Privacy & Cookie Policy
Last updated: 10/01/2026
This Privacy & Cookie Policy explains how Joanne Gilhooly (“I”, “me”, “my”) collects, uses, and protects personal data when you visit my website www.joannegilhooly.com
I am committed to respecting your privacy and handling personal data in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the ethical guidelines of the Irish Association for Counselling and Psychotherapy (IACP).
⸻
1. Data Controller
For the purposes of data protection law, the data controller is:
Practice name: Joanne Gilhooly
Profession: Psychotherapist
Professional body: Irish Association for Counselling and Psychotherapy (IACP)
Website: www.joannegilhooly.com
Email: joannegilhooly@gmail.com
Location: Ireland
⸻
2. What Personal Data I Collect
a) Email Contact
I do not use contact forms on this website.
Personal data is collected only if you choose to contact me directly by email.
This may include:
• Your name (if included)
• Your email address
• Any information you choose to share in your message
Please note that email is not a fully secure medium, and I encourage you to limit the amount of sensitive personal information shared in an initial enquiry.
Initial email contact does not constitute a therapeutic relationship.
⸻
b) Online Therapy Sessions (Zoom)
If you engage in online therapy sessions, I use Zoom as the video-conferencing platform.
This may involve the processing of:
• Your name and email address (to schedule sessions or send links)
• Audio and video data during sessions
• Technical data such as IP address and device information
Sessions are not recorded unless explicitly agreed in advance.
Zoom processes data in accordance with its own privacy and security policies and acts as a data processor for the purpose of providing video-conferencing services.
⸻
c) Invoicing and Receipts (Xero)
For administrative and accounting purposes, I use Xero to generate invoices and send receipts automatically by email.
This may involve the processing of:
• Your name
• Your email address
• Invoice and payment information
• Dates and amounts of payments
Xero processes this information solely for accounting, invoicing, and tax-related purposes and acts as a data processor in accordance with its own privacy policy.
No clinical notes or therapy content are stored in Xero.
⸻
d) Website Usage Data
Like most websites, limited technical data may be collected automatically, such as:
• IP address
• Browser type and version
• Pages visited and time spent on the site
This data is used for basic website functionality and performance and does not usually identify you personally.
⸻
3. How I Use Your Data
Personal data is used only to:
• Respond to enquiries
• Communicate about services
• Arrange and provide psychotherapy sessions (including online sessions via Zoom)
• Manage invoicing, payments, and receipts via Xero
• Meet legal, regulatory, and professional obligations
Your data is never used for marketing.
⸻
4. Lawful Basis for Processing (GDPR)
Under GDPR, I rely on the following lawful bases to process personal data:
• Consent – when you contact me or engage in therapy
• Legitimate interests – to manage my practice and provide services
• Contract – where processing is necessary for providing services (e.g. invoicing)
• Legal obligation – for accounting and tax purposes
You may withdraw consent at any time, subject to legal and professional responsibilities.
⸻
5. Confidentiality and Access to Data
• Only I, the psychotherapist, have access to email correspondence and client records
• Confidentiality is managed in line with IACP ethical guidelines
• Confidentiality may be broken only where legally or ethically required (e.g. risk of serious harm)
Administrative systems (such as invoicing) contain limited personal data only and no therapeutic content.
Full details regarding confidentiality are provided separately if a therapeutic relationship is established.
⸻
6. How Your Data Is Stored and Protected
Personal data may be stored in:
• Secure Gmail email correspondence
• Practice records (where applicable)
• Zoom systems during online sessions
• Xero accounting systems for invoicing and receipts
Safeguards include:
• Strong password protection
• Sole access by the therapist
• Use of reputable, GDPR-aware service providers
Personal data is retained only for as long as necessary to meet therapeutic, legal, and professional obligations.​
⸻
7. Cookies
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They help the website function properly and provide information about how the site is used.
⸻
Types of Cookies Used on This Website
This website uses the following categories of cookies:
Essential Cookies
These cookies are necessary for the website to function correctly. They enable core features such as page navigation and security. The website cannot function properly without these cookies.
Functional Cookies
These cookies allow the website to remember choices you make (such as language preferences or settings) and provide enhanced functionality and a more personalised experience.
Analytics Cookies
These cookies help me understand how visitors use the website by collecting information such as pages visited, time spent on the site, and traffic sources.
The information collected is used to improve the website and does not identify you personally.
Marketing Cookies
Marketing cookies may be used to track visitors across websites in order to display relevant or appropriate content and to understand the effectiveness of marketing efforts.
These cookies are only used where enabled and are not used to identify you personally.
⸻
Consent and Control
Where required by law, non-essential cookies (Functional, Analytics, and Marketing) are used only with your consent.
You can manage or withdraw your cookie preferences at any time through:
• The cookie banner on this website
• Your browser settings
Please note that disabling certain cookies may affect how the website functions.
⸻
Third-Party Cookies
Some cookies may be placed by third-party services used on this website (such as analytics or embedded content). These third parties process data in accordance with their own privacy policies.
⸻
8. Third-Party Services
I use trusted third-party services to operate my practice, including:
• Website hosting (Vistaprint)
• Email services (Gmail / Google)
• Video-conferencing services (Zoom)
• Accounting and invoicing services (Xero)
These providers process data in accordance with their own privacy policies and act as data processors where applicable.
No third party has access to therapy content beyond what is strictly necessary to provide the service.
⸻
9. Your Data Protection Rights
Under GDPR, you have the right to:
• Access personal data held about you
• Request correction of inaccurate data
• Request deletion of your data (where appropriate)
• Restrict or object to processing
• Withdraw consent at any time
• Lodge a complaint with the Data Protection Commission (Ireland)
To exercise any of these rights, please contact me at joannegilhooly@gmail.com
⸻
10. Changes to This Policy
This policy may be updated from time to time. The most current version will always be available on this website.
⸻
11. Contact
If you have any questions about this Privacy & Cookie Policy or how your data is handled, please contact:
Email: joannegilhooly@gmail.com
Practice name: Joanne Gilhooly
Location: Ireland
⸻
By using this website, you acknowledge that you have read and understood this Privacy & Cookie Policy.
⸻
​