top of page
Privacy Policy

Thank you for checking out the privacy policy.

I, Giorgia Garozzo, am committed to handling your information in a responsible, secure way while you use our website and services.

I want you to feel safe reaching out, and to know that anything you share with us is treated with care and confidentiality. This policy sets out how we collect and process data via our website and as part of the services we provide.

I encourage you to read this policy alongside any other privacy notices we might provide, so you're fully informed about how and why we use your personal information.

 

Who’s in charge of your data?

The data controller is myself, Giorgia Garozzo, operating under UK GDPR and the guidance of the Information Commissioner’s Office (ICO).

Contact:
Email: Giorgia.garozzo11@gmail.com
Phone: 7898745090

If you are not happy with something, I hope you’ll talk to me first so we can resolve it. But you always have the right to contact the Information Commissioner’s Office (ICO): www.ico.org.uk

 

What type of data do I collect?

I may collect and store the following types of personal data:

  • First and last name, title

  • Phone number, email address

  • Address

  • Mental health history, relevant medical information, medications

  • Notes or records from sessions

  • IP address, browser type, operating system, time zone

  • How you interact with our website

  • Any information you voluntarily submit through our contact forms or discussions

  • Transactional and communication history (e.g., emails)

How we collect your data

We collect personal data when you:

  • Fill out the contact form on our website

  • Send us an email or call us

  • Attend sessions or provide information during onboarding

  • Use our website (including cookies – see our [Cookie Policy])

  • Respond to feedback requests or surveys

I may also use tools like Google Analytics to understand how users interact with our website.

 

Where your data is stored and processed

I use Google Workspace to manage client communication and session notes. This includes:

  • Google Drive (to securely store therapy notes)

  • Gmail (to respond to enquiries)

  • Google Meet (for video sessions)

Google stores data across a network of global data centers, including those in the EU and the United States.While this may involve transferring data outside the UK, Google has committed to data protection standards in line with UK GDPR:

  • Google is certified under the UK-US Data Bridge, which allows for lawful transfers of UK personal data to the US

  • Google also uses Standard Contractual Clauses (SCCs) to protect data in transit

All your data is secured using two-factor authentication, encrypted systems, and access controls.

 

How long do I keep your data?

  • Initial enquiries are deleted after 6 months if no working relationship begins

  • Client records are retained securely for [e.g., 5 years] after therapy ends, in line with professional and legal requirements

Your rights under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of your data (where appropriate)

  • Object to processing or request restriction

  • Withdraw consent at any time (this won’t affect processing done up to that point)

  • Lodge a complaint with the ICO

Want to talk about it? Feel free to contact me at Giorgia.garozzo11@gmail.com

 

What happens if you don’t provide your data?

If we need to collect certain personal data by law, or under the terms of our working agreement, and you choose not to provide that data, we may not be able to offer our services to you. For example, we may not be able to schedule sessions or keep appropriate clinical records. If this affects you, we’ll explain the situation clearly at the time.

 

Why do I use your personal data?

  • I use your data for the following purposes:

  • To register you as a new client

  • To assess suitability for psychological services

  • To schedule, deliver, and review therapy sessions

  • To keep appropriate records, as required by professional and legal guidelines

  • To manage payments and invoicing, if applicable

  • To communicate with you about appointments, updates, or changes in services

  • To respond to your enquiries

  • To meet legal, regulatory, or professional obligations

  • To improve our website, services, and client experience through usage data

I do not use your personal data for marketing, advertising, or commercial profiling unless you have explicitly opted in.

 

What lawful bases do I rely on?

Under UK GDPR, we only use your personal data when we have a lawful basis for doing so. These include:

  • Consent – for processing health-related data (Special Category Data)

  • Performance of a contract – for providing psychological services

  • Compliance with legal obligations – such as recordkeeping or safeguarding concerns

  • Legitimate interests – for managing the business aspects of the practice, in ways that don’t override your rights

Some data may fall under more than one of these categories. If you'd like to know more about which basis applies in your situation, feel free to get in touch.

Do I use your data for marketing purposes?

I do not routinely use personal data for marketing purposes. However, if we ever send you relevant updates or communications (such as resources or service announcements), you can opt out at any time by clicking ‘unsubscribe’ or contacting us directly.

The legal basis for sending any such communications is either your explicit consent or our legitimate interest (for example, to inform existing clients about new services that may benefit them). I will always respect your communication preferences.

 

Do I use third-party links?

My website may include links to third-party websites, plug-ins, or tools. Clicking on those links may allow those third parties to collect data about you. Please note that we do not control these third-party websites and are not responsible for their privacy practices. We recommend reading their privacy policies before providing any personal data.

 

Do I ever share your personal data?

I treat your data with the highest confidentiality. However, I may need to share it with trusted third parties, under strict privacy conditions, including:

  • IT and cloud service providers (e.g., Google Workspace)

  • Professional advisers (such as clinical supervisors, legal or financial consultants)

  • Insurance providers (if you are referred through an insurer)

  • Healthcare professionals, such as your GP or other care providers — only with your consent, unless there is serious risk involved

  • Supervision: As required by professional standards (e.g., HCPC), we discuss client work in supervision to ensure safe and ethical practice. Only your first name or initials are used, and identifying details are minimised

  • Authorities or legal bodies, when we are required to disclose information by law (e.g., safeguarding concerns, court orders, HMRC)

  • Debt collection services, if fees remain unpaid and no resolution is reached

All third parties we work with are contractually obligated to safeguard your data and only process it on our instructions.

 

Do I transfer your data internationally?

Yes — because I use Google Workspace (including Google Drive, Gmail, and Meet) to manage client information and communication. As a result, your data may be stored or processed on servers located outside the United Kingdom, including in the United States and EU countries.

To ensure your data remains protected:

  • Google is certified under the UK Extension to the EU-US Data Privacy Framework, which allows lawful transfer of UK personal data to the US

  • I have accepted Standard Contractual Clauses (SCCs) and a Data Processing Agreement (DPA) with Google, which further ensure compliance with UK GDPR

I do not otherwise transfer your data outside the UK/EEA unless required for service delivery, and only under lawful safeguards.

 

How secure is your data with us?

I take data security seriously. Your personal data is stored using secure, encrypted systems with strict access controls, including:

  • Password protection and two-factor authentication

  • Encryption of data in transit and at rest (Google’s infrastructure)

  • Limited access to your data only by those with a professional need to know

In the unlikely event of a personal data breach, we have procedures in place to respond promptly and will notify you and any applicable authority when legally required.

How long do I keep your data?

I only retain your data for as long as necessary. Retention periods include:

  • Client records: 7 years after the end of treatment (for adults), or until the child’s 25th birthday (for minors), in line with clinical and legal guidance

  • Basic client data (e.g., contact and billing details): kept for 6 years for tax and accounting compliance

  • Initial enquiries (if no working relationship begins): deleted after 6 months

For data that falls outside these categories, we assess the appropriate retention period based on legal, clinical, and ethical obligations.

 

What are your legal rights?

Under the UK GDPR, you have the right to:

  • Access – Request a copy of the personal data we hold about you

  • Correction – Ask us to fix incomplete or inaccurate data

  • Erasure – Request that we delete your data (where legally possible)

  • Objection – Object to processing in certain cases

  • Restriction – Ask us to temporarily stop processing your data

  • Portability – Request transfer of your data to another provider

  • Withdraw consent – If you previously gave consent, you can withdraw it at any time (this won’t affect past lawful processing)

I do not charge for exercising your rights unless a request is clearly excessive or repetitive. I aim to respond within one month, and will keep you updated if we need more time.

 

Changes and Contact

We review our privacy policy regularly. Please let us know if your personal data changes so we can keep your information up to date.If you have questions or want to exercise any of your rights, you can contact me at: Giorgia.garozzo11@gmail.com
 

Thank you for trusting me with your information.

bottom of page