Burnout Regulation Hub): Until you unsubscribe or request deletion.
- Payment records: 6 years, in line with HMRC requirements.
After the applicable retention period, data is securely and permanently deleted.
9. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — you may request a copy of the data we hold about you.
- Right to rectification — you may ask us to correct inaccurate data.
- Right to erasure — you may request deletion of your data, subject to our legal and professional obligations to retain certain records.
- Right to restrict processing — you may ask us to limit how we use your data in certain circumstances.
- Right to data portability — you may request your data in a structured, machine-readable format.
- Right to object — you may object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent (e.g. marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact: hello@davidpearce.co
We will respond within 30 days. Some rights may be limited where we are required to retain records for professional or legal reasons.
10. Cookies
This website uses cookies to support its functionality and to understand how visitors use the site. A cookie is a small text file stored on your device.
We use:
- Essential cookies — required for the website to function correctly.
- Analytics cookies — to understand how visitors interact with the site (e.g. pages visited, time on site). No personally identifiable information is collected via analytics.
You can manage or disable cookies through your browser settings. Note that disabling cookies may affect certain features of this website.
11. Children’s Data
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18 without the explicit consent of a parent or guardian.
12. International Clients
If you are based outside the United Kingdom, please be aware that your data will be stored and processed within the UK, which maintains an adequate level of data protection following the UK’s departure from the European Union.
Where any data is transferred outside the UK, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on this website, with the date of the last update shown at the top of this page.
14. How to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office Website: ico.org.uk Helpline: 0303 123 1113
We would, however, appreciate the opportunity to address your concern directly before you contact the ICO. Please email us at hello@davidpearce.co in the first instance.
This Privacy Policy was prepared in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the BACP Ethical Framework for the Counselling Professions.
