Privacy and GDPR

This Privacy Policy document contains types of information that is collected and recorded by Yes Hypnotherapy, accessible at yeshypnotherapy.co.uk, and how I use it.

If you have additional questions or require more information about my Privacy Policy, do not hesitate to contact Michelle by email at info@yeshypnotherapy.co.uk.

General Data Protection Regulation (GDPR)

I am a Data Controller of your information.

My legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect the information:
– My needs to perform a contract with you
– You have given me permission to do so
– Processing your personal information is in my legitimate interests
– I need to comply with the law

Personal data that I process shall not be kept for longer than is necessary. I will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

The GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely, and is processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we exchange.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what Personal Information I hold about you and if you want it to be removed from my systems, please contact me by email.
– You have given me permission to do so
– Processing your personal information is in my legitimate interests
– I need to comply with the law

How long will you hold my information?

I am regulated by the AfSfH and NCH, an organisation that stipulates I must hold your data for 8 years after your final session. Unless you are a child, in which case I must hold your data until your 25^th birthday, unless you are 17 when treatment ends and then I must keep it until your 26^th birthday. Therefore, all records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data. 

I need your consent

Before we do any work together I need your consent. Your privacy and confidentiality are important, and Yes Hypnotherapy will never use your information for any purpose other than that to which you have explicitly consented to when you submit the consent form. You may withdraw consent at any time by getting in touch via 07857 661483 or info@yeshypnotherapy.co.uk. Failure to complete the online consent form will result in your session being cancelled in accordance with my cancellation policy explained in the Client Therapy Agreement.

What if I don’t want my records to be held for that long?

Under the GDPR you can make a request in writing to me, for all your records to be deleted. In this case all your paper records would be shredded with a cross shredding machine and any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. I would have to save the request for deletion you made but would not save any other data. In some circumstances my insurance companies legal team may want to verify the information I send out and may stipulate that I am required to retain  the data for a set period which would prevent me from being able to honour the request for  deletion at that time, however once the specified period has passed I would then provide  confirmation that your data has been deleted.  

Why do you need to record this information?

I collect information about; why you are using the service, a small amount of medical information and a small amount of information about your important others, alongside brief session notes. This information enables me to provide a high-quality service to you, ensuring I am equipped with the knowledge of our previous discussions prior to each session. Your contact details/address and Doctors details will only be used with your explicit consent.

What lengths are made to ensure my information is held securely?

Hardcopy documents – Are all stored in a locked cabinet in a locked room.

Text messages – My work phone is secured with a pin code. 

Emails – My email account requires a username and password and is protected by two factor authentication. 

Email attachments – Any attachments sent by email to you containing your personal information would be password protected and the password would be sent to you via text message. 

Electronic documents – Any electronic documents e.g. A letter to your GP, is password protected and stored on a password-protected computer if they contain personal or sensitive information. Any documents stored on a cloud based storage system are  stored with Secure 256-bit AES and SSL/TLS encryption technology keeps your files safe  from harm during data transfer.

Your Rights

The right to access, update or to delete the information I have on you.

– The right of rectification.
– The right to object.
– The right of restriction.
– The right to data portability
– The right to withdraw consent

Is what we discuss kept confidential?

Everything we talk about during our sessions is strictly confidential between you and me. To ensure I am doing my job effectively and that I have the right support, I may discuss elements of our sessions with my supervisor. During these discussions, I do not disclose any details that may identify you to my supervisor, and my supervisor also adheres to the GDPR.

What about other Health and Social Care Professionals? 

As I adhere to the GDPR any contact, relating to you, with other healthcare professionals would only be made with your signed consent. E.g. If I were to write to your GP to notify them of your treatment with me, and then notify them of the treatment ending, I would only do this if you were to sign the specific consent form

Exceptions: In order to safeguard you and the people around you, if you were to disclose that you were going to carry out harm to yourself or someone else, then under my “Duty of Care” I am obligated by law to inform the relevant authorities. This is to support you to live well, and I would always aim to discuss this with you prior to contacting anyone. 

I am also required by law to disclose any admission to serious crime e.g. Murder, Terrorism, or  if I was subject to a police warrant or court order for your information, by law I would also have to provide them with your information. 

Online Booking

When you contact me via my Online Booking facility, I will collect your name, telephone and email address. By using the Online Booking Form you consent to me using this information for correspondence purposes. To have your information deleted from our records, please contact us by email.

Digital Downloads and Blog Subscription

By signing up my Blog or purchasing digital downloads, courses and freebies, you agree to receive updates related to your course or future offers. You can unsubscribe at any time and have your email deleted from this service by clicking the Unsubscribe button at the top of the email.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Cookies

Like any other website, my website uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.

https://support.google.com/chrome/answer/95647?hl=en (Chrome);

https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

http://www.opera.com/help/tutorials/security/cookies/ (Opera);

https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

https://support.apple.com/kb/PH21411 (Safari); and

https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Note that if you block cookies, some features of my website may not be available to you.

Links To Other Sites

My website may contain links to other sites (Facebook, Youtube, Instagram, PayPal Stripe etc). My Privacy Policy does not apply to other websites. Thus, I am advising you to consult the respective Privacy Policies of these other sites for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

Log Files

Our website follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

Children’s Information

I do not knowingly collect any Personal Identifiable Information from children under the age of 18. If you think that your child provided this kind of information on my website, I strongly encourage you to contact me immediately and I will do my best effort to promptly remove such information from my records.

Online Privacy Policy

This privacy policy applies only to my online activities and is valid for visitors to our website with regards to the information shared and/or collected online. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using my website, you hereby consent to our Privacy Policy. I may update this Privacy Policy from time to time, and we invite you to check this page periodically to ensure you are happy with any changes to it.