Mind & Heart Counselling
Log inGet started

Privacy Policy

Last updated: May 2026

1. Introduction

Mind & Heart Counselling (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and counselling services.

This policy complies with the Nigerian Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023, as well as applicable international data-protection principles. By using our services, you consent to the practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is Mind & Heart Counselling, operated by Ajibola Adeoye-Adeyemi. For any data-protection enquiries, please contact us at [email protected].

3. Information We Collect

We collect the following categories of personal data:

  • Identity data: Full name, date of birth, and gender.
  • Contact data: Email address, phone number, and postal address.
  • Account data: Login credentials and profile information created when you register.
  • Health & therapeutic data: Information shared during sessions, intake questionnaires (including CORE-10 and CORE-OM responses), session notes, and therapeutic assessments.
  • Payment data: Transaction records processed through our secure payment provider. We do not store full card details on our servers.
  • Technical data: IP address, browser type, device information, and cookies necessary for website functionality.
  • Communication data: Messages sent through the platform and booking correspondence.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: You provide explicit consent when creating an account, completing intake forms, and engaging in therapy sessions.
  • Contractual necessity: Processing is necessary to deliver the counselling services you have requested.
  • Legitimate interest: We may process data to improve our services, ensure platform security, and communicate with you about your sessions.
  • Legal obligation: We may process data where required by law, such as safeguarding obligations.

5. How We Use Your Information

Your information is used to:

  • Provide and manage your counselling sessions.
  • Schedule and manage appointments and reminders.
  • Process payments and issue invoices.
  • Administer intake questionnaires and outcome measures (CORE-10 and CORE-OM).
  • Communicate with you about your sessions and account.
  • Maintain accurate clinical records as required by the BACP Ethical Framework.
  • Improve and secure our platform.

We do not use your data for marketing purposes without your explicit consent, and we never sell your personal data to third parties.

6. Data Storage & Security

Your data is stored on secure AWS (Amazon Web Services) cloud infrastructure, which provides industry-leading security measures including:

  • Data encryption at rest and in transit using AES-256 and TLS 1.2+ encryption.
  • Regular security audits and vulnerability assessments.
  • Access controls and authentication mechanisms to prevent unauthorised access.
  • Automated backups to prevent data loss.

Session notes and therapeutic content are stored separately from identifying information where technically feasible, adding an additional layer of protection.

7. Confidentiality

In line with the BACP Ethical Framework for the Counselling Professions, all therapeutic content is treated as strictly confidential. Information will only be disclosed without your consent in the following exceptional circumstances:

  • Where there is an assessed risk of serious harm to you or another person.
  • Where disclosure is required by law (e.g., court order, terrorism-related offences).
  • In supervision, where your identity is anonymised to protect your privacy.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Client records and session notes: Retained for a minimum of 7 years after the end of the therapeutic relationship, in accordance with BACP guidelines and professional insurance requirements.
  • Account data: Retained for as long as your account is active, plus 7 years after closure.
  • Payment records: Retained for 7 years as required for accounting and tax purposes.
  • Technical logs: Retained for up to 12 months for security and performance monitoring.

After the retention period, records are securely and permanently deleted.

9. International Data Transfers

As our services are delivered online, your data may be processed in jurisdictions outside Nigeria. Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Use of service providers that comply with recognised international data-protection standards.
  • Encryption of all data in transit and at rest.
  • Contractual obligations requiring recipients to protect your data to the same standard as required under the NDPR/NDPA.

10. Your Rights

Under the NDPR and NDPA, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal and professional retention requirements.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Request your data in a structured, commonly used format.
  • Right to withdraw consent: Withdraw your consent for data processing at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: Contact the Nigeria Data Protection Commission (NDPC) if you believe your data-protection rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

11. Cookies & Analytics

This website uses only essential cookies required for core functionality (e.g., authentication and session management). We do not use third-party tracking cookies or share your browsing data with advertisers.

12. Third-Party Services

We use carefully selected third-party services to deliver our platform. These include:

  • Payment processing: Secure payment providers to handle transactions. We do not store your full card details.
  • Cloud hosting: Secure AWS infrastructure for data storage and application hosting.
  • Email communications: For appointment reminders and account notifications.

All third-party providers are bound by data-processing agreements that require them to protect your data in accordance with applicable data-protection laws.

13. Children's Data

Our services are designed for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated to you via email or a notice on our website. We encourage you to review this policy periodically.

15. Contact

For privacy-related enquiries, to exercise your data-protection rights, or to raise a concern, please contact us at:

Mind & Heart Counselling

Email: [email protected]

Website: mindandheartcounselling.com