Who we are
Sussex Hypnotherapy as the data controller is committed to protecting the rights of individuals in line with the General Data Protection Regulations (GDPR). Questions or concerns regarding this privacy notice and your data should be directed to: firstname.lastname@example.org
The data we collect and how it is used
Sussex Hypnotherapy will collect the following personal data: name, address, date of birth, contacts details and GP contact details for internal client record management. Sussex Hypnotherapy will also collect sensitive personal data relating to health and wellbeing, and may make written session notes and audio recordings, in order to provide a personalised treatment service. Therapy sessions will only be recorded with written client consent.
With written consent Sussex Hypnotherapy may share personal data with a client’s G.P. for the purpose of providing treatment. Sussex Hypnotherapy will not disclose personal data to a third party without written consent, unless legally required to do so, or to prevent self-harm or harm to others. Anonymous data may be used for supervision purposes. Personal data will not be disclosed or used for marketing purposes.
When visiting the Sussex Hypnotherapy website I.P. addresses are collected and processed by the website hosting company (Siteground) for the purposes of monitoring website traffic.
Sussex Hypnotherapy will not collect excessive amounts of personal data, and any data collected will be kept up to date to comply with the GDPR.
Our lawful bases for processing personal data
Our lawful basis for collecting and processing basic personal data is consent.
Our lawful basis for collecting and processing sensitive personal data is explicit consent.
Basic and sensitive personal data is collected and processed for the purpose of providing treatment.
Our lawful basis for collecting and processing personal data when visiting the Sussex Hypnotherapy website is legitimate interests.
In compliance with the GDPR Sussex Hypnotherapy will store (and destroy) personal data securely, and protect personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate physical and technical measures are employed.
Personal data will be held for a period of 6 years after the latest treatment date for the purposes of providing services to returning clients, and for insurance and tax requirements. Personal data collected from an enquiry or initial phone consultation will be retained for 6 months.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data (subject to ID checks):
The right to:
request a copy of the personal data Sussex Hypnotherapy holds about you.
request corrections to any personal data held if found to be inaccurate or out of date.
request that personal data is erased where retention is no longer necessary.
restrict data processing where there is a dispute in relation to the accuracy or processing of your personal data.
withdraw consent to processing at any time. Withdrawal of consent would result in the termination of treatment by Sussex Hypnotherapy
lodge a complaint with the Information Commissioners Office.
If you are concerned with how your personal data is being processed you may initially contact Sussex Hypnotherapy.
If you remain dissatisfied you can contact the Information Commissioner’s Office at:
Information Commissioner’s Office
0303 123 1113