This is not an emergency service. If you are at immediate risk, call 999 or go to A&E.

Privacy Policy

Last updated: February 2026

This Privacy Policy explains how Dr Giulia Neri ("I", "me", "my") collects, uses, and protects your personal information when you use this website or contact me about psychological therapy services.

1. Who I am

Dr Giulia Neri — HCPC Registered Practitioner Psychologist (Clinical Psychologist), BABCP Accredited CBT Therapist. Practice location: Remote/online (UK).

2. What information I collect

When you use the contact form on this website, I collect:

  • Your name, email address, and phone number
  • The nature of your enquiry (selected from a dropdown)
  • Any message you choose to send (please do not include sensitive clinical details)
  • Your consent records (date and time you gave consent)

I also collect standard technical data automatically: IP address, browser type, pages visited, and time of visit. This is used only for website security and performance monitoring.

3. Lawful basis for processing (UK GDPR)

Your personal data is processed on the basis of legitimate interests (Article 6(1)(f) UK GDPR) — specifically, to respond to your enquiry and manage the booking process. Where health-related information is involved in the course of therapy, processing is carried out under Article 9(2)(h) — the provision of health care services — under professional confidentiality obligations.

4. How I use your information

  • To respond to your enquiry and arrange a free introductory call
  • To manage the booking and administrative process
  • To comply with professional and legal obligations
  • To maintain appropriate clinical records (if therapy proceeds)

I do not use your data for marketing, and I do not sell or share your data with third parties except as described below.

5. Who I share your information with

  • Payment processors (e.g., Stripe) — for processing session fees
  • Secure platform providers — for delivering online sessions
  • Professional supervisor — using anonymised/pseudonymised details only
  • Emergency services or safeguarding authorities — where required by law or to protect life
  • Legal authorities — where required by law or court order

I do not sell your personal data.

6. International transfers

Where any service I use stores data outside the UK, I ensure appropriate safeguards are in place in accordance with UK adequacy regulations or approved contractual measures.

7. How long I keep your information

  • Enquiry data (contact form): retained for 12 months from last contact, then securely deleted
  • Clinical records (if therapy proceeds): retained for 8 years after the last contact, unless a longer period is required by law
  • Administrative records: retained for appropriate accounting and legal periods

8. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data (subject access request)
  • Correct inaccurate data
  • Request deletion ("right to be forgotten") in certain circumstances
  • Restrict or object to processing in certain circumstances
  • Data portability (where applicable)
  • Complain to the UK Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, please contact me directly.

9. Cookies

This website uses only technically necessary cookies required for it to function. Please see the Cookie Policy for full details.

10. Security

I take appropriate technical and organisational measures to protect your personal data, including encryption, secure access controls, and multi-factor authentication on all systems used to store your information.

11. Contact

For any privacy-related questions or to exercise your rights, please contact me via the contact form on this website.

If you are not satisfied with my response, you have the right to complain to the ICO: ico.org.uk | 0303 123 1113.