1. Privacy Notice: How will my data be stored?
As of May 2018, the Data Protection Act has been superseded by the General Data Protection Regulation (GDPR). This legislation enhances your rights and ensures that all personal, confidential, and sensitive data is managed securely and kept private.
2. Data Retention: How long will my information be kept?
In accordance with the National Council for Hypnotherapy guidelines, written records are securely stored for a period of eight years following the final interaction with an adult client. For clients under the age of 16, records are retained until the individual reaches 25 years of age. For those aged 17 or 18 at the time of last contact, records are retained until they turn 26.
3. Early Data Deletion Requests
Due to the nature of hypnotherapy work and in line with insurance requirements, early deletion of records is not permitted. Data must be retained for the minimum legally or professionally required duration.
4. Access to Your Data
In accordance with GDPR, you have the right to request access to any personal information held about you. Such requests will be fulfilled within 30 calendar days.
5. Purpose of Data Collection
Data is collected solely for clinical purposes. In rare circumstances, where it is necessary to liaise with your GP or another healthcare professional, relevant information may be used with your prior consent.
6. Data Security Measures
All personal data is stored securely. Handwritten notes are kept in locked physical storage, while electronic records are stored locally on a password-protected computer. No data is stored on cloud-based platforms.
7. Session Confidentiality
All hypnotherapy sessions are confidential. However, exceptions may apply if:
- There is a need to seek guidance from a clinical supervisor,
- There is a concern that you may be at risk of harming yourself or others.
8. Contact Outside of Sessions
To protect your privacy and maintain professional boundaries, I will not initiate any interaction if we meet outside of therapy sessions. If you choose to acknowledge or engage with me, I will respond respectfully and discreetly.
9. Information Sharing with Other Professionals
Information will only be shared with other healthcare or social care professionals with your explicit written consent.
10. Data Controller Details
The data controller is: David Hiley
ICO Registration Number: CSN4121300