MENU

GTW Hypnotherapy

Privacy Policy

Privacy Notice for GTW Hypnotherapy

The following information explains how I collect, use and protect any personal data that you provide to me. I may change and update this privacy policy at any time by updating this privacy notice. If any significant changes are made I will make this clear on my website or I may contact you directly

About Me

I am sole trader and data controller of the information I hold and process about individuals who have expressed an interest in my hypnotherapy service.

About the individuals whose data I collect

I collect data about individuals who:

  • Enquire about and/or attend hypnotherapy sessions
  • Enquire about and/or attend my relaxation classes, workshops and other occasional events

What I do with personal data

The legal basis for processing your data is as follows:

  • Contractual obligations in communicating therapy related information eg booking appointments, recording progress.
  • Consent from individuals who participate in the CORP research programme, which tracks therapeutic progress.
  • Legitimate interest in communicating information about relaxation classes, workshops, and other events.
  • Legitimate interest for financial accounting purposes.

Storage of personal data

I hold data in both written and electric form.

Written data collected:

  • From individuals, if they enquire by telephone or text, in which case, I hand-write contact details and brief notes in order to make contact.
  • From clients, during the Initial Consultation and subsequent therapy sessions.
  • Written data is stored securely in a locked filing cabinet in my locked therapy room.
  • Relevant data is transferred to electronic format for the purposes of recording attendance and bookkeeping.

Electronic data is held in spreadsheets on a password-protected laptop.

Client data is anonymised.

For clients participating in the CORP research programme, I use the CORP specialist software to track client progress. Client data is anonymised before being stored in the CORP database. The anonymised CORP data is stored on my password-protected laptop and is periodically uploaded into a centralised ‘cloud’ of industry-wide data for research purposes.

Electronic data is also held within a proprietary Email Management system for the purposes of notifying you of my events and opportunities that may be of interest.

Electronic data within emails, text messages, voicemail and social media direct messages is held securely using leading service providers such as Facebook and Outlook, and is accessed via password-protected use accounts, mobile phones and laptops.

Sharing your personal data

Email Management System providers to help me communicate with you. Payment Gateways to process financial transactions. These providers have access to your personal information so that they can perform their functions on my behalf, but they may not use it for other purposes. I am professionally obliged to report to relevant authorities if I have concerns that you may cause harm to yourself, to others, or to me.

To ensure best practice I may from time to time discuss your progress with a supervisor, in which case I would not divulge your identity. With the above exceptions, I will never share your data with a third party without your express permission, unless legally required to do so. Times, when I might seek your consent to share your data, may include; making a referral to another therapist or medical practitioner

Your rights

You have the following rights under the General Data Protection Regulations:

  • To request a copy of the information I hold about you
  • To update any of your personal information if it is inaccurate or out of date
  • To request that I delete the personal data I hold about you
  • To restrict the way in which I process your personal data
  • To request that I stop processing your data if you object to me doing so
  • To ask me to transfer your personal data to a third party

Data Retention

I will keep your personal data for no longer than necessary for the purposes of providing my service to you and to fulfil my obligations for financial and insurance record keeping. I am required by my governing association membership to keep records of my clients for adults for 6 years from the completion of their therapy. For clients under the age of 18, we are required by GDPR law to keep records until they turn 21 or for 6 years from the end of their therapy (whichever is greater). This includes both information about why you are seeking therapy and the notes taken at your session. Paper documents will be scanned and stored electronically and then will be shredded upon completion of your therapy.

How to contact me

If you have any questions about how I handle your personal data, you can contact me as follows:

  • Georgina Taylor-Wyatt
  • GTW Hypnotherapy
  • Stable Park
  • Effingham Road
  • Copthorne
  • Crawley
  • West Sussex
  • RH10 3HY
  • info@gtw-hypnotherapy.co.uk

If you believe I am processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office.

https://ico.org.uk/