Privacy Policy

This privacy policy explains how I collect, use, store and protect your personal information when you contact me, use my website, or engage in therapy, supervision or other professional services with me.

Your privacy is important to me. I aim to handle your personal information respectfully, securely, and in line with UK data protection law, including the UK GDPR and Data Protection Act 2018.

Data Controller

The data controller for this practice is:

Ioana Dulcu Therapy Clinic
Website: www.ioanadulcu.com
Email: hello[@]ioanadulcu.com

If you have any questions about how your information is handled, please feel free to contact me.

What information I collect

The information I collect will depend on the nature of our contact and work together. This may include:

  • your name, email address, telephone number and contact details;
  • information shared through enquiry forms, emails, messages or consultations;
  • information relevant to therapy, supervision or assessment work;
  • health or wellbeing information you choose to share;
  • GP details or information received through referral, where relevant;
  • payment information relating to sessions or services.

I only collect information that is reasonably needed for providing therapy, managing my practice, meeting professional responsibilities, or responding to enquiries.

My practice currently provides therapy and related professional services to adults aged 18 and over.

How I use your information

I use personal information for purposes such as:

  • responding to enquiries;
  • arranging appointments and managing communication;
  • providing therapy, supervision or related professional services;
  • keeping appropriate clinical records;
  • meeting legal, ethical, professional, insurance or safeguarding obligations;
  • managing payments and practice administration.

Lawful basis for processing your information

Under UK GDPR, therapists must have a lawful basis for using personal information.

Where therapy or professional services are provided, my lawful basis will usually be contract, meaning that processing your information is necessary in order to provide the service we have agreed.

Because therapy work often involves sensitive or health-related information, I process this information in line with the legal provisions that apply to therapeutic and healthcare-related professional work.

In some circumstances, I may also rely on legitimate interests for activities connected with running a safe and effective professional practice, such as record keeping, supervision, administration, or responding to legal or regulatory requirements.

Confidentiality and professional supervision

Confidentiality is a central part of therapeutic work and I treat personal information with care and respect.

However, confidentiality is not absolute. There are legal and ethical situations in which information may need to be shared, for example where there are serious safeguarding concerns, significant risk of harm, legal obligations, or court requirements.

These limits to confidentiality are explained at the beginning of therapy and may be discussed again if needed.

To support safe and ethical practice, I undertake regular professional supervision. Client work may be discussed confidentially within supervision for professional support and clinical reflection. Wherever possible, identifying information is minimised.

Records, storage and retention

I keep records appropriate to the work being provided. Records are kept accurately, securely, and in line with professional and ethical requirements.

These may include contact details, administrative information, brief clinical notes, assessment information, correspondence, and records relating to sessions.

Personal information and clinical records are stored securely using password-protected and/or encrypted systems. Reasonable steps are taken to protect information from loss, unauthorised access, misuse or disclosure.

If we do not proceed with therapy after an initial enquiry or consultation, I will normally delete your information within three months, unless there is a professional, legal or administrative reason to retain it for longer.

If you engage in therapy or supervision with me, records are generally retained for seven years after the end of our work together, in line with professional, insurance and good practice considerations. After this period, records are securely deleted or destroyed.

Communication and electronic contact

I may communicate with clients by email, telephone or WhatsApp for practical matters such as appointments, scheduling, cancellations, or brief administrative communication.

Whilst reasonable steps are taken to protect privacy, electronic communication carries some inherent security risks. For this reason, I encourage clients to consider what information they choose to share electronically.

Online sessions and Zoom

Most of my work is carried out online using Zoom.

I take reasonable steps to support privacy and security when working online, including the use of password protection, waiting room features and available encryption settings.

Sessions are not recorded unless this has been openly discussed and explicitly agreed in advance.

Clients are encouraged, where possible, to attend sessions from a private and appropriate environment.

Technology can occasionally fail. If this happens, we will make reasonable attempts to reconnect or agree an alternative arrangement.

Third-party services

In order to run my practice safely and effectively, I use a small number of third-party service providers, such as email providers, Zoom, banking services, and secure technology platforms.

These providers may process limited personal information where necessary for delivering services, communication, payments, data storage, or practice administration.

Some providers may process information outside the UK or EEA. Where relevant, I aim to use services that have appropriate privacy and security measures in place.

I do not sell personal information or share it for marketing purposes.

Payment information

Payments for therapy or professional services are usually made by bank transfer.

Payment information is used only for arranging, receiving and recording payments connected with professional services.

Your rights regarding your personal information

Under UK data protection law, you have rights relating to your personal information. These may include the right to access your information, request corrections to inaccurate information, ask for restriction of processing in some circumstances, object to certain types of processing, or request deletion of information where appropriate.

Please note that professional, legal, safeguarding, insurance or regulatory responsibilities may sometimes mean that information cannot be deleted immediately or in full.

If you have questions or concerns about how your information is handled, I encourage you to contact me first so that we can try to resolve the issue.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters.
Website: www.ico.org.uk
Telephone: 0303 123 1113

Website and cookies

This website uses essential cookies necessary for its functioning, security and basic operation.

Cookies are small files placed on your device which help websites work properly and improve user experience.

You can usually control or disable cookies through your browser settings if you prefer.

This website may contain links to external websites. Although care is taken when linking to external resources, I am not responsible for the content, privacy practices or security of third-party websites.

Changes to this privacy policy

This privacy policy may occasionally be updated to reflect changes in professional practice, legal requirements, or the services offered through this practice.

The most recent version will always be available on this website.

If you have any questions about this privacy policy or how your personal information is handled, please feel free to contact me.