Privacy policy
Overview
This privacy policy explains how your personal information is collected, stored, and used. It outlines what information I need to gather before psychotherapy begins, how I look after your data, and how long it is kept.
All personal information collected through my website or via email is used solely for the purpose of arranging and delivering therapeutic services, and it is held securely. I am committed to respecting and protecting your personal data. However, no internet- based communication is totally free from risk. While I use industry-standard security protocols and encryption, I cannot guarantee the complete security of information transmitted via my website or by email, nor can I accept responsibility for how data is handled by third-party websites linked from my site.
What is Personal Information?
The Data Protection Act 2018 (DPA) defines personal information as any data that can be used to identify a living individual. To assess whether I am able to offer you psychotherapy, I will need certain personal details such as your full name, date of birth, address, email address, profession, telephone number, and contact details for your GP.
What Information Will I Collect?
Before we agree to begin psychotherapy, I may collect information including : your name, telephone number, address, availability, your profession, your GP details, the psychological issues that you would like to address, and your symptoms.
Once therapy begins, I may gather additional information relevant to the therapeutic process, such as: goals for therapy, previous therapy, current medication, previous criminal convictions, your support network, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, an overview of your family situation, and early memories of your caregivers.
The Laws That Protect Your Information
The DPA and the General Data Protection Regulation (GDPR) require that personal information must be processed lawfully, fairly and transparently; collected for specific and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and kept up to date where required; stored only for as long as necessary for its intended purpose; handled securely.
As a member of the British Association of Counselling and Psychotherapy (BACP), I adhere to their Code of Practice and Ethical Framework. I will only use your personal data solely to provide you with psychotherapy services and to collect related payments.
Your data will never be used for marketing or other purposes and will not be shared with any third parties. In exceptional circumstances, I may be required by law or to protect life to share information with another professional or organsisation.
How Is Your Information Collected?
I collect your personal information via my website (www.katiacastiglione.com), over the telephone, in written communication, and in person during our meetings.
How Is Your Information Handled?
I handle your personal information in accordance with the DPA and the GDPR. Protecting your data is an essential part of my professional practice.
How Is Your Information Stored?
Personal information is stored both electronically and in paper.
Electronic data is held on password- protected devices and within password-protected files accessible only to me.
Physical records are stored securely in locked storage and kept in anonymised format.
As part of ethical and clinical practice, I keep brief factual notes after each session. These are stored securely, used solely to support the therapeutic process, and are not shared expect, where necessary, in clinical supervision. Any supervision material is anonymised to protect your confidentiality.
Data Retention
Your personal information and clinical notes are kept for seven years after the end of therapy, in line with professional and legal requirements. After this period, all data is securely destroyed.
Online Services
Online sessions are delivered via Zoom. Although Zoom is both GDPR and HIPAA compliant and offers affordable high standard of security, no online platform can be considered entirely free from the possibility of monitoring, including by state-sponsored operators.
Video Recording
Only with your explicit written consent, I may make a video recording of the sessions for the sole purpose of professional development, therapist self-review, or clinical supervision. Any recording made will be stored securely in accordance with UK data protection laws and will be deleted once its intended purpose has been fulfilled. Video recordings are strictly for clinical use and are not available to clients to view, request or obtains copies of under any circumstances. Aside from sessions recorded, with prior written consent, all other video or audio recordings of sessions are strictly prohibited. Clients are not permitted to record sessions in any form.
How to Make a Complaint?
If you have concerns about how your data is handled please contact me directly.
Data Controller & ICO Registration
I am the data controller responsible for the personal information I collect and handle. I am registered with the ICO. If you have any questions about this policy or how your data is managed, please contact me directly.
Cookies
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, so a website can provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It should also allow you to prevent or limit their use.