GENERAL DATA PROTECTION REGULATIONS, 2018 (GDPR) AND HOW IT AFFECTS ME
After 20 years, the Data Protection Act has been replaced by the GDPR. The aim is to ensure that your personal, sometimes sensitive, confidential data is held privately and securely, being processed in the way that you have agreed to. It exists to protect your rights as a consumer involving your identifiable data, e.g. your name and address & any reason you might have for visiting me. It also covers any session records, text messages or emails between us. This Policy has been produced in order for you to understand how I use, disclose, and make use of personal information.
DATA PROTECTION POLICY
I am committed to protecting your privacy. The information collected about you in order to process your enquiry will only be used lawfully in accordance with the Data Protection Act 1998 and the General Data Protection Regulation. Your email address and phone number will not be used for anything other than for me to communicate directly with you. I will not willfully disclose any confidential information without your prior permission and your details will not be passed onto a third party for their use in promotional purposes. Any personal information collected will be protected by reasonable security safeguards against loss or theft, as well as unauthorised access and disclosure. I will not share any of your information with parties outside Alexandra Elizabeth Hypnotherapy except to the extent required by law, police, court order or as requested by other government or law enforcement authorities.
HOW LONG WILL YOU HOLD MY INFORMATION FOR?
As a member of the CNHC I am bound by their regulations regarding the length of time I must hold onto your information. This organisation stipulates that I must hold your data for 8 years after your final session. The exception to this rule applies to children, for whom I must hold their data until their 25th birthday, (unless they are 17 when treatment ends when I must keep it until their 26th birthday). All records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data.
CAN I ASK FOR MY INFORMATION TO BE DELETED BEFORE THIS DATE?
GDPR allows you to request the deletion of any of your records, by making a request in writing to me. Should you request this then all your paper records would be shredded with a cross shredding machine. Any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. Please note that I would have to save the deletion request you made but would not save any other data.
CAN I ASK TO SEE MY DATA AND IF SO HOW QUICKLY CAN I LOOK AT IT?
You are now able to ask to see any information that is held about you within 30 days of asking. You can even ask for a copy of any personal information held by me if you wish. It is possible however, that my insurance company’s legal team may want to verify information I send out.
WHY DO YOU NEED TO RECORD THIS INFORMATION?
In order to give you the highest quality support I can, I collect information about: what you want to achieve by coming for hypnotherapy, a small amount of medical information and some information about your important others, alongside brief session notes. This information allows me to refer to information about previous discussions and the content of earlier sessions. Your contact details / address and GP’s details will only be used with your explicit consent.
HOW DO I KNOW THAT MY INFORMATION WILL BE HELD SECURELY?
Paper session notes – Are all stored in locked cabinets.
Text messages – My work phone is secured with finger print recognition or a pass code.
Emails – My email account requires a user name and password.
DO OUR DISCUSSIONS DURING THE SESSIONS REMAIN CONFIDENTIAL?
Everything we discuss during our sessions remains strictly confidential between you and me. On occasion I may choose to discuss elements of our sessions with my supervisor to ensure I am doing my job effectively. During these discussions I will not disclose any identifying details about you to my supervisor. My supervisor also adheres to the GDPR.
WHAT IF I SEE YOU AWAY FROM A HYPNOTHERAPY SESSION?
I am obligated by GDPR to protect your confidentiality, so for this reason, although I may acknowledge you if you acknowledge me, it would be better to avoid any further conversation. However, if you wish to discuss your therapy with other people, you are welcome to do so.
WILL YOU DISCUSS ME WITH OTHER HEALTH AND SOCIAL CARE PROFESSIONALS?
I am only able to contact other health and social care professionals with your written consent. Should I write to your GP, to notify them that you have come to see me for treatment and again at the end of the therapeutic relationship, I would require your signature in line with GDPR requirements. The only exceptions to this would be if I believed that you were about to harm yourself or another then I would be required to inform the relevant authorities as part of my “Duty of Care”. However, I would always aim to discuss this with you before taking any action. Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.
COMMUNICATION & MARKETING
Alexandra Elizabeth Hypnotherapy clients will have the opportunity to 'opt-in' to receive marketing communications in the form of email newsletters during their Initial Consultation. These email newsletters will be sent using MailChip.
If you decide you do not want to receive further email newsletters, you have the option to 'opt-out' of receiving marketing communications from me by either clicking the 'unsubscribe' button at the bottom of the email newsletter or emailing and requesting to unsubscribe. For me to be able to do so, please include your email address in the body of your email and write "Unsubscribe" in the subject line.
Unfortunately, the transmission of information via the Internet is not completely secure. I will do my best to protect your personal data, but cannot guarantee the security of data transmitted to the site; any transmission is at your own risk. Once I have received your information, I will use strict procedures and security features to try to prevent unauthorised access.
COOKIES & GOOGLE ANALYTICS
The Alexandra Elizabeth Hypnotherapy website collects data using Cookies and Google Analytics which collects the information on the pages you visit to make your experience more efficient and analyse the behaviour of visitors to the website. You cannot be identified by the information collected. Info about Cookies can be found at aboutcookies.org.
THIRD PARTY SITES
Alexandra Elizabeth Hypnotherapy's website may contain links to and from the websites of other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that I do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
I am always pleased to hear from clients (even if it is a complaint!). I am always grateful for any time you spend providing me with the knowledge I need to ensure my clients are completely satisfied – I want you to receive the highest level of service and to recommend me to your friends and family. If you have any questions or feedback about this statement please do not hesitate to contact me and I will be delighted to answer any questions you may have.
You can contact me at: firstname.lastname@example.org
*Results may vary and rely on client’s participation within the therapy as well as in between sessions.