I am a sole trader and data controller of the information I hold and process about individuals who have expressed an interest in my hypnotherapy service.
Enquire about and/or attend hypnotherapy sessions
Enquire about and/or attend my occasional courses, workshops and other events
Subscribe to my newsletters and blogs
The legal basis for processing your data is as follows: Contractual obligations in communicating therapy related information, e.g. booking appointments, recording progress Consent from individuals who participate in the CORP research programme, which tracks therapeutic progress Legitimate interest in communicating information about courses, workshops, events and relevant products Consent from individuals who have signed up to my newsletters in writing or online Legitimate interest for financial accounting purposes
I hold data in both written and electronic form.
Written data collected:
From individuals, if they enquire by telephone or text, in which case, I hand-write contact details and brief notes in order to make contact From clients during the Initial Consultation and subsequent therapy sessions Written data is stored securely in locked cabinets. Relevant data is transferred to electronic format for the purposes of recording attendance and book-keeping.
Electronic data is held in spreadsheets on password-protected laptops. Client data is anonymised.
For clients participating in the CORP research programme, I use the CORP specialist software to track client progress. Client data is anonymised before being stored in the CORP database. The anonymised CORP data is stored on my password-protected laptop and is periodically uploaded into a centralised ‘cloud’ of industry-wide data for research purposes.
Electronic data is also held within a proprietary Email Management System (e.g. Mail Chimp) for the purposes of sending newsletters, blog alerts and for notifying you of my events, products and opportunities that may be of interest. It is transferred to spreadsheets on password-protected laptops to provide a backup.
Electronic data within emails, text messages, voicemails, social media direct messages is held securely using leading service providers, such as Gmail, Facebook etc, and is accessed via password-protected user accounts, laptops and mobile phones.
Email Management System providers to help me communicate with you
Payment Gateways to process financial transactions
These providers have access to your personal information so that they can perform their functions on my behalf, but they may not use it for other purposes.
I am professionally obliged to report to relevant authorities if I have concerns that you may cause harm to yourself, to others, or to me.
To ensure best practice I may from time to time discuss your progress with a supervisor, in which case I would not divulge your identity.
With the above exceptions, I will never share your data with a third party without your express permission, unless legally required to do so. Times, when I might seek your consent to share your data, may include; making a referral to another therapist or medical practitioner
You have the following rights under the General Data Protection Regulations:
To request a copy of the information I hold about you
To update any of your personal information if it is inaccurate or out of date
To request that I delete the personal data I hold about you
To restrict the way in which I process your personal data
To request that I stop processing your data if you object to me doing so
To ask me to transfer your personal data to a third party
I will keep your personal data for no longer than necessary for the purposes of providing my service to you and to fulfil my obligations for financial and insurance record keeping.
If you have any questions about how I handle your personal data, you can contact me as follows:
Andrew Major Hypnotherapy
C/O Intergal Life Centre, 44 High Street, Bagshot, Surrey. GU19 5AZ