top of page

Privacy

 

Your Privacy Matters

At Paper Plane Counselling, your privacy and confidentiality are taken seriously.

Counselling often involves sharing deeply personal information. It is important that you feel confident that your information is handled with care, stored securely, and used only for the purpose of supporting your work in therapy.

​

We are based in Aotearoa New Zealand and comply with New Zealand privacy law. Where applicable - for example if services are provided to individuals located in the United Kingdom - we also comply with relevant UK data protection legislation.

​

Below you will find our full Privacy Policy, which explains:
 

  • What information we collect

  • Why we collect it

  • How long it is retained

  • How it is stored

  • Your rights

  • How cross-border data transfers are handled

  • What happens in the unlikely event of a data breach
    ​

If you have any questions about anything in this policy, you are always welcome to ask.​

​

openart-image_4U-IdCY-_1749455833988_raw.jpg

1. Introduction

Paper Plane Counselling Ltd is committed to protecting your privacy and handling your personal information in a transparent, secure and respectful manner.

​

As a counselling practice based in Aotearoa New Zealand, we comply with:
 

  • Privacy Act 2020

  • Health Information Privacy Code 2020
     

Where applicable - for example, if services are provided to individuals located in the United Kingdom - we also comply with:
 

  • UK General Data Protection Regulation

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations 2003
     

These laws ensure that personal and health information is processed lawfully, fairly and securely.

For the purposes of data protection law, Amy Mills is the Data Controller.
 

2. What Information We Collect

To provide counselling services, we may collect:
 

  • Your name, address, email address and telephone number

  • Date of birth

  • Relevant medical information

  • Information about your personal circumstances and relationships

  • Brief session notes

  • Records of correspondence between us
     

Under UK law (where applicable), health information is classed as “special category data”.
 

3. Why We Collect Your Information

We collect and process your information in order to:
 

  • Provide counselling services

  • Maintain appropriate clinical records

  • Arrange and manage appointments

  • Meet professional, ethical and insurance requirements

  • Comply with legal obligations
     

Your contact details will not be used for marketing purposes unless you have given explicit consent.
 

4. Lawful Basis for Processing (Where UK Law Applies)

If UK data protection law applies to you, personal data is processed on the basis of:
 

  • Performance of a contract (to provide counselling services)

  • Legitimate interests (practice administration and service delivery)

  • Legal obligation
     

Special category (health) data is processed where necessary for the provision of health care and counselling services in accordance with applicable law.

​

5. How Long We Keep Your Information

Your data is retained for 10 years after counselling or supervision sessions have ended.

​

After 10 years, records are securely destroyed or permanently deleted.

​

If you request earlier deletion, this will be considered in accordance with legal, ethical and insurance obligations (see Section 12).

​

6. Your Rights

You have the right to:
 

  • Request access to your personal data

  • Request correction of inaccurate information

  • Request erasure of your data (subject to legal limitations)

  • Object to or restrict certain processing

  • Lodge a complaint with a supervisory authority
     

Requests must be made in writing. Identity verification may be required. A response will be provided within one month. There is no charge for reasonable requests.
 

Children and young people have the same data protection rights as adults.
 

7. International Transfers of Personal Information

Paper Plane Counselling Ltd is based in Aotearoa New Zealand. Your personal information is primarily stored and processed in Aotearoa New Zealand.

​

If you are located outside Aotearoa New Zealand, including in the United Kingdom, your personal information may be transferred to Aotearoa New Zealand in order for counselling services to be provided.

​

Aotearoa New Zealand is recognised by the United Kingdom as providing an adequate level of protection for personal data. This means personal data transferred from the United Kingdom to Aotearoa New Zealand is subject to safeguards considered comparable to those required under United Kingdom data protection law.

​

We may also use trusted third-party providers (such as secure email, website hosting platforms, booking systems, video conferencing services and payment processors) that store or process information outside Aotearoa New Zealand. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place.

​

8. Website and Online Services

When you visit www.paperplanecounselling.com:

​

Analytics

We use Google Analytics to collect anonymised information about how visitors use the website. This data does not identify individual users.

​

Website Hosting

Our website is hosted by Wix. Wix stores information submitted via contact forms and online booking systems.

​

Cookies

Our website may use cookies for functionality and analytics. Where required by law, consent will be requested before non-essential cookies are placed.

​

9. Payments and Financial Data

Online payments may be processed by Stripe or PayPal (if requested). Electronic bank transfers are processed via BNZ.

​

These providers process payment details necessary to complete transactions. Paper Plane Counselling Ltd does not store full card details.

​

An independent accountant prepares annual accounts and tax returns and has access to transaction records for this purpose.

​

10. Data Security

We take appropriate technical and organisational measures to protect your information, including:
 

  • Secure, password-protected devices

  • Two-factor authentication on email accounts

  • Encrypted email transmission

  • Password-protected attachments

  • Secure Google Workspace storage (To meet GDPR requirements, Google Workspace is set up so that client data is stored on servers located in Europe. Google’s Cloud Data Processing Addendum (CDPA) and the Google Workspace/Cloud Identity HIPAA Business Associate Amendment have both been accepted. These agreements set out Google’s responsibilities for protecting personal data.)

  • Locked storage for any paper records
     

Access to client information is restricted to Amy Mills and is only accessed on devices which are the sole property of either Paper Plane Counselling Limited or Amy Mills.

​

11. Confidentiality and Supervision

All counselling sessions are confidential. You can view our confidentiality policy

​

In accordance with professional ethical frameworks, Amy consults a qualified supervisor on a routine basis. Only anonymised themes are discussed. Supervisors do not have access to identifying information or written client records.

​

Supervision may take place in person or via secure video conferencing.

​

12. Exceptions to Confidentiality

Information may be disclosed without consent where:
 

  • There is risk of serious harm to you or others

  • A child or vulnerable adult is deemed to be at risk

  • Disclosure is required by law (e.g. court order)

  • There is knowledge of serious criminal activity
     

Where possible, this will be discussed with you beforehand unless doing so would increase risk.
 

Data may also be retained where required by legal, insurance or regulatory obligations.
 

13. Data Breaches

If a privacy breach occurs that is likely to result in risk to your rights and freedoms, we will:
 

  • Take immediate steps to contain and assess the breach

  • Notify affected individuals where required

  • Notify the appropriate supervisory authority in accordance with applicable law
     

In Aotearoa New Zealand, serious breaches are reported to the Office of the Privacy Commissioner.

In the United Kingdom (where applicable), relevant breaches are reported to the Information Commissioner's Office.
 

14. Complaints

If you have concerns about how your personal information has been handled, please contact Amy Mills in writing in the first instance so that the matter can be reviewed and addressed promptly.
 

If you are not satisfied with the response, you have the right to lodge a complaint with:
 

Aotearoa New Zealand:
Office of the Privacy Commissioner
www.privacy.org.nz
 

United Kingdom (where applicable):
Information Commissioner's Office
www.ico.org.uk
 

You may complain to the authority in the country where you are located.
 

15. UK Representation

Paper Plane Counselling Ltd is established in Aotearoa New Zealand and primarily provides services to clients located in Aotearoa New Zealand.

​

Although services are delivered online and may be accessible internationally, we do not specifically target or market services to individuals in the United Kingdom.

​

In light of this, we consider that the requirement under Article 27 of the UK General Data Protection Regulation to appoint a UK Representative does not currently apply.

​

This position will be reviewed if the nature or scope of our services changes.

​

16. Contact Details

If you have any questions about this Privacy Policy, please contact Amy Mills (Director of Paper Plane Counselling Ltd)

Terms of Use - Privacy

​

© 2026 Paper Plane Counselling

 Paper Plane Counselling Limited is a limited company registered in Aotearoa New Zealand (NZBN: 9429052819148)

bottom of page