Privacy & GDPR Notice

This privacy policy explains how I collect, use, store, and protect your personal information in compliance with the UK GDPR, the EU GDPR, applicable insurance requirements, and the ethical codes of my professional bodies.

Who I Am

Data Controller & Data Protection Officer: Enrico Viola
Email: [email protected]
Phone: +420 773 278 327

I am responsible for the personal data I collect and process during our professional relationship.

What Information I Collect

I collect information that you provide voluntarily by phone, email, online inquiry, or in person. This may include:

Name, contact details (phone, email, address)
Emergency contact details
GP/healthcare professional details (if required)
Information about your symptoms, triggers, and presenting issues
Relevant personal history, including family background and medical history
Session notes related to your sleep coaching
Invoices or payment records

Why I Collect Your Data

I use your personal data to:

Assess whether I can offer you sleep coaching
Provide you with sleep coaching services
Communicate about your sleep coaching, including scheduling
Invoice and manage payments
Maintain records in line with insurance and legal obligations

Lawful Basis for Processing

I process your data under contractual necessity (to provide sleep coaching services) and legitimate interests (to manage records for insurance and professional requirements). I will never use your information for marketing or share it with third parties for profit.

How Your Data Is Stored

Digital records are stored securely in Cloud-based clinic management software, which is GDPR-compliant and hosted on encrypted UK/EU servers.

How Long I Keep Your Data

Adult records: kept for 7 years after treatment ends
Records of minors: kept for 7 years after the client turns 18
These timeframes meet professional body and insurance requirements.

Confidentiality & Sharing

Your data is confidential. I will not share it without your consent, except:

When required by law (e.g., court orders, safeguarding obligations under relevant UK or Europe legislation)
When I believe there is a serious risk of harm to you or others

Session notes are securely stored, and any case discussions (e.g., in supervision) are anonymized.

Cookies and Website Tracking

My website uses cookies to improve your browsing experience.

A cookie control system allows you to accept or decline non-essential cookies.
I use Google Analytics to monitor site performance.Google Analytics is set to anonymise IP addresses so no individual can be identified.
You can manage or block cookies in your browser settings.

Your Rights Under GDPR

You have the right to:

Access – Request a copy of your data
Rectification – Correct inaccurate or incomplete data
Erasure – Ask for data deletion (“right to be forgotten”)
Restrict Processing – Limit how I use your data
Portability – Request your data be transferred to another provider
Object – Stop certain uses, such as direct marketing
Withdraw Consent – You can withdraw your permission at any time (Although this may affect my ability to provide sleep coaching in line with professional and legal obligations.)

To exercise any of these rights, please contact me directly.

Complaints

If you are concerned about how I handle your data, you can contact me directly.

If you are based in the UK, you have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk
If you are based in the EU, you also have the right to complain to your local Data Protection Authority (DPA). You can find contact details for each national authority here: https://edpb.europa.eu/about-edpb/about-edpb/members_en