Privacy policy

Overview

This privacy policy contains information concerning the recording and storage of your personal information. It aims to outline what personal information I need to collect from you before we begin psychotherapy, and sets out how I will look after your personal information and how long I will store it.

All the personal information I will collect from you through my website or via email will be used solely for the purpose of arranging to deliver therapeutic services, and will be held securely. I am committed to respecting and protecting your personal information; however, no communication across the internet is totally immune from risk. Although I will do my best to protect your information using industry-standard protocols and encryption, I cannot guarantee the security of personal information transmitted through my website or via email, nor do I accept liability for how data you divulge to third-party websites linked to my website may be used.

What is personal information?

The Data Protection Act 2018 (DPA) defines personal information as any information that can be used to identify a living individual. In order to assess whether I am able to offer you psychotherapy and work with you, I will require some personal information about you such as your full name, date of birth, residential address, email address, telephone number, and contact information for your GP.

What types of information will I collect about you?

Before committing to provide you with psychotherapy services, I will ask you to provide me with the following personal information: name, telephone number, address, availability, the psychological issues that you would like to address, and your symptoms. 

Once we have agreed that psychotherapy with me is right for you and your therapy commences, I will collect further information from you that may include: goals for therapy, previous therapy, current medication, previous criminal convictions, your support network, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, an overview of your family situation, and early memories of your caregivers.

What are the laws that protect your personal information?

The DPA and the General Data Protection Regulation (GDPR) state that all organisations that store personal information about people may only do so if the information is: processed lawfully, fairly and transparently; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept in a form that permits the identification of information subjects for no longer than is required for the purposes for which the personal information is processed; and processed in a manner that ensures appropriate security of the personal information.

As a British Association of Counselling and Psychotherapy (BACP) member, I abide by their Code of Practice and Ethics. I will collect your personal information solely to provide you with psychotherapy services and to collect related payments. 

Your data will not be used for marketing or other purposes. It will not be shared with any third parties. In exceptional circumstances and in order to protect life or in other situations stipulated by UK law, I may be required to pass your personal data to another person or organisation. 

How will I collect your personal information?

I will collect your personal information via my website (www.katiacastiglione.com), over the telephone, in writing, and in person during our meetings.

How will I handle your personal information?

I will handle your personal information in a way that is compliant with the DPA and the GDPR. Handling your personal information lawfully and properly is important to me.

How will I store your personal information?

I will store your personal information both electronically and physically. Personal information is stored electronically on password-protected devices, and in files that are further password-protected and only accessible by me. Data is stored physically using paper records held securely in locked storage in an anonymised format. These records are also only accessible by me. As required under the GDPR, your personal information will be stored no longer than is necessary.

Online services

Online sessions will be delivered via Zoom. Although Zoom is both GDPR and HIPAA compliant, affording the highest standard in security, no platform can be considered entirely immune from monitoring, particularly from state-sponsored operators.

Cookies

Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, so a website can provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

Your web browser should allow you to delete any you choose. It should also allow you to prevent or limit their use.