GDPR Notice (Data Privacy)

1. How will my data be stored?

In May 2018 the Data Protection Act was replaced by the General Data Protection Regulations (GDPR). The changes to the Data Protection Act are aimed at ensuring that your personal, confidential and sometimes sensitive data, is held privately and securely.

2. How long will you hold my information for?

This depends on the organisations your therapist is registered with.

As a member of the NCH (National Council for Hypnotherapy) we keep “written records stored securely for 8 years after the last interaction with an adult client, and up to the age of 25 for a child under 16 when last seen, or 2-6 years for a 17-18 year old.”

3. What if I would like my data to be destroyed before this date?

Due to the sensitive nature of what we do, my insurance company does not allow the deletion of data, before the minimum time for holding said data.

4. Am I able to see or get a copy of the information held by you?

In line with GDPR, yes, within 30 days.

5. What are your Reasons for collecting this information?

The information is collected to ensure a written record of our clients, their individual circumstances, their progress throughout their sessions. This helps provide a knowledge of previous discussions to ensure the best quality of service.

6. How do I know that you will store my information securely?

Any information you disclose will be held securely on or computer system using double factor authentication, and any paper records will be held in a locked filing system.

7. Are our discussions within the hypnotherapy sessions confidential?

Yes, unless I need support from my supervisor or I believe that you are about to harm yourself of another.

8. What if I see you outside of a hypnotherapy session?

This is up to you, and I will follow your lead – if you are comfortable saying hello, or even having a normal conversation then by all means I will reciprocate. But generally, I will just smile in passing and you need not worry about appearing rude in any way.

9. Will you discuss information about me with other health and social care professionals?

Only with your written consent.

10. Who is the Data Controller and what is their ICO registration number?

I am the data controller and my ICO registration number is TBC.

GDPR Privacy Notice rev1.