Privacy Policy

What is GDPR (General Data Protection Regulations)?

In 2018, the GDPR replaced the 1998 Data Protection Act. It ensures your personal, confidential and sometime sensitive data, is held privately and securely. GDPR exists to protect your rights as a consumer. It applies to your identifiable data, e.g. your name and address & reasons for visiting Poise Hypnotherapy. It also covers any session records, text messages or emails that might be exchanged.

How long will you hold my information for?

I am regulated by the CNHC, an organisation that stipulates I must hold your data for 8 years after your final session, unless you are a child, in which case I must hold your data until your 25th birthday, or unless you are 17 when treatment ends and then I must keep it until your 26th birthday. Therefore, all records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data.

What if I don’t want my records to be held for that long?

Under the GDPR rules, you are able to request in writing to me for the deletion of any of your records at any time. I will then ensure that all your paper records are shredded with a cross shredding machine. Any electronic data held by me, such as emails or texts will be permanently deleted from the devices they are stored on. I would still need to save the written deletion request you sent me, if my insurance company insists on it, but would destroy any other data.

What are your reasons for collecting this information?

I am keen to offer the highest quality support to my clients and in order to do so, I will collect the following information:

• An idea of what you would like to achieve by coming for hypnotherapy
• A small amount of medical information
• Some brief session notes
• Your contact details
• GP contact details
CORP research data
• Some basic information about your important others

This information allows me to provide continuity within the sessions, in order to help you towards your goal. It will help me to refer to the content of earlier sessions and previous discussions. I will only use your contact details/address and GP’s details with your explicit consent. The CORP research programme collects unidentifiable information for the purposes of producing scientifically measured outcomes for Solution Focused Hypnotherapy.

How do I know my information will be stored securely?

Paper session notes – All are stored in a locked cabinet.
Text messages – my mobile phone is secured with a pin code.
Emails – my email account requires a username and password. I will not keep any emails if the content is no longer needed.

Is what we discuss kept confidential?

Everything we discuss during our sessions remains strictly confidential. Occasionally it may be necessary for me to discuss elements of your sessions with my supervisor to ensure that I am helping and supporting you in the most effective way. However, no identifying features about you will be disclosed during these discussions. My supervisor also abides by GDPR requirements.

What if I see you outside of a hypnotherapy session?

I am obliged by GDPR to protect your confidentiality at all times. For this reason, if I see you outside of sessions, I may acknowledge you, but it would be ideal if any further conversation could be avoided. However, if you wish to discuss your therapy with other people, that is your choice and you are welcome to do so.

What happens to my information if anything happens to you, the therapist so you cannot continue with my treatment?

In the event of me being incapable of continuing with your treatment, e.g. because of illness or death, you will be contacted by a trusted person who will also respect rules of confidentiality. You will then be given the option of being put in touch with another therapist for continuation of your sessions.

Will you discuss information about me with other health and social care professionals?

In line with GDPR requirements, I am only able to contact other health and social care professionals with your written consent.
I do have a ‘duty of care’ towards my clients, so the only exceptions to this would be if I believed that you were about to harm yourself or others. Should this occur then I would be required to inform the relevant authorities. However, I would always aim to discuss this with you before taking any action. Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.