Privacy policy
Updated 22/1/2022
Contact Information: Emma Dean, Free From Within Hypnotherapy, emma@freefromwithin.me / 07584 287779
ICO reference number: ZB287316
Statement of Intent
We take your privacy very seriously and we ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.
This policy sets out how Free From Within Hypnotherapy uses and protects the information you provide when using my services and accessing this website. I intend to ensure any data you provide is kept secure, managed respectfully and only used for the purposes for which it has been provided.
This policy will be updated periodically in line with current legislation. When you contact me via my website, phone or email I may collect your: Name, Email, Address, Telephone Number. Any information you choose to supply regarding the purpose of your enquiry.
How is this information used?
I use this information in order to make contact with you to discuss your requirements. I may also use this information so that I may improve my services. If you choose to proceed with making an appointment to see me, I will send you a copy of this Privacy Policy so that you are aware in advance how I will use information provided in the course of our sessions together. I will ask you to tick a box if you wish to receive promotional/ further information about services I may offer in the future, or about well being in general. If you do not tick this box I will not contact you for these purposes. At your initial consultation I will ask you for your GP contact details and some basic health information: there are some conditions that are contra indicated for hypnotherapy and sometimes there are circumstance where it may be necessary to contact your GP before commencing therapy. I will inform you of this at our appointment should this appear appropriate. I will ask you for details of your next of kin: this is used very rarely and only in emergency situations You do not have to consent to the collection of information, however, if you choose not to provide it, I may not be able to work with you. In the course of our sessions: I will ask for your email address for the purposes of sending you a recording to listen to as part of the therapy. It may also be necessary to send emails to confirm or rearrange appointments. I will make a note of information you provide me in order that we can plan bespoke therapy sessions and identify/produce scripts which will be used in session and/or which can be sent to you to listen to between sessions. For the purposes of clarity, I do not receive or retain your bank details. Under the General Data Protection Regulations which are effective from May 2018 you have the following rights: the right to be informed (which is why we have produced this policy) the right of access: if you wish to see your file then please make a request in writing to Emma Dean, the Data Processor. I will provide you with the information within 30 days of your request.
The right to rectification: this is your right to request changes to any information I hold that is factually inaccurate. If you believe any of the information I hold on you is incorrect then please let me know as soon as possible and I will make the relevant changes. the right to erasure: given the nature of our work I am required to hold your details for a period of 7 years, after this your information will be securely destroyed. the right to restrict processing: I will only use the information for the purposes that I have stated above. I uphold the common law principles of confidentiality where the duty to keep confidence is measured against the concept of ‘greater good’. If in my opinion as a therapist there is good reason to believe not to disclose would cause danger or serious harm to self, the therapist or others then your GP or other appropriate agencies may be contacted. Only information required to ensure safety of relevant parties would be disclosed. Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime. The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentiality. the right to data portability: this right is more relevant to IT companies e.g. the sharing of information when moving from one utility provider to another. I will not share your information without your specific consent, other than in the situations described above. the right to object: I will not contact you for marketing purposes unless you have given me specific consent to do so. the right not to be subject to automated decision-making including profiling: I will not use your information for profiling purposes.
Cookies Policy: Cookies are small files which ask your permission to be placed on your computer's hard drive so that it can analyse web traffic to my website. Through this I can see which of my website's pages are being viewed. Most web browsers automatically accept cookies but you can modify your setting to decline them if you prefer. If you choose to do this you may find that you cannot make full use of my website.
Links to other websites: My website may contain links to other websites of interest. However, once you use these links please be aware that you have left my website and I do not have any control over other websites. I cannot be held responsible for the protection and privacy of any information which you provide when visiting such sites and these sites are not governed by my privacy policy. Please exercise caution and look at the privacy statement applicable to the website you are visiting.
Keeping your personal information secure: We have appropriate security measure in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those people processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We will use technical measures to safeguard your personal data, for example:
· we store your personal data on secure servers
· payment details are encrypted on the secure server any paper copies of data are stored in locked filing cabinets in a secure office
· Any emails are held either on our computer’s hard drive or if archived in Dropbox which is secure cloud based storage which is itself GDPR compliant.
· Credit card information is shredded as soon as processed. Standing order mandates are shredded and/or deleted as soon as payments start to come through.
· If you use Paypal, standing orders or online banking then clearly these systems will hold data. We will download from these systems for accounting purposes and the resulting spreadsheets are held in a secure file. When sent to our accountants, they will be password protected.
· Email addresses are held within our email processing software which is GDPR compliant.
If there is any breach of data security, we give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory body of a suspected data breach where we are legally required to do so.
While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Transfers of your personal information outside of the EEA
We will not transfer your personal data outside of the United Kingdom OR European Economic Area or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
How long do we keep your personal information?
We will usually hold your personal information as a customer or employee on our system for the period we are required to retain this information by applicable UK law, currently 7 years from the end of our contract or 6 months after any unsuccessful job application, unless you have told us you want us to delete the information earlier (see section “What rights do you have” below).
What rights do you have?
Under the General Data Protection Regulation you have a number of important rights. These include the following rights:
· request a copy of your information which we hold (subject access request);
· require us to correct any mistakes in your information which we hold;
· require the erasure of personal information concerning you in certain situations
· require us to stop contacting you for direct marketing purposes;
· object in certain other situations to our continued processing of your personal information;
· restrict our processing of your personal information in certain circumstances;
· object to decisions being taken by automated means which produce legal effects concerning you or which affect you significantly; and
· receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
Further information on each of these rights is available from the Information Commissioner’s Office. If you would like to exercise any of these rights, please:
· email, call or write to us (see contact details above)
· let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
· let us know the information to which your request relates, including any account or reference numbers, if you have them
We will not charge any fee for any of these services in most cases.