Sussex Hypnotherapy is committed to protecting your privacy and enabling you to exercise your rights as a data subject. This policy provides you with information about how we handle personal data. It sets out the lawful basis for processing the data we collect, create or otherwise obtain from or about you and your rights over it.
Any questions or concerns you have regarding this policy or your data should be directed to: firstname.lastname@example.org
The data we collect and how it is used
Sussex Hypnotherapy will collect the following personal data: name, address, date of birth, contacts details and GP contact details for internal client record management. Sussex Hypnotherapy will also collect sensitive personal data relating to health and wellbeing, and may make written session notes and audio and video recordings, in order to provide a personalised treatment service. Therapy sessions will only be recorded with written client consent.
With written consent Sussex Hypnotherapy may share personal data with a client’s GP for the purpose of providing treatment. Sussex Hypnotherapy will not disclose personal data to a third party without written consent, unless legally required to do so, or to prevent self-harm or harm to others. Anonymous data may be used for supervision purposes. Personal data will not be disclosed or used for marketing purposes.
Sussex Hypnotherapy will collect the following personal data: name and email address to provide you with email updates about our services.
Sussex Hypnotherapy use Zoom to provide online help. We do not record sessions until you ask us to.
When visiting the Sussex Hypnotherapy website your IP addresses, browser and other details of the devices you use are collected and processed by the website hosting company (Siteground) for the purposes of internal operations including troubleshooting and monitoring website traffic.
Sussex Hypnotherapy will not collect excessive amounts of personal data, and any data collected will be kept up to date to comply with the UK GDPR, Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).
Our lawful bases for processing personal data
Basic and sensitive personal data is collected and processed for the purpose of providing treatment. The lawful basis for doing this is consent.
Basic personal data is collected and processed for the purposes of providing email updates about our services. The lawful basis for doing this is consent.
Basic personal data is collected and processed when you visit the Sussex Hypnotherapy website. The lawful basis for doing this is Legitimate Interest.
Sussex Hypnotherapy will store (and destroy) personal data securely, and protect personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate organisational, physical and technical measures are employed.
Personal data will be held for a period of 6 years after the latest treatment date for the purposes of providing services to returning clients, and for insurance and tax requirements. Personal data collected from an enquiry or initial phone consultation will be retained for 6 months.
Personal data collected for sending out emails will be retained for 2 years after the last consent was given.
Unless subject to an exemption under the UK GDPR, you have the following rights with respect to your personal data (subject to appropriate ID checks):
The right to:
request a copy of the personal data Sussex Hypnotherapy holds about you, and information about its use
request corrections to any personal data held if found to be inaccurate or out of date.
request that personal data is erased when we have no lawful basis to continue processing it
restrict data processing where there is a dispute in relation to the accuracy or processing of your personal data.
receive a copy of information you have provided to us in electronic format (where processing is done under Consent or Performance of a Contract)
withdraw consent to processing at any time. Withdrawal of consent related to treatment would result in the termination of treatment by Sussex Hypnotherapy
lodge a complaint with the Information Commissioners Office
If you are concerned with how your personal data is being processed, we would ask that you initially contact Sussex Hypnotherapy to discuss it using the details at the top of this policy. If you remain dissatisfied, you can contact the Information Commissioner’s Office at:
Information Commissioner’s Office
0303 123 1113