New laws relating to General Data Protection Regulation (GDPR) came into effect from 25 May 2018. This document sets out how Dr Flavia Cigolla complies with these laws and how personal information collected about ‘you’, as a past, present, future service user (client or patient) is used.
Dr Flavia Cigolla is the data controller for ‘Dr Flavia Cigolla’ Psychological Therapy. The ICO registration number is ZA568858. This means that she is responsible for data held and for keeping this data safe in line with the law.
‘Dr Flavia Cigolla’ is committed to protecting your rights to privacy.
Dr Flavia Cigolla may collect information about you because you are a
client of hers. She has a legitimate interest in using the personal
data and sensitive personal data collected to provide health care and
treatment. The data collected is necessary to provide psychological
You might also be asked for information on how you sourced Dr Flavia Cigolla services for the purpose of anonymised marketing research. You can choose not to disclose this information if you wish. No information you provide is passed on without your consent. Dr Flavia Cigolla will never sell your information to others.
Dr Flavia Cigolla collects information about you that may include
personal or sensitive information, such as:
Name or given name, family name or surname, address, telephone
numbers, date of birth, age, telephone number, email address,
video conference ID (if online therapy), GP contact details.
If you are referred by your health insurance provider,
solicitor, occupational health provider, or a case management
company, Dr Flavia Cigolla will also collect and process
personal data provided by that organisation. This includes
referral information and health insurance policy
number/solicitor, occupational health or case management
company case reference number, and authorisation details for
Therapy records (signed therapy client agreement) (therapist notes, letters, reports and/or outcome measures).
When you complete an online contact form Dr Flavia Cigolla will collect information about you and your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. Dr Flavia Cigolla always tries to minimise the amount of personal information that she requires to provide a specific service or feature. All web services used by ‘Dr Flavia Cigolla’ and ‘name of company’ are GDPR compliant.
Dr Flavia Cigolla uses the information collected to:
If you do not provide the personal information requested, then we may be unable to provide a therapy service to you.
identifiers in order to remember your preferences, to understand how
our website(s) are used and to customize our marketing offerings.
Cookies are small text files that our website places on your
computer’s hard drive. The information in cookies helps us improve
your experience of using our website. None of our cookies contain any
of your personally identifiable information.
Dr Flavia Cigolla takes your privacy very seriously. She is committed to taking all reasonable steps to protect any individual identifying information that you provide to her. Once we receive your data, she makes best efforts to ensure its security on our systems. All personal information provided is stored in compliance with EU General Data Protection Regulations rules.
Dr Flavia Cigolla does not keep your data for longer than is necessary. Basic contact information held on a therapist’s mobile phone is deleted within 6 months of the end of therapy and the sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year. Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible.
Dr Flavia Cigolla holds information about her clients and the therapy
they receive in confidence. However, in some circumstances she may
need to share information and liaise with other parties, as outlines
In exceptional circumstances, Dr Flavia Cigolla might need to share personal information with relevant authorities:
We will not share your personal information with third-parties for marketing purposes or any unauthorised reason
Personal information is minimised in phone and email communication.
Sensitive personal data will be sent to clients in an email attachment
that is password protected.
Dr Flavia Cigolla uses Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
Personal information is stored on one laptop. This is password and fingerprint protected and only accessed by Dr Flavia Cigolla. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/thumbprint scanner and mobile security.
All information recorded on paper will be securely stored in a locked filing cabinet. If this is transported outside of the office, it will remain in the confidential care of Dr Flavia Cigolla at all times.
Letters sent by surface mail (e.g. to GPs), will be clearly marked Private and Confidential.
Dr Flavia Cigolla reserves the right to refuse a request to delete a
client’s personal information where this is therapy records. Therapy
records are retained for a period of 7 years in accordance with the
guidelines and requirements for record keeping by The British
Psychological Society (BPS; 2000)  and The Health and Care
Professions Council (HCPC; 2017) .
More information can be found at the following weblink: https://ico.org.uk/
 The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
 Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.