top of page

Privacy Policy

Maria Varallo
Contact:  info@mariavarallo.co.uk

Effective from: 15th June 2025 · Version: 2.0

​

This explains what I collect, why I collect it, how I use and store it, how long I keep it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

​

What I collect - 

  • Your name, email, phone, and your message.

  • Your contact details, any accessibility needs, agreement form, invoices and payment records.

  • Records of dates of our meetings, attendance and brief session/meeting notes.

​​

I aim to collect only what is necessary. At the end of all our meetings or programs, I shred all notes.

Why I collect it (purposes) and lawful bases -

  • Responding to enquiries and arranging appointments. 

  • Providing coaching and keeping appropriate records – necessary to deliver an excellent service as a professional, I’m also bound by confidentiality. 

  • Business operations  - to ensure I am running a safe and effective business. Where I use Legitimate Interests, I have balanced your rights and expectations against my interests and found the impact on you to be low.

​

Who receives your data -

  • I may share material, stories from and about clients with my supervisor - always anonymised to maintain confidentiality and for my professional development.

  • Service providers – secure email, website hosting/forms, cloud storage, and video‑conferencing, usually Teams. I do not sell your data.

  • Only when necessary with your explicit consent, to protect you or others from serious harm, or when required by law or a court order. Where possible, I will discuss this with you first.

​

How long I keep your data (retention) -

  • Adult client records: until the end of our program of meetings.

  • Enquiries that do not proceed: up to 3 months, then deleted.

  • Financial records: 6 years to meet legal requirements. This may be extended if a legal claim is in progress. When a period ends, I securely delete or shred the data.

​​

Your rights

You have the right to access your data, rectify inaccuracies, erase data in certain circumstances, restrict or object to processing. To exercise a right, contact me using the details above; I will respond within one month. I will ask for ID before releasing information. Some rights may be limited, for example, where disclosure would adversely affect another person or where I must keep data for legal reasons.

​

Security

Paper notes are stored in a locked cabinet within a locked room. Digital records are stored on encrypted devices with strong passwords and two‑factor authentication, with encrypted backups. Access is restricted only to me. 

For online sessions, I usually use Teams, however, I can use Zoom or FaceTime with additional security controls (waiting room, no default recording).

​

Complaints

If you have concerns about how I handle your data, please contact me first – info@mariavarallo.co.uk.

You also have the right to complain to the Information Commissioner’s Office (ICO).

bottom of page