Data Retention Policy

Purpose

This Data Retention Policy outlines how The Bridge Counselling Pte Ltd (the “Practice”, “we”, “us”, or “our”) collects, retains, manages, and disposes of client records and personal data. The aim is to ensure that all information is handled responsibly, with care for confidentiality, and in accordance with the Personal Data Protection Act (PDPA) of Singapore, as well as accepted professional standards within counselling and psychotherapy practice.

Maintaining appropriate records supports continuity of care, ethical practice, and accountability, while also protecting the privacy and rights of clients.

Scope

This policy applies to all personal data and client-related information collected, used, disclosed, or stored by us.

This includes, but is not limited to:

  • Client intake forms and administrative records

  • Session notes and clinical documentation

  • Contact details and communication records (email, phone, messaging)

  • Appointment and billing information

  • Any information shared verbally during counselling sessions that is documented as part of the client record

  • Digital data stored on secure systems and physical paper records

This policy applies to all staff, contractors, and any authorised parties who may handle such information.

Retention Period

Client records and personal data are typically retained for a period of 7 to 10 years from the date of the last interaction or session.

This retention period is based on commonly accepted professional guidelines and allows for:

  • Ongoing or future therapeutic support if a client returns

  • Administrative reference and continuity of care

  • Responding to enquiries, complaints, or requests for information

  • Compliance with legal, regulatory, or professional obligations

Where relevant, retention periods may vary depending on the nature of the service provided or specific legal requirements.

Disposal and Anonymisation

At the end of the retention period, all client records and personal data are handled in a manner that ensures they cannot be reconstructed, accessed, or misused.

This may include:

  • Secure shredding of physical documents

  • Permanent deletion of electronic files from all storage systems and backups

  • Anonymisation of data where appropriate, so that it can no longer be linked to an identifiable individual

All disposal processes are carried out with care to maintain confidentiality and prevent unauthorised access.

Exceptions to Retention Periods

In certain circumstances, we may retain or dispose of data outside of the standard timeframe. These situations may include:

  • When there are legal or regulatory requirements mandating longer retention

  • Where a client has provided explicit consent for a different retention duration

  • If records are required for ongoing or anticipated legal proceedings

  • Where there are legitimate professional or clinical reasons to retain information for a longer period

Any such exceptions are considered carefully and handled in line with applicable laws and ethical standards.

Data Security and Protection

Client confidentiality is a core part of the therapeutic process. All personal data is stored and managed using appropriate safeguards to prevent loss, misuse, unauthorised access, or disclosure.

Security measures may include:

  • Secure digital storage systems with restricted access

  • Password protection and user authentication controls

  • Encryption of sensitive data where applicable

  • Regular data backups to prevent loss

  • Controlled handling of physical records

Access to client information is limited only to authorised individuals who require it for legitimate professional purposes.

Accuracy and Minimisation

Reasonable steps are taken to ensure that personal data collected is accurate, relevant, and not excessive in relation to its purpose. Information is only retained for as long as necessary to fulfil its intended use.

Clients may request corrections to their personal data where appropriate, subject to legal and professional considerations.

Policy Review and Updates

This policy is reviewed periodically to ensure that it remains aligned with current legislation, professional standards, and operational practices.

Updates may be made from time to time, and the latest version will be made available where appropriate.

Compliance and Responsibility

All our are required to comply with this policy when handling client records and personal data.

Failure to adhere to this policy may result in appropriate action, depending on the nature and severity of the breach.

Contact Information

If you have any questions, concerns, or requests relating to your personal data or this policy, you may contact:

Data Protection Officer
The Bridge Counselling Pte Ltd
Email: dpo@thebridgecounselling.com.sg

Bridge WhatsApp
The Bridge Counselling Online
Hello! How can we help you today? 👋