Privacy Policy

Privacy Policy Clear Skies Hypnotherapy
Privacy Policy Clear Skies Hypnotherapy
1. Introduction

Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and that I fully comply with current data protection legislation, including the General Data Protection Regulation (the GDPR) and the Data Protection Act 2018.

This privacy statement tells you how I collect and what I will do with your personal data from initial point of contact through to after our contract has ended, including:

  • The legal basis for processing your information.
  • How I keep your information secure and how long I keep it for.
  • Your data protection rights.

‘Data controller’ is the term used to describe the person or organisation that collects, stores and has responsibility for people’s personal data. In this instance, the data controller is me, Sarah Cookson. I am registered with the Information Commissioner’s Office and my registration number is ZB247257. In this statement, “Rtt” means Rapid Transformational Therapy; and “professional services” means the services (including therapy, advice and information) you receive from me as part of your Rtt as set out in the terms and conditions and waiver.

I keep this data protection policy under regular review and am happy to chat through any questions you might have about it: you can contact me at [email protected].

2. The Data I Collect About You

Keeping records is an essential component of healthcare and helps me understand how best to help you via my professional services. I may collect and otherwise process different kinds of personal data about you, including:

  • Identity data (including your name and age).
  • Contact data (including your address, phone number, email).
  • Special category data (including details you choose to disclose about your health, sex life, religion etc.).
  • Transaction/financial data (including payment details).
3. How Your Data Is Collected

I may collect your personal data through:

  • Correspondence (you may give me data when you correspond with me by phone, email, text, via the website or otherwise).
  • Sessions (you may disclose data during your consultation and Rtt sessions with me).
  • Other healthcare professionals (with your consent, I may receive information about you from other healthcare providers).
  • Other trusted individuals (in the case of a young person, a parent, teacher or other trusted individual may provide me with information about you).
4. How I Use Your Personal Data
All personal data is stored securely (see below) and is used only for the purposes for which you provide it. I will use your personal data to:
  • Register you as a client.
  • Provide my professional services to you.
  • Manage our client/therapist relationship, including sending you follow up information and processing your payment.
The GDPR provides there must be a legal basis for the processing of personal data and I rely on the following legal bases as appropriate:
  • Performance of the contract for my professional services. (This includes data processed when you are considering entering into such a contract.)
  • The provision of health treatment.
  • Legitimate interest (including retaining records for insurance purposes).
  • Compliance with a legal obligation.
5. Confidentiality And Data Sharing

Rest assured that everything you discuss with me is confidential and will remain completely private, unless you agree otherwise or in the circumstances below. If there is a need to share your information with others, for example with other healthcare professionals, I will always aim to speak to you about this first. In rare circumstances, such as where there is a risk of serious harm, safeguarding issues or a court order, I may be ethically obliged or legally required to disclose information to relevant authorities or other healthcare professionals without discussing or agreeing this with you in advance.

As part of providing a great service, I may from time to time discuss cases with colleagues for the purposes of supervision and continuing professional development. I do this on an entirely anonymous basis, keeping your name and identity hidden.

Some of your personal data may be shared with third parties where I use a supplier to carry out specific tasks, for example scheduling meetings or collecting your intake information. In these cases I have satisfied myself that the suppliers have appropriate personal data policies that will protect your information and that they only use your data for the contracted task.

I will never sell or share your personal data for marketing purposes.

6. Data Security And Retention
I am committed to keeping your data safe and secure. The measures I have put in place to protect your personal data include:
  • Notes taken during the sessions and other paper records are kept in a locked filing cabinet.
  • Digital records are stored with a cloud provider with robust digital security measures.
  • Electronic devices used to access and store personal data are password protected.
After the end of your contract for my professional services, I will retain your data for 7 years in line with my insurer’s requirements, and will then securely destroy all of your records. If you want me to delete your records before then, please let me know
7. Your Legal Rights

You have rights under data protection laws in relation to your personal data. These rights include:

  • Asking for a copy of any of your personal data I hold. I will generally provide this to you as soon as possible and within 30 days of receiving such a request.
  • Asking that I correct any factual inaccuracies in your personal data.
  • Asking that I delete your personal data. I will erase your personal data on request other than where there is a legal requirement or legitimate interest to retain it (e.g. keeping billing information for tax purposes).

You can read more about your data protection rights at https://ico.org.uk/your-data-matters.

If you wish to exercise any of your rights, please contact me at sarah@clearskies-hypnotherapy.com. If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me. If you want to make a formal complaint about data protection issues, you can contact the Information Commissioner’s Office (the UK’s supervisory authority on data protection issues) at https://ico.org.uk/make-a-complaint.