top of page
Group_IX_SUW,_The_Swan_No_edited.jpg

Client Privacy Notice

Effective Date: From April 2025

I, Bruna Ferreira, am committed to creating a space where clients feel safe, respected, and supported. Protecting your personal information is an essential part of this commitment.

Contact Information

Name: Bruna Ferreira
Practice: Eye Inside Therapy
Phone: +44 (0)7476 876745
Email: contact@eyeinsidetherapy.com

What Data I Collect and Why

When you enquire about therapy or begin sessions, I collect only the information necessary to provide a safe, ethical, and effective service. This is done under the lawful basis of Legitimate Interests. This may include:

● Your name, email address, and phone number

● Personal information shared during sessions

● Notes on therapeutic interventions used (or intentionally not used)

● Communication records (emails, texts, WhatsApp)

● Relevant third-party information (e.g. GP letters, insurance communications). Some information shared in therapy may be considered ‘Special Category Data’ under UK GDPR, including information related to mental health. This information is processed only where necessary for the provision of psychotherapy services and handled with additional care and confidentiality.

How and Where Data is Stored

Your data is stored securely – digital and physical safeguards:
● Emails are stored on encrypted devices and GDPR-compliant cloud systems (e.g.
Dropbox);
● Messages are accessed only via fingerprint/code-protected mobile devices;
● Session notes are handwritten, coded, and kept in a locked filing cabinet;
● Payment records are managed through encrypted online platforms; card details are

never stored long-term.
These steps help protect the confidentiality and integrity of our work together.

Data Sharing and Disclosure

I will never share your personal information without your consent, unless:

● Required by law (e.g. serious safeguarding concerns);

● You have requested or consented to it (e.g. contacting your GP).

● My accountant may access anonymised financial records (e.g., PayPal summaries, bank statements), but no clinical or personal information is ever shared.

Data Retention

Records are kept for seven years after the end of therapy, in line with insurance and professional requirements. After that, paper notes are securely shredded, and digital files are permanently deleted.

Your Rights

Under GDPR, you have the right to:

 

● Access your records

● Request corrections to inaccurate information

● Request deletion of your information, unless I am legally required to retain it.

● Restrict or object to processing

● Request data portability. You can contact me at any time to exercise these rights, and I will respond within 30 days, where possible.

Data Breaches

If a serious data breach occurs, we would take appropriate steps in accordance with UK GDPR requirements, including notifying the relevant authorities and affected individuals within 72 hours where necessary.

Cookies and Website Use

● My website uses cookies to improve functionality and enhance the user experience.

● No personally identifiable information is collected through cookies.

● You can manage or disable cookies through your browser settings.

● Google Analytics may collect anonymised data to monitor website traffic, in line with GDPR standards.

bottom of page