Privacy Policy

New laws relating to General Data Protection Regulation (GDPR) came into effect from 25 May 2018. This document sets out how Dr Flavia Cigolla complies with these laws and how personal information collected about ‘you’, as a past, present, future service user (client or patient) is used.

Who keeps personal data

Dr Flavia Cigolla is the data controller for ‘Dr Flavia Cigolla’ Psychological Therapy. The ICO registration number is ZA568858. This means that she is responsible for data held and for keeping this data safe in line with the law.

Your rights

‘Dr Flavia Cigolla’ is committed to protecting your rights to privacy. They include:

• Right to be informed about what we do with your personal data
• Right to have a copy of all the personal information we process about you
• Right to rectification of any inaccurate data we process, and to add to the information we hold about you if it is incomplete
• Right to be forgotten and your personal data destroyed
• Right to restrict the processing of your personal data
• Right to object to the processing we carry out based on our legitimate interest

Reasons for collecting and processing information about you

Dr Flavia Cigolla may collect information about you because you are a client of hers. She has a legitimate interest in using the personal data and sensitive personal data collected to provide health care and treatment. The data collected is necessary to provide psychological therapy.
You might also be asked for information on how you sourced Dr Flavia Cigolla services for the purpose of anonymised marketing research. You can choose not to disclose this information if you wish. No information you provide is passed on without your consent. Dr Flavia Cigolla will never sell your information to others.

What type of personal data is collected and processed?

Dr Flavia Cigolla collects information about you that may include personal or sensitive information, such as:

• Personal information:
  
  

  Name or given name, family name or surname, address, telephone numbers, date of birth, age, telephone number, email address, video conference ID (if online therapy), GP contact details. If you are referred by your health insurance provider, solicitor, occupational health provider, or a case management company, Dr Flavia Cigolla will also collect and process personal data provided by that organisation. This includes referral information and health insurance policy number/solicitor, occupational health or case management company case reference number, and authorisation details for psychological treatment.
  
  

• Sensitive personal data:
  
  

  Therapy records (signed therapy client agreement) (therapist notes, letters, reports and/or outcome measures).

Web access collection of information

When you complete an online contact form Dr Flavia Cigolla will collect information about you and your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. Dr Flavia Cigolla always tries to minimise the amount of personal information that she requires to provide a specific service or feature. All web services used by ‘Dr Flavia Cigolla’ and ‘name of company’ are GDPR compliant.

How is my personal information used?

Dr Flavia Cigolla uses the information collected to:

• Provide services that you have requested from her.
• Process and account for payment for such services.

If you do not provide the personal information requested, then we may be unable to provide a therapy service to you.

Cookies, Analytics, and Remarketing

We use cookies and similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our website(s) are used and to customize our marketing offerings. Cookies are small text files that our website places on your computer’s hard drive. The information in cookies helps us improve your experience of using our website. None of our cookies contain any of your personally identifiable information.
If, after consenting to the use of cookies when you first visit our site you change your mind, then you should either not use our website, set your web browser to not accept cookies from Dr Flavia Cigolla’s website, or use your web browser’s anonymous browsing setting (this is called ‘Incognito’ in Google Chrome, ‘InPrivate’ in Internet Explorer and ‘Private Browsing’ in Firefox).
This site also uses Google Analytics which collects information about your browsing experience on our site by the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. This information is used in an anonymous way and not associated with a specific individual. You can read about Google’s Privacy Policy here You can opt out of Google Analytics advertising features here .

How your personal information is stored

Dr Flavia Cigolla takes your privacy very seriously. She is committed to taking all reasonable steps to protect any individual identifying information that you provide to her. Once we receive your data, she makes best efforts to ensure its security on our systems. All personal information provided is stored in compliance with EU General Data Protection Regulations rules.

How long your personal information is stored for

Dr Flavia Cigolla does not keep your data for longer than is necessary. Basic contact information held on a therapist’s mobile phone is deleted within 6 months of the end of therapy and the sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year. Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible.

Who we might share personal information with

Dr Flavia Cigolla holds information about her clients and the therapy they receive in confidence. However, in some circumstances she may need to share information and liaise with other parties, as outlines below:

• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. She may also share information with that organisation to provide treatment updates if they request it or if you wish for Dr Flavia Cigolla to apply for extra treatment sessions over and above those already funded.
• In cases where treatment has been instructed by a solicitor or a case management company or rehabilitation agency, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

In exceptional circumstances, Dr Flavia Cigolla might need to share personal information with relevant authorities:

• When there is need-to-know information for another health provider, such as your GP.
• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
• When the information concerns risk of harm to the client, or risk of harm to another adult or a child. She will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.

What we will NOT do with your personal information

We will not share your personal information with third-parties for marketing purposes or any unauthorised reason

How we ensure the security of personal information

Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected.
Dr Flavia Cigolla uses Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
Personal information is stored on one laptop. This is password and fingerprint protected and only accessed by Dr Flavia Cigolla. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/thumbprint scanner and mobile security.
All information recorded on paper will be securely stored in a locked filing cabinet. If this is transported outside of the office, it will remain in the confidential care of Dr Flavia Cigolla at all times.
Letters sent by surface mail (e.g. to GPs), will be clearly marked Private and Confidential.

Your right to access the personal information we hold about you

• You have a right to access the information we hold about you
• This will usually be shared with you within 30 days of receiving request.
• There may be an admin fee for supplying the information to you.
• Further evidence from you to check your identity might be requested.
• A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
• You have a right to get your personal information corrected if it is inaccurate.
• You can complain to a regulator. If you think that Dr Flavia Cigolla has not complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO).

Dr Flavia Cigolla reserves the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) [1] and The Health and Care Professions Council (HCPC; 2017) [2].
More information can be found at the following weblink: https://ico.org.uk/

[1] The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
[2] Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.