Privacy Policy for Elizabeth Lawrence Hypnotherapy
The summary
Elizabeth Lawrence Hypnotherapy conforms with requirements of data protection (GDPR).
Elizabeth Lawrence Hypnotherapy offers a confidential service and information stored about you and your sessions is kept in a safe, locked place. You may see the information held if you wish.
Written records are held for eight years, in relation to my insurance and professional bodies.
I do not pass your details on to a third party unless there are concerns about your own safety or that of another person.
I may discuss your case anonymously with my supervisor.
The detail
The purpose of this document is to ensure that Elizabeth Lawrence Hypnotherapy has a framework that ensures the rights and freedoms of individuals in relation to their personal data and adheres to best practice in the management of client information and business records.
The information below sets out how I collect, use and protect any personal data that you give to me.
I may update this privacy policy at any time to reflect changes in law or growth of the business.
I am a sole trader and data controller of the information I hold and process about individuals who have expressed an interest in my hypnotherapy service.
Information Governance Framework Principles for Elizabeth Lawrence Hypnotherapy
Any changes to the business processes and/or operations will be planned and will comply with the framework to ensure any risks to personal and sensitive information are minimised.
Any data collected is solely for the purpose of providing a person-centred service to an individual client.
All records are identifiable, retrievable, and intelligible according to regulations set out by GDPR.
Any electronic devices where personal or sensitive, confidential information is held will be password protected.
Use of information
On some occasions anonymised personal data will be retained whereby a client has provided a testimonial for use on Elizabeth Lawrence Hypnotherapy’s website or social media. When data is non-identifiable GDPR law is no longer applicable.
Personal information is collated and stored in a locked filing cabinet behind a locked door. Personal information is kept to provide and plan appropriate hypnotherapy sessions.
Under the General Data Protection and Retention (2018) legislation regarding how your personal data is processed, all individuals have the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to subject to automated decision-making including profiling.
If any information held is noted to be incorrect an individual can request a correction be made to their own personal information. If you wish for your data to be provided to another service provider, you may also request this in writing.
Website visitors
When an individual visits www.elizabethlawrencehypnotherapy.com I use Google analytics (who are considered a third party service) to collect information about what visitors look at when they click on my website. Google analytics only collects non-identifiable data which means the person visiting can not be identified.
Squarespace is the third party service that hosts www.elizabethlawrencehypnotherapy.com This also uses anonymised data to collect visitor information.
Hootsuite manages Elizabeth Lawrence Hypnotherapy’s social media interactions.
I use Mailchimp to send newsletters and group Zoom links to people who have requested this. Mailchimp stores the names and email addresses of people who receive my newsletters and group Zoom links. People are free to unsubscribe at any time. From time to time I may also send surveys through Mailchimp or SoGo Survey to elicit client feedback on my group sessions.
Retention of client data
Emails are reviewed annually. Emails (both from and to) clients who are no longer receiving services from Elizabeth Lawrence Hypnotherapy are then deleted.
Contact details may be stored on mobile devices. All details are to be deleted when a mobile device is changed.
Client records are kept for eight years in accordance with CNHC regulation. In the case of a child, records are held until their 25th birthday.
Hard copies of information will be destroyed with a shredding machine. Electronic data will be permanently deleted.
Zoom
When client sessions are held over Zoom (which is the online meeting software recommended by my insurance) I ensure I am in a private room. I also maintain the appropriate security on my computer.
Client rights
Clients have the rights under General Data Protection Regulations to request a copy of the information I hold, to update any personal information, to request personal data is deleted, to restrict the way your personal data is processed and to ask me to transfer your personal data to a third person. The client has a right to request a copy of their personal information through a Subject Access Request.
Other points to note
Hypnotherapy is a complementary service. I am not medically trained and you should seek your GP’s advice if you are concerned about your health.
Hypnotherapy is not an alternative to medical advice.
There are no guarantees of success but clients who are most successful tend to consider what has been talked about in sessions and use the relaxation track on a regular basis.
Payment is usually by bank transfer before the session. This is required at least 24 hours in advance of your session. If you cancel the session within 24 hours costs will not be refunded.
Thank you very much to Two for Joy Photography who took and styled my photographs. I highly recommend their friendly and professional services. www.twoforjoyphotography.co.uk