This document sets out the parameters within which Susan Hales Hypnotherapy & Coaching acquires, controls, stores, uses and disposes of any personal data, in line with General Data Protection Regulation (GDPR) requirements.
Susan Hales Hypnotherapy & Coaching takes your privacy very seriously and treats all your personal information as confidential. “Personal information” is information through which you can be directly or indirectly identified e.g. your name or email address. Susan Hales Hypnotherapy & Coaching strictly adheres to the requirements of the data protection legislation in the UK.
Susan Hales Hypnotherapy & Coaching does not sell, rent or exchange your personal information with any third party for commercial reasons, beyond the essential requirement for credit/debit card validation during payment of sessions. Susan Hales Hypnotherapy & Coaching follows strict security procedures in the storage and disclosure of information, which you have given us, to prevent unauthorised access in accordance with the UK data protection legislation.
WHAT IS GDPR?
“General Data Protection Regulation (GDPR) is, essentially, an upgraded version of the existing Data Protection Act legislation”
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual. The General Data Protection Regulation covers all companies that deal with data of EU citizens. GDPR came into effect across the EU on May 25, 2018 (Information Commissioner’s Office).
THE PERSONAL DATA INFORMATION SUSAN HALES HYPNOTHERAPY & COACHING HOLDS
As an organisation, due to the nature of the therapy services offered, Susan Hales Hypnotherapy & Coaching holds a moderate level of identifiable personal data including such data as is categorised under GDPR as ‘Special Category Data’.
Under GDPR, personal data is defined as “any information relating to an identified or identifiable natural person”. Special Category data is highlighted as sensitive and therefore needs more protection. Special Category data can include details of:
Trade union membership
Biometrics (where used for ID purposes)
It is viewed as sensitive as, in particular, this type of data could create more significant risks to a person’s fundamental rights and freedoms, for example by putting them at risk of unlawful discrimination.
THE PERSONAL DATA INFORMATION
Susan Hales Hypnotherapy & Coaching holds the following client information:
Name, address and contact details including email address and telephone number
Issues which the client is presenting/details of problems with which the client requires help
Personal history including family details
Medical history and medication record
Record of progress through therapy
Susan Hales Hypnotherapy & Coaching understands that client consent for treatment is not the same as GDPR consent. In the healthcare sector, client data is held under a duty of confidence. Susan Hales Hypnotherapy & Coaching operates on the basis of implied consent to use client data provided, for the purposes of direct therapy treatment, without breaching confidentiality.
WHO SUSAN HALES HYPNOTHERAPY & COACHING SHARES THIS INFORMATION WITH
In line with Susan Hales Hypnotherapy & Coaching ICO registration statement, Susan Hales Hypnotherapy & Coaching sometimes needs to share the personal information it processes with the individual and also with other organisations. Where this is necessary, Susan Hales Hypnotherapy & Coaching is required to comply with all aspects of the Data Protection Act (DPA).
The following is a description of the types of organisations Susan Hales Hypnotherapy & Coaching may need to share some of the personal information with, that is processes, for one or more reasons:
Family, associates and representatives of the person whose personal data Susan Hales Coaching holds (if dealing with children, for example)
Client’s GP or medical/healthcare consultant etc. (in circumstances where this may be appropriate for those health professionals to know)
Central government, police forces and security services (if applicable lawful request made)
THE LAWFUL BASIS FOR PROCESSING PERSONAL DATA
Susan Hales Hypnotherapy & Coaching holds personal data as described above, to enable it to:
Contact clients signing-up for a free consultation via www.susanhales.com
Provide information on hypnotherapy, offers, tips, products and more to clients signing-up to Be in the Know via www.susanhales.com
Conduct an assessment for clients who request help with treatment
Provide therapy sessions relevant to those clients
Track progress through therapy for clients
Assess therapy ‘end-point’ in conjunction with clients
The lawful basis for processing this data is defined under Article 9(2) of the GDPR:
Processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects.
Susan Hales Hypnotherapy & Coaching understands that whilst the holding of sensitive client data is lawful, and is held under a duty of confidence in terms of therapy/treatment, consent to process personal data electronically, or for marketing purposes, must be:
Susan Hales Hypnotherapy & Coaching understands that holding client data for treatment purposes and GDPR consent are not related. GDPR consent is not a pre-condition for therapy/treatment.
Susan Hales Hypnotherapy & Coaching understands the need for positive opt-in and that consent cannot be inferred from silence, pre-ticked boxes or inactivity. A quick, easy ‘unsubscribe’ link on our email marketing communications will always be provided. Susan Hales Hypnotherapy & Coaching has also expressly advised its entire marketing database that they can continue to hear from Susan Hales Hypnotherapy & Coaching by actively ‘opting-in’ to clarify that they agree with this.
DATA SECURITY AND RETENTION POLICY
Susan Hales Hypnotherapy & Coaching's IT system is backed up continuously. There is an active security policy in place to ensure that all data is backed up and held in a safe, confidential environment, including a secure, password protected, encrypted file. Susan Hales Hypnotherapy & Coaching's laptops have an activated encryption function in the event of theft/misuse.
Personal data is held for a minimum of 5 (five) years, and an average maximum of 8 (eight) years, in line with NHS and healthcare industry guidelines, after which time it will be destroyed.
Under GDPR, Susan Hales Hypnotherapy & Coaching acknowledges the following rights of the individual, in respect of any personal data that we hold:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
The right not to be subject to automated decision-making including profiling
SUBJECT ACCESS REQUESTS
As outlined in GDPR guidelines, Susan Hales Hypnotherapy & Coaching will respond to and comply with all subject access requests within one month.
If it is felt that the individual’s request is manifestly unfounded or excessive, Susan Hales Hypnotherapy & Coaching reserves the right to refuse or to make a charge.
If any requests are refused on the above grounds, Susan Hales Hypnotherapy & Coaching will tell the individual why and inform them that they have the right to complain to the supervisory authority and to a judicial remedy – this will be done within one month of the request.
COMMUNICATION OF PRIVACY INFORMATION
If you would like to discuss any aspect of this document, please contact:
Subject access requests should be submitted in writing to:
Susan Hales Hypnotherapy & Coaching
27 Matala Estate
This treatment is not intended to replace a consultation with your GP or other health care professional. The information provided by Susan Hales Hypnotherapy & Coaching should not be considered as medical advice. If you have any doubts or concerns about your health, you should seek advice from a medical doctor.
A well-motivated client is very likely to achieve realistic goals. However, it is unethical to guarantee a cure. The control of thoughts, beliefs, emotions and behaviors always reside within the client. No patient is “made” to do anything against their will using hypnosis.
Susan Hales Hypnotherapy & Coaching guarantees to apply her training, expertise and experience to your issues with the aim of achieving agreed goals in as reasonable time as possible. Estimates of the number of sessions required to treat a condition given at the enquiry stage or during the first consultation, are given on the basis of the information presented at that time.
Estimates are also made on the basis of treatment being given to previous patients with differing case histories. Hence each patient and the causes of their condition are unique. Estimates are only rough guidelines and are subject to change.
EXTRA 'RESULT ORIENTATED' Hypnotherapy sessions out-with the 'Hypnotherapy Block Of Sessions' as agreed upon are provided at no extra cost to the client up to and including a maximum of TWO extra hypnotherapy sessions. Any session requested beyond this number will be at the clients expense.
ONE presented issue will be treated per block of hypnotherapy sessions only. If you have more than one issue, then further blocks of sessions will be required.