PRIVACY NOTICE

In May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). I am GDPR registered. The changes to the Data Protection Act are aimed at ensuring your personal, confidential, and any sensitive data, is held privately and securely. This means that any data you give to me must be processed in a way you agree with. GDPR exists to protect your rights as a consumer. It applies to your identifiable data, e.g. your name and address and any reason you might have for visiting me. It also covers any session records, text messages or emails between us.

How long will you hold my information for?

As a member of the Association for Solution Focused Hypnotherapy (AfSFH) I am bound by their regulations regarding the length of time I must hold onto information. 

Information must be held for 8 years after the last interaction with an adult client and up to the age of 25 for a child under 16 when last seen, or 26 years for 17-18yr old. Client records will be destroyed in the January after these dates in line with NHS regulations for holding data.

What if I would like my data to be destroyed before this date?

Due to the sensitive nature of what I offer, the insurance company advises that deletion of a client's data cannot occur before the minimum term (see above) has expired.

Am I able to see or get a copy of the information held by you?

In line with GDPR, if you send me a request in writing, specifying the data you wish to see, I will supply you with a copy within 30 days. I will need to confirm your identity before sending you the information and there will be no charge for this service. Please note that my insurance company’s legal team may wish to verify any information I intend to send out.

What are your reasons for collecting this information?

I aim to offer the highest quality support to my clients and in order to do so I will collect the following information:

• Your contact details and basic information about your important others
• An idea of what you would like to achieve by coming for hypnotherapy and brief session notes
• A small amount of medical information including your GP contact details

This information allows me to provide continuity within the sessions, in order to help you towards your goal. This information will allow me to refer to the content of earlier sessions and previous discussions and I will only use your contact details/address and GP’s details with your explicit consent (see client agreement and initial consultation).

How will my data be processed and stored?

Your information will be stored securely. All online documents are password protected and encrypted on my personal laptop which no one else has access to. Hardcopies are kept in a secure cabinet and only your initials / case number is used wherever possible.

Are our discussions within the hypnotherapy sessions confidential?

Yes, unless I need support from my supervisor, or I believe that you are about to harm yourself or another. Everything you discuss with me during our sessions remains strictly confidential. Occasionally it may be necessary for me to discuss elements of your sessions with my supervisor to ensure that I am helping you in the most effective way. However, no identifying features about you will be disclosed during these discussions; my supervisor is also registered with the ICO and abides by GDPR requirements.

What if you see me outside of a hypnotherapy session?

I am obliged by GDPR to protect your confidentiality at all times. So, for this reason should we bump into one another outside of our sessions, I will not acknowledge you unless you approach me. However, if you wish to discuss your therapy with other people, that is your choice, and you are welcome to do so.

Will you discuss information about me with other health & social care professionals?

I am only able to contact other health and social care professionals with your written consent. Should I write to your GP to notify them that you have entered into a therapeutic relationship with me, or to notify them that your therapy has been successfully concluded, I would require your signature, in line with GDPR requirements.

I, like all practitioners, have a “duty of care” towards my clients, so the only exceptions to this would be if I believed that you were about to harm yourself or others. Should this occur then I would be required to inform the relevant authorities. However, I would always aim to discuss this with you before taking any action. Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.

Who is the Data Controller and what is their ICO registration number?

Stephanie Martin-Halls Church St, CO93BA / ICO Registration number: ZB659294 

My policy may be updated at any time, so please check back regularly to ensure that you are aware of the latest version.