This policy sets out how Sue Pitman at Cardiff Hypnotherapy Solutions uses and protects the information you provide when you use her services and her website
It is my intention to ensure any data you provide is managed respectfully, kept secure and only used for the purposes for which it has been provided.
This policy will be updated from time to time in line with prevailing legislation.
When you contact me via my website, phone or email I will collect your:
Any information you choose to supply regarding the purpose of your enquiry.
What I do with this information
I use this information in order to make contact with you to discuss your requirements.
I may also use this information to improve my services.
If you choose to go ahead with an appointment I may send you a copy of a referral form which asks for more information* and explains once again how we will use information provided in the course of our sessions together.
*In the referral document I will ask for
Your name, address, telephone and email contact details so that I may contact you during the time we are working together.
Your GP contact details and health information: there are some conditions which are contra indicated for hypnotherapy.
Your next of kin: this is used very rarely and only in emergency situations.
You will also be asked to tick a box if you wish to receive promotional/further information about my services or about well being in general. If you do not tick this box we will not contact you for these purposes.
In the course of our sessions I will make a note of information you provide to me in order that we can plan future sessions and produce scripts which will be used in session.
Under the General Data Protection Regulations which became effective from 25th May 2018 you have the following rights:
- the right to be informed (which is why I have produced this policy)
- the right of access (if you wish to see your file then please make a request in writing to Sue Pitman, the Data Processor at firstname.lastname@example.org or in hard copy form. I will provide you with the information within 30 days of your request)
- the right to rectification (this is your right to request changes to any information I hold that is factually inaccurate. If you believe any of the information I hold about you is incorrect please let me know as soon as possible and I will make the appropriate changes
- the right to erasure (given the nature of our work I am are required to hold our details for a period of 7 years, after this your information will be securely destroyed.)
- the right to restrict processing (I will only use the information for the purposes that we have stated: most standards of confidentiality applied in professional contexts are based upon the Common Law concept of confidentiality where the duty to keep confidence is measured against the concept of “greater good”: if in my opinion there is good cause to believe not to disclose would cause danger or serious harm to self, the therapist or others, your GP or other appropriate agencies may be contacted. Only information required to ensure safety of
relevant parties would be disclosed. Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime. The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentiality
- the right to data portability: I will not share your information without your specific consent, other than in the situations described above
- the right to object (I will not contact you for marketing purposes unless you have given us specific agreement to do so)
- the right not to be subject to automated decision-making including profiling (I will not use your information for profiling purposes.
I use a data processor for the purposes of administration (including appointment making) and accounts. The data processor is trained for GDPR purposes and is fully compliant with the requirements.
The clinic premises may operate CCTV surveillance for the purposes of security. We have received written assurance from the owners of the premises that any data obtained via CCTV is protected in accordance with the GDPR
Where sessions are conducted by Webcam, e.g. Facetime, Whatsapp and Zoom, if the sessions are recorded they are so only for as long as it takes to write up the notes not taken contemporaneously. Once notes have been documented, the recording is deleted.
Where sessions are conducted remotely, my work space will be private and for my sole use.
I will use a good quality internet connection to ensure the best continuity.
I will use my best endeavours to ensure the security of my communications are protected and encrypted.
Cookies are small files which ask permission to be placed on your computer’s hard drive so that web traffic to my site can be analysed. By this mean I am able to see the website’s pages which are being more frequently viewed and are of interest. Most web browsers automatically accept cookies but you can modify your setting to decline them if you prefer. If you choose to do this you may find you cannot make full use of my website.
Links to other websites
ICO Registration No:ZA337579
Terms and Conditions
You agree to the following
- I wish to receive communications from Sue from time to time regarding well being and offers and hereby opt-in. (delete if you do not wish to receive)
- If I am late for my appointment I accept my session cannot be extended out of fairness to other clients.
- If I rearrange or cancel I understand I will be responsible for the full cost of the session if 48 hours prior written notice is not given in writing
- All information collated is confidential unless you present as a danger to yourself or others and in such a situation, you will be informed of any decision to notify the relevant authority prior to any such communication;
I understand Sue will pass details of my identity to NHS or similar in the event of necessary COVID-19 tracing as required by law.