Statement of Intent
This policy outlines the procedures for collecting, storing and processing personal data at Issy Martin Hypnotherapy in order to comply with the Data Protection Act (DPA) 2018. Personal data is that which relates to a living individual who is identifiable from the data.
As per the DPA, this policy ensures that any data you provide is: used fairly and lawfully, used in a way that is adequate, relevant and limited to what is necessary; accurate and kept up to date; kept for no longer than is necessary; processed and stored securely; and used only for the purpose for which it was specifically provided.
This policy will be updated from time to time in line with prevailing legislation. The person responsible for GDPR and DPA compliance at Issy Martin Hypnotherapy is Issy Martin. Contact details: firstname.lastname@example.org.
When you contact Issy Martin Hypnotherapy via website, phone or email, I will ask for:
Your name, email address, and telephone number. I use this information in order to contact you about appointments, and to provide materials for therapeutic use in between sessions.
During your Initial Consultation I will ask for:
Your name, address, telephone and email contact details so that I may contact you during the time we are working together. I will also ask questions about your occupation/education, health, pastimes and what you wish to achieve with the help of Solution Focused Hypnotherapy. These questions help me to get to know you better and tailor the therapy accordingly.
How is your information held securely:
Client names and contact details are stored on an encrypted laptop belonging to Issy Martin, in password protected storage. Client notes are stored using an anonymised code system and stored separately to client names and contact details, in password protected storage on an encrypted laptop belonging to Isobel Martin. These clinical notes are used for my own clinical supervision, in order to comply with the National Council for Hypnotherapy, and Association for Solution Focused Hypnotherapy Codes of Conduct.
I will only share your personal information in the following circumstances:
- If during the course of therapy I become aware that there is a safeguarding risk to you or another person I will contact the relevant professional body.
- Where you request me to do so (i.e. references or supervisory reports).
- Where I need to comply with a legal requirement to do so (i.e. a court order).
- My supervisor will be named on all of my client related paperwork should I become indisposed and will contact you and then destroy the files accordingly.
Under the General Data Protection Regulations (GDPR) which are effective from 25th May 2018 you have the following rights:
The GDPR includes the following rights for individuals:
- the right to be informed (through access to this policy).
- the right of access (if you wish to see your file then please make a request in writing to email@example.com. I will provide you with the information within 30 days of your request).
- the right to rectification (this is your right to request changes to any information we hold that is factually inaccurate. If you believe any of the information I hold about you is incorrect then please let me know as soon as possible and I will make the appropriate changes.)
- the right to erasure (given the nature of the service provided, I am required to hold client details for a period of 7 years, after this your information will be securely destroyed.)
- the right to restrict processing (I will only use the information for the purposes that we have stated: most standards of confidentiality applied in professional contexts are based upon the Common Law concept of confidentiality where the duty to keep confidence is measured against the concept of “greater good”)
- the right to data portability: I will not share your information, other than in the situations described above, without your specific consent.
- the right to object (I will not contact you for marketing purposes unless you have given us specific agreement to do so).
- the right not to be subject to automated decision-making including profiling (I will not use your information for profiling purposes).
Please refer to https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ for further guidance on your personal data rights.