My contact details:
Name: Louise Gibson
Address:
3 The Avenue
Calverton
Nottinghamshire
NG14 6FH
Phone Number: 07469923489
URL: lgibson-hypnotherapy.co.uk
Email: Louise@lgibson-hypnotherapy.co.uk
The Type of Personal Information I Collect:
I Currently collect and process the following information:
- Your contact details
- An idea of what you would like to achieve by coming for hypnotherapy
- A small amount of medical information
- Some brief session notes
- GP contact details
- Some basic information about your important others
How I get the personal information and why I have it:
Most of the personal information I process is provided to me directly by you for one of the following reasons:
- To provide continuity within the sessions to help you towards your goal
- To contact you to arrange sessions
- To contact your GP with your explicit consent if necessary
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing this information are:
- - Your consent. You are able to remove your consent at any time. You can do this by contacting louise@lgibson-hypnotherapy.co.uk, 15 Leabrooks Avenue, Sutton-In-Ashfield, Nottinghamshire, NG17 5HU. 07469923489
- - I have a legitimate interest.
How I Store Your Personal Information:
Your information is securely stored.
- Paper session notes - Louise Gibson stores all paperwork in a locked cabinet
- Text messages - Louise Gibson’s work phone is secured by a password
- Emails - Louise Gibson’s email account requires a password for access.
- Session notes stored on computer- are stored on a password protected device
Louise Gibson is a member of the National Council for Hypnotherapists. As such she is bound by their regulations regarding the length of time she must hold onto your information. The Organisation insists that Louise Gibson must hold onto your data for 8 years after your final session. However, the rule for children is different and the Organisation stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old, when Louise Gibson must keep their records until they reach their 26th birthday. Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.
Your data protection rights:
Under data protection law, you have rights including:
- Your right of access - You have the right to ask me for copies of your personal information.
- Your right to rectification - You have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.
- Your right to erasure - You have the right to ask me to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask me to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you.
Please contact me at louise@lgibson-hypnotherapy.co.uk, 15 Leabrooks Avenue, Sutton-In-Ashfield, Nottinghamshire, NG175HU. 07469923489 if you wish to make a request.
Under data protection law, you have rights including:
How To Complain
If you have any concerns about my use of your personal information, you can make a complaint to me at louise@lgibson-hypnotherapy.co.uk, 15 Leabrooks Avenue, Sutton-In-Ashfield, Nottinghamshire, NG175HU. 07469923489
You can also complain to the ICO if you are unhappy with how I have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Frequently Asked Questions Regarding Privacy Policy
How will my data be stored?
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Louise Gibson is GDPR registered. The Data Protection Act is aimed at ensuring your personal, confidential, and sometimes sensitive data, is held privately and securely. This means that any data you give to Louise Gibson must be processed in a way you agree with. GDPR exists to protect your rights as a consumer. It applies to your identifiable data, for example your name and address and any reason you might have for visiting Louise Gibson. It also covers any session records, text messages or emails between Louise Gibson and yourself.
How long will you hold my information for?
Louise Gibson is a member of the National Council for Hypnotherapists. As such she is bound by their regulations regarding the length of time she must hold onto your information. The Organisation insists that Louise Gibson must hold onto your data for 8 years after your final session. However, the rule for children is different and the Organisation stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old, when Louise Gibson must keep their records until they reach their 26th birthday. Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.
What if I would like my data to be destroyed before this date?
Under the GDPR rules, you are able to request the deletion of any of your records at any time. Simply write to Louise Gibson requesting that your records are destroyed and once she has confirmed your identity, she will do so. There is no charge for this service. Louise Gibson will then ensure that all your paper records are shredded with a shredding machine. Any electronic data held by Louise Gibson, such as emails or texts will be permanently deleted from the devices they are stored on. NB. Louise Gibson may need to save the written deletion request you sent her, if her insurance company insists on it, but would destroy any other data.
Am I able to see or get a copy of the information held by you?
In line with GDPR, if you send Louise Gibson a request in writing, specifying the data you wish to see, she will supply you with a copy of your data within 30 days. Louise Gibson will need to confirm your identity before sending you the information. There will be no charge for this service. NB Louise Gibson’s insurance company’s legal team may wish to verify any information Louise Gibson sends out.
What are your reasons for collecting this information?
Louise Gibson is keen to offer the highest quality support to her clients and in order to do so she will collect the following information:
- An idea of what you would like to achieve by coming for hypnotherapy
- A small amount of medical information
- Some brief session notes
- Your contact details
- GP contact details
- Some basic information about your important others
This information allows Louise Gibson to provide continuity within the sessions, in order to help you towards your goal. This information will allow Louise Gibson to refer to the content of earlier sessions and previous discussions. Louise Gibson will only use your contact details/address and GP’s details with your explicit consent. See client agreement and initial consultation.
How do I know that Louise Gibson will store my information safely?
- Paper session notes - Louise Gibson stores all paperwork in a locked cabinet
- Text messages - Louise Gibson’s work phone is secured by a password
- Emails - Louise Gibson’s email account requires a password for access
- Session notes stored on computer - Will be stored on a password protected device
Are discussions within the hypnotherapy sessions confidential?
Everything you discuss with Louise Gibson during your sessions remains strictly confidential. Occasionally it may be necessary for Louise Gibson to discuss elements of your sessions with her supervisor to ensure that she is helping you in the most effective way; however, no identifying features about you will be disclosed during these discussions. Louise Gibson’s supervisor is also registered with the ICO and abides by GDPR requirements.
What if I see Louise Gibson outside of a hypnotherapy session?
Louise Gibson is obliged by GDPR to always protect your confidentiality. So, for this reason, although she may acknowledge you (if you acknowledge her first), it would be ideal if any further conversation could be avoided. However, if you wish to discuss your therapy with other people, that is your choice and you are welcome to do so.
Will Louise Gibson discuss information about me with other health and social care professionals?
Louise Gibson is only able to contact other health and social care professionals with your written consent. Should she write to your GP, to notify them that you have entered into a therapeutic relationship with her, or to notify them that your therapy has been successfully concluded, Louise Gibson would require your signature, in line with GDPR requirements. Louise Gibson does have a ‘duty of care’ towards her clients, so the only exceptions to this would be if she believed that you were about to harm yourself or others. Should this occur then Louise Gibson would be required to inform the relevant authorities. However, Louise Gibson would always aim to discuss this with you before taking any action. Legally, Louise Gibson would also have to provide the police with information as set out in a warrant or court order, should the situation arise.
Who is the Data Controller and what is their ICO registration number?
The Data Controller is Louise Gibson, 15 Leabrooks Avenue, Sutton-In-Ashfield, Nottinghamshire, NG175HU.
This policy was last updated 21/3/2023. It may be updated at any time, so please check back regularly to ensure that you are aware of the latest version.
ICO Registration Number: ZB528317