top of page
Group_IX_SUW,_The_Swan_No_edited.jpg

Client Privacy Notice

Effective Date: From April 2025

I, Bruna Ferreira, am committed to creating a space where clients feel safe, respected, and supported. Protecting your personal information is an essential part of this commitment.

Contact Information

Name: Bruna Ferreira
Practice: Bruna Ferreira – Integrative Psychotherapy (sole trader)
Phone: +44 (0)7476 876745
Email: bruna@eyeinsidetherapy.com

ICO:  ZB956994 

What Data I Collect and Why

When you enquire about therapy or begin sessions, I collect only the information necessary to provide a safe, ethical, and effective service. This may include:

  • Your name, email address, and phone number

  • Personal information shared during sessions

  • Notes on therapeutic interventions used (or intentionally not used)

  • Communication records (emails, texts, WhatsApp)

  • Relevant third-party information (e.g., GP letters, insurance communications)

Some information shared in therapy may be considered ‘Special Category Data’ under UK GDPR (e.g., mental health information). I process this under Article 9(2)(h) of UK GDPR – provision of health care by a health professional – and Schedule 1, Part 1(2) of the Data Protection Act 2018.

How and Where Data is Stored

Your data is stored securely – digital and physical safeguards:


● Emails are stored on encrypted devices and GDPR-compliant cloud systems (e.g.
Dropbox);
● Messages are accessed only via fingerprint/code-protected mobile devices;
● Session notes are handwritten, coded, and kept in a locked filing cabinet;
● Payment records are managed through encrypted online platforms; card details are

never stored long-term.


These steps help protect the confidentiality and integrity of our work together.

Lawful Basis


For most client data, I rely on Legitimate Interests (to provide therapy services). For special-category data, I rely on the health care provision condition described above.

Data Sharing and Disclosure

I will never share your personal information without your consent, unless:

  • Required by law (e.g., serious safeguarding concerns – see my Therapy Agreement for confidentiality limits)

  • You have requested or consented (e.g., contacting your GP)

  • I discuss anonymised aspects of our work with my clinical supervisor for professional oversight – no identifiable information is shared without your explicit consent, except in safeguarding situations.

 

My accountant may access anonymised financial records (e.g., PayPal summaries), but no clinical or personal information is ever shared.

Data Retention

Records are kept for seven years after the end of therapy, in line with insurance and professional requirements. After that, paper notes are securely shredded, and digital files are permanently deleted.

Your Rights

Under GDPR, you have the right to:

 

● Access your records

● Request corrections to inaccurate information

● Request deletion of your information, unless I am legally required to retain it.

● Restrict or object to processing

● Request data portability. You can contact me at any time to exercise these rights, and I will respond within 30 days, where possible.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

Data Breaches

If a serious data breach occurs, we would take appropriate steps in accordance with UK GDPR requirements, including notifying the relevant authorities and affected individuals within 72 hours where necessary.

Cookies and Website Use

  • My website uses cookies to improve functionality.

  • No personally identifiable information is collected through cookies.

  • You can manage or disable cookies via your browser settings.

  • Google Analytics may collect anonymised data to monitor website traffic, in line with GDPR standards.

bottom of page