GDPR (GENERAL DATA PROTECTION REGULATIONS, 2018)
What information will I (we/our) (Mandy Holmes Hypnotherapy) gather and why?
When you contact me via my website, phone or email I will collect your:
Any other information you choose to supply regarding the purpose of your enquiry.
During your Initial Consultation and other sessions
You may give other information that you wish to discuss or I feel is relevant to our sessions, and also what you wish to achieve with the help of Solution Focused Hypnotherapy.
This will help me to get to know you better and formulate the therapy sessions. (Please note: you have the right to choose what information you share during your hypnotherapy sessions).
Why do you need to record this information?
I collect information about – why you are using the service, a small amount of medical information and a small amount of information about your important others, alongside brief session notes. This information enables me to provide a high quality service to you, ensuring I am equipped with the knowledge of our previous discussions prior to each session. Your contact details/address and Doctors details will only be used with your explicit consent. I use this information in order to contact you about appointments and to help you to achieve your goals in therapy.
Everything we talk about during our sessions are strictly confidential between you and me. To ensure I am doing my job effectively and that I have the right support, I may discuss elements of our sessions with my supervisor. During these discussions I do not disclose any details that may identify you to my supervisor, and my supervisor also adheres to the GDPR.
How will your information be stored?
Your information is stored securely and access to it is controlled and restricted.
Paper records/hand-written notes will be stored in a locked cupboard to which I have sole access. Your emails, name and telephone contact details will be stored in an account that is password protected and on my password protected phone and computer. Electronic records, e.g typed letters will be stored on a password protected computer.
How long will your information be stored?
I am regulated by the CNHC, an organisation that stipulates I must hold your data for 8 years after your final session. Unless you are a child, in which case I must hold your data until your 25th birthday, unless you are 17 when treatment ends and then I must keep it until your 26th birthday. Therefore, all records will be deleted in the January after the above retention scales. This is in line with NHS regulations.
Have you the right to request that your information is destroyed?
Yes. Please make a written request for your records to be destroyed and I will do so within 30 days of receipt of your request. I will also confirm in writing that your request has been carried out.
To ensure your confidentiality, if we see each other socially, or outside of our sessions I will not engage in any conversation regarding your therapy. You are welcome to talk with other people about the therapy you are receiving, but I am obligated by GDPR law to ensure that your confidentiality is protected.
Under the General Data Protection Regulations which are effective from 25th May 2018 you have the following rights:
- the right to be informed (which is why I have produced this policy).
- the right of access (if you wish to see your file then please make a request in writing to Mandy Holmes. I will provide you with the information within 30 days of your request).
- the right to rectification (this is your right to request changes to any information I hold that is factually inaccurate. If you believe any of the information I hold about you is incorrect then please let me know as soon as possible and I will make the appropriate changes
- the right to erasure (given the nature of our work I am required to hold your details for a period of 8 years, after this your information will be securely destroyed.)
- the right to restrict processing (I will only use the information for the purposes that I have stated: most standards of confidentiality applied in professional contexts are based upon the Common Law concept of confidentiality where the duty to keep confidence is measured against the concept of “greater good”.
(If in the therapist’s opinion there is good cause to believe that not to disclose would cause danger or serious harm to self, the therapist or others, your GP or the appropriate agencies may be contacted. Only information required to ensure the safety of the relevant parties would be disclosed. Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime. The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentiality).
- the right to data portability: I will not share your information, other than in the situations described above, without your specific consent.
- the right to object (I will not contact you for marketing purposes unless you have given me specific agreement to do so)
- the right not to be subject to automated decision-making including profiling (I will not use your information for profiling purposes)
WEBCAM SESSIONS Where sessions are conducted via webcam e.g. Zoom – I may record the online consent form section where you agree verbal consent for therapy. The recording is then immediately stopped and filed secured in a password protected file on my computer.
Website and social media testimonials
I will only publish testimonials on my website with specific consent and I will not publish your full name. If you provided a testimonial on social media (e.g facebook) the testimonial will stay on there unless you specifically ask me to remove it.
Cookies are small files which ask permission to be placed on your computer’s hard drive so that we can analyse web traffic to our site. Through this we can see which of our website’s pages are being viewed and are of interest. Most web browsers automatically accept cookies but you can modify your setting to decline them if you prefer. If you choose to do this you may find you cannot make full use of our website.
LINKS TO OTHER WEBSITES
In accordance with the General Data Protection Regulation (GDPR) the data controller for Mandy Holmes Hypnotherapy is Mandy Holmes. I am responsible for collecting and processing your personal information. Processing includes the retrieval, organisation, use, protection, and deletion or destruction of information, and its disclosure to other agencies.
Questions, comments, information access and amendment requests, and any complaints should be addressed to Mandy Holmes, email firstname.lastname@example.org