Hampshire Hypnotherapy Privacy Statement
During your initial consultation I will be asking for personal information pertaining to your situation. I will also be asking about your family history and your health and medical situation. In addition to this I will also be collecting contact details (all of this is construed as Personal Data).
I use your email address to correspondence with you regarding your enquiry into the services of hypnotherapy, counselling or psychotherapy. I keep this information for the length of time we correspond and then delete it as confidential waste.
I do not use the information you supply via the ‘contact' button for marketing purposes or share with third parties unless I am required to by law.
I use Gmail when responding to enquiries from my website because Gmail encrypts messages in transit (using TLS Transport Layer Security). This means that emails are unable to be read by third parties in transit.
The following statement details how I collect, store or share/process your personal data including special category data:
What information is collected?
Date of birth (if under 18)
Emergency contact name and number
What do I use this information for?
It is used primarily as contact and emergency contact information while you are in therapy. I collect this data for people under the age of 18 so that I know when clients reach the age of 18 for to comply with the GDPR regulations on the storing of notes for a seven year period after a child reaches 18 years of age (see data retention section below).
I only use your data in relation to the delivery of my services, and do not use it for marketing purposes, or sell to third parties (unless you have consented for coaching or events). There are very specific limited professional reasons why I may need to share/process your data.
Do I share/store your personal data?
It may become necessary during our work together for me to break confidentiality as a duty of care. For example, if you expressed a notion or threat of serious harm to self or others, acts of terrorism or drug trafficking, money laundering. The personal data shared will be adequate and
proportionate (the minimum). Your information may be shared with health professionals and emergency services as appropriate.
Clinical will. In the event of my death or becoming incapacitated a family member will pass a sealed envelope from my secure storage containing name and contact details of my current clients to my supervisor. This is to enable my supervisor to contact you regarding my situation and to discuss therapeutic options for the future and to maintain safety. My supervisor and myself follow the same code of confidentiality.
I may be required to share information in your notes if I am issued with a court order. I keep anonymous notes from our sessions in line with the requirements of my professional insurance. Necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Financial details ( by proxy on my bank statement after you make payment). The training participant information is used for pre workshop correspondence and your mobile is used for notification in the event of an emergency cancellation.
It is also a legal requirement for me to keep financial records for the purpose of tax returns for a period of seven years.
Should you ask me to share your notes/information with other medical professionals or your
If you ask to be added to my distribution list for notification of future events.
How long do I keep your information? (Data retention schedule)
1. If you choose not to continue with therapy after your assessment session your information will be disposed of 2 weeks after as confidential waste.
2. If you choose to continue with therapy/coaching I keep client notes which are anonymous (separate from names, phone numbers and email addresses) for 7 years after your last session in line with the current requirements of my professional insurance.
For under 18s their name, contact number and anonymous notes will be kept for 7 years after the age of 18 is reached.
3. If you book onto a training event I will keep your contact details until one week after the date
of the training and keep name, training and attendance data for 7 years.( in line with my
All information is stored as confidential data in locked storage, password protected document or
encrypted memory stick and destroyed at the end of the data retention period as confidential
Your rights under GDPR
Right to be informed,
Right to access (you can request to see information I hold about you)
Right of rectification,
Right to erasure, Not applicable to lawful reason legal obligation
Right to restrict processing,
Right to data portability, Not applicable to lawful reason legal obligation
Rights related to automated decisions.
Right to object, Not applicable to lawful reason/legal obligation
It should be noted that the ICO states these are not all absolute rights:
If you have any concerns about how your data is being used please feel free to discuss it with me. My contact details are: 07810 640685. You also have
the right to complain to the information commissioner's office ICO. 0303 123 1113
These are stored temporarily during a browsing session. They allow normal use of the site and are deleted from your device when the browser is closed.
Personal Information from your device is collected such as geolocation data, IP and unique identifiers such as your MAC address plus further information relating to your activity while on the
My website host(s) Namesco, Hostgator and FastHost (depending on which site your are on) collects behaviour patterns of website visitors. This does not identify individuals but allows me to see the number of site visits, number of specific page views, and type of device used (celphone, desktop, laptop).
...(download the rest of the essay above)