Privacy Notice

How will my data be stored?

With the implementation of the General Data Protection Regulations (GDPR) in May 2018, replacing the Data Protection Act, the focus has been on ensuring the secure and private storage of personal, confidential, and sometimes sensitive data.

How long will you hold my information for?

Written records will be securely stored for eight years after the last interaction with an adult client and up to the age of 25 for a child under 16 when last seen or 26 years for 17-18 year olds.

What if I would like my data to be destroyed before this date?

Under GDPR rules, you have the right to request the deletion of any of your records at any time.

Can I see or get a copy of the information you hold?

In accordance with GDPR, you have the right to access and obtain a copy of your information within 30 days of date of request.

What are your reasons for collecting this information?

I use this information in order to make contact with you to discuss your requirements. I may also use this information so that I may improve my services. If you choose to proceed with making an appointment to see me, I will send you a copy of this Privacy Policy so that you are aware in advance how I will use information provided in the course of our sessions together. I will ask you at your appointment to tick a box if you wish to receive promotional/ further information about services I may offer in the future, or about well being in general. If you do not tick this box I will not contact you for these purposes.

I will ask you for your GP contact details and some basic health information: there are some conditions that are contraindicated for hypnotherapy and sometimes there are circumstance where it may be necessary to contact your GP before commencing therapy. I will inform you of this at our appointment should this appear appropriate.

I will ask you for details of your next of kin: this is used very rarely and only in emergency situations. You do not have to consent to the collection of information, however, if you choose not to provide it, I may not be able to work with you. In the course of our sessions: I will ask for your email address for the purposes of sending you a recording to listen to as part of the therapy. It may also be necessary to send emails to confirm or rearrange appointments.

I will make a note of information you provide me in order that we can plan bespoke therapy sessions and identify/produce scripts which will be used in session and/or which can be sent to you to listen to between sessions.

For the purposes of clarity, I do not receive or retain your bank details

How do I know that you will store my information securely?

To ensure your personal information is stored securely, all data you share and I record will be held in a secure, cloud-based location using Microsoft Office 365. Microsoft 365 employs advanced security features, including encryption of data both at rest and in transit, multi-factor authentication, and robust access controls to protect your information from unauthorised access, loss, or damage. Additionally, any handwritten notes containing personal data are securely destroyed using a cross-cut shredder immediately after their information has been transferred to digital format. These measures comply with UK data protection legislation, including the UK GDPR and the Data Protection Act 2018, ensuring your personal data is handled with integrity and confidentiality at all times.

Are our discussions within the hypnotherapy sessions confidential?

Yes, confidentiality is maintained unless there is a need for supervision, support or if there is a belief that you may harm yourself or others.

What if I see you outside of a hypnotherapy session?

To maintain confidentiality should we meet in a public space I will not acknowledge you unless you acknowledge me first.

Will you discuss information about me with other health and social care professionals?

Information will only be shared with other health and social care professionals with your written consent.

Who is the Data Controller, and what is their ICO registration number?

I am the data controller registered with the ICO; Registration number: