European Psychotherapy (UK) & Counselling (EU) Services



Privacy Policy & GDPR

The General Data Protection Regulation (GDPR), seeks to protect and enhance the rights of EU data subjects (You). These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.

This document describes Our (Lesley Kidd (IE), Martin Simpson (IE) and jointly as Bien-Etre Therapy) policies and procedures on the collection, use and disclosure of Your information when You use the webpage ( and Our services, and tells You about Your privacy rights and how the law protects You.

Our Privacy Policy was last updated on [20/02/2023].

The British Association of Counsellors and Psychotherapists also regulate and inform Our practice. You can find out more about professional and legal responsibilities on


For the purpose of the GDPR, Lesley Kidd or Martin Simpson or both if contracted with Bien-EtreTherapy) is the Data Controller. If contracted to Bien-Etre and you prefer to contract with only one party please make this clear.

  • “Data Controller”, refers to the individual provider contacted and contracted with (L. Kidd or M. Simpson). Who alone or jointly determines the purposes and means of the processing of Personal Data.
  • Device” means any device that can access the Service such as a computer, a mobile phone or a digital tablet.
  • Personal Data” is any information that relates to an identified or identifiable individual, such as a name, location, online identifier or identity.
  • “Records” are the information held on the contracted work relating to You. Dates of session (attended or not), brief content of sessions. Hard copy and electronic.
  • Service” refers to the Webpage/site and to the provision of Counselling (as termed in France), Psychotherapy (as termed in UK), Clinical Supervision, Management Support Services and Mindfulness and Meditation Services.

Bien-Etre do not use service providers to process data. No personal data is collected or gathered by this website. No cookies or third party processing.

  • Website/webpage” refers to
  • “You” means the individual accessing or using the Service, or other legal entity on your behalf. Under GDPR You can be referred to as the Data Subject or as the User as you are the individual using the Service.

Information collected about you and how this may be used

While contacting and using Our Service, We may ask You to provide certain information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Current home address
  • Phone number

When You access the Service by or through a device, certain information is automatically collected, e.g. email address, mobile or landline number, skype address. In contacting Us you are understanding that this information is given.

If you make an enquiry we will contact you in the way you have requested or implied (e.g. email, text, telephone call).  We will not ask for you to send personal information to us except for that we require to offer a service to you.  We advise that you do not send detailed information to us.  You will be responsible for information that you share with us (e.g. via email, text).

We use encrypted products for electronic communication that are GDPR compliant (e.g. zoom, microsoft). However no method of transmission over the Internet, or method of electronic storage is 100% secure.

Payment for sessions

Bank payments can be anonymised by use of the reference code provided on the invoice/facture or given in advance on request. If you use your name/initials as a reference on the bank transfer, then this may show up on bank statements. Every effort will be made to redact names should bank statements be used for other purposes (such as tax office). Both Lesley Kidd and Martin Simpson may have access to bank statements.

Disclosure of Your Personal Data

In most cases, we will not share your personal information without your consent.  However, GDPR states that data processing may be vital in the legitimate interests.  We may process Personal Data under the following conditions where necessary:

  • Consent: You have given Your consent.
  • Performance of the contract: for the performance of an agreement with You (Our service delivery).
  • Legal obligations: for compliance with a legal obligation to which we are subject.
  • Vital interests: in order to protect Your vital interests or of another person.
  • Public interests: related to a task that is carried out in the public interest.
  • Legitimate interests: for the purposes of the legitimate interests by Us.
  • Protect and defend Our rights or property: including legal liability.
  • Prevent or investigate possible wrongdoing: in connection with the Service.

We will gladly help to clarify the specific legal basis (statutary) or contractual requirement that applies to the processing and its necessity to enter into a contract.

Confidentiality in Practice:

Anonymised information, but not names will be shared with a clinical supervisor who reviews clinical practice. This is a contractual requirement for good therapeutic practice, (BACP/Performance of the contract).

Therapeutic services are a private and confidential form of help. However, there are exceptional cases where We might have to give information to relevant authorities, for example if there was reason to believe that You, a child or another adult, is at serious risk of harm. We will discuss any proposed disclosure with you unless it is believed that to do so could increase the level of risk to you or the other. There are other legal and ethical obligations, such as to comply with criminal investigations.

If you come with another. It may be suggested seeing each of you individually. It is important for you to know that what is said in those individual sessions will be confidential and not shared with your partner or family unless discussed otherwise.

Your rights

You have rights relating to the information held, to verify the accuracy or to ask for them to be supplemented, deleted, updated or corrected. You have the right to request a copy of the information held about you. If at any time you wish to exercise your right under the Act you should put your request for: Subject Access Request (SAR) in writing to your practitioner (Data controller) and provide evidence of your identity such as a copy of your passport or driver’s license and proof of your address.

Upon receipt of evidence of identity we will respond to your request within 30 calendar days. The response to a valid SAR will normally be in the form of a schedule listing (dates) and describing the personal data held. You have a right to request the transfer of your data to another individual or company.

In most cases, you will receive scanned or electronic information in a portable format.  You will be responsible for the security of that information once it is in your possession.  We may withhold some personal information to the extent permitted by law.  In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.

Additional Rights under the GDPR

  • Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for processing of Your Personal Data. (such as :opt-out of mail outs).
  • Request erasure of Your Personal Data: when there is no good reason for Us to continue.
  • Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to the Service.

Data storage

All data storage services used are fully GDPR compliant. All Data is held in secure premises in France and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Hard and electronic records are stored and destoyed inline with GDPR recommendations.

No transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place.

If you contact us via an organisation then it may be that electronic secure note forms are used (GDPR complian

Reports and client records

We are not normally in a position to write reports on the work because of the duty of confidentiality. A written consent/demand from the client(s)/supervisee is required. Brief information about the dates and number of sessions attended may be provided.

Individuals who are vulnerable must be given ample opportunity to understand the nature, purpose, and anticipated consequences of any professional information sharing, so that they may give informed consent to the extent that their capabilities allow. Information sharing with informed consent is only when it is our professional opinion that it is in a client’s best interest.

We reserve the right to resist legal requests to produce the records in court. This is done to protect the duty of confidentiality of clients.

Children’s Privacy

Our Service does provide services to anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 16 without verification of parental consent, We take steps to remove that information from Our records.

Unauthorised electronic recording

It is important that the privacy of the work is respected. Please do not attempt to record your session using any device or app. If recordings have been made covertly, services will be discontinued and We reserve the right to seek legal advice.

Cancellation policy

24 hrs notice avoids cancellation charges. Less than 24 hrs notice will incur a partial cost of your session charged. Non-attendance without notice the full cost is incurred.

If a health/insurance company is paying for treatment, they may make you liable for the charge. Your treatment sessions could be suspended dependant on their policy.


We can review sessions if you wish, to ensure you feel you are getting the most out of therapy; you are not tied into any commitment you can end sessions at any time. If We consider your requirements beyond Our competence We reserve the right to terminate Our contract, this will be discussed and recommendations provided.

Feedback and complaints

If you have any questions, concerns, feedback or complaint, please use the contacts below. It is possible that We can resolve your concerns and We welcome any feedback or complaint as it allows Us to improve the service.

If you feel we cannot resolve the concerns about your data adequately, please contact the Information Commissioners Office:

Concerns about practice that cannot be addressed by contacting Us can be directed to

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


Name: Lesley Kidd

Name: Martin Simpson



Information Commisioners Office (UK)
Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone +44 (0) 303 123 1113