Privacy policy
Overview
This privacy policy explains how your personal information is collected, stored, and used. It outlines what information I need to gather before psychotherapy begins, how I look after your data, and how long it is kept.
All personal information collected through my website or via email is used solely for the purpose of arranging and delivering therapeutic services, and it is held securely. I am committed to respecting and protecting your personal data. However, no internet- based communication can be guaranteed to be completely secure. While I use industry-standard security protocols and encryption, I cannot guarantee the complete security of information transmitted via my website or by email, nor can I accept responsibility for how data is handled by third-party websites linked from my site.
What is Personal Information?
The Data Protection Act 2018 (DPA) defines personal information as any data that can be used to identify a living individual. To assess whether I am able to offer you psychotherapy, I will need certain personal details such as your full name, date of birth, address, email address, profession, telephone number, and contact details for your GP.
What Information Will I Collect?
Before we agree to begin psychotherapy, I may collect information including: your name, telephone number, address, availability, your profession, your GP details, the psychological issues that you would like to address, and your symptoms.
Once therapy begins, I may gather additional information relevant to the therapeutic process, such as: goals for therapy, previous therapy, current medication, previous criminal convictions, your support network, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, an overview of your family situation, and early memories of your caregivers.
The Laws That Protect Your Information
The DPA and the General Data Protection Regulation (GDPR) require that personal information must be processed lawfully, fairly and transparently; collected for specific and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and kept up to date where required; stored only for as long as necessary for its intended purpose, and handled securely.
As a member of the British Association of Counselling and Psychotherapy (BACP), I adhere to their Code of Practice and Ethical Framework. I will only use your data solely to provide you with psychotherapy services and to collect related payments.
Your data will never be used for marketing or other purposes and will not be shared with any third parties. In exceptional circumstances, I may be required by law or to protect life to share information with another professional or organisation.
How Is Your Information Collected?
I collect your personal information via my website (www.katiacastiglione.com), over the telephone, in written communication, and in person during our meetings.
How Is Your Information Handled?
I handle your personal information in accordance with the DPA and the GDPR. Protecting your data is an essential part of my professional practice.
How Is Your Information Stored?
Personal information is stored both electronically or in hard-copy format.
Electronic data is held on password- protected devices and within password-protected files accessible only to me.
Physical records are stored securely in locked storage and kept in anonymised format.
As part of ethical and clinical practice, I keep brief factual notes after each session. These are stored securely, used solely to support the therapeutic process, and are not shared except, where necessary, in clinical supervision. Clinical supervision is a professional requirement designed to ensure safe and effective practice. Supervisors are themselves bound by professional and ethical duties of confidentiality.
Data Retention
Your personal information and clinical notes are kept for seven years after the end of therapy, in line with professional and legal requirements. After this period, all data is securely destroyed.
Online Services
Online sessions are delivered via Zoom. Although Zoom is both GDPR and HIPAA compliant and offers a high standard of security, no online platform can be considered entirely free from the possibility of monitoring, including by state-sponsored operators.
Video Recording
Only with your explicit written consent, I may make a video recording of a therapy session for the purposes of professional development, therapist self- reflection, or clinical supervision. Any recording will be stored securely in accordance with UK data protection legislation and will be deleted once its intended purpose has been fulfilled. Video recordings are used solely for clinical and professional purposes and will not be made available to clients or any third party, expect where required by law. To protect the confidentiality and integrity of the therapeutic process, clients are not permitted to make audio or video recordings of sessions.
How to Make a Complaint?
If you have concerns about how your data is handled, please contact me directly in the first instance so that I can try to resolve the matter. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Data Controller & ICO Registration
I am the data controller responsible for the personal information I collect and handle. I am registered with the ICO. If you have any questions about this policy or how your data is managed, please contact me directly.
Cookies
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, so a website can provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It should also allow you to prevent or limit their use.