GDPR

General Data Protection Regulations, 2018 (GDPR) and how it affects you.

I work in within GDPR guidelines to ensure that your personal, sometimes sensitive, confidential data is held privately and securely, being processed in the way that you have agreed to. It exists to protect your rights as a consumer involving your identifiable data, e.g. your name and telephone number and any reason you might have for visiting me. It also covers any session records, text messages, or emails between us.

Under the General Data Protection Regulations you have the following rights:

  • The right to be informed (which is why  I have produced this policy)
  • The right of access (if you wish to see your file then please make a request in writing to Mary Bannister. I will provide you with the information within 30 days of your request).
  • The right to rectification (this is your right to request changes to any information I hold that is factually inaccurate. If you believe any of the information I hold about you is incorrect then please let me know as soon as possible and I will make the appropriate changes.
  • The right to erasure (given the nature of our work I am required to hold the details for a period of seven years, after this your information will be securely destroyed).
  • The right to restrict processing (I will only use the information for the purposes that I have stated: most standards of confidentiality applied in professional contexts are based upon the Common Law concept of confidentiality where the duty to keep confidence is measured against the concept of “greater good”. If in the therapist’s opinion there is good cause to believe that not to disclose would cause danger or serious harm to self, the therapist or others, your GP or other appropriate agencies may be contacted. Only information required to ensure safety of relevant parties would be disclosed. Information may have to be disclosed without consent for the prevention, detection, or prosecution of a crime. The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentiality.
  • The right to data portability: I will not share your information, other than in the situations described above, without your specific consent.
  • The right to object (I will not contact you for marketing purposes unless you have given me specific agreement to do so).
  • The right not to be subject to automated decision-making including profiling (I will not use your information for profiling purposes).

What information do I collect?

I collect information when you complete the contact page and when you email, text and contact me directly on social media. I collect the following personal details:

  • name/address
  • date of birth
  • relationships and occupation
  • contact details: telephone, email address
  • medical conditions relevant to the sessions
  • prescribed medication
  • details of your GP for me to contact in case of an emergency or in the situation where I feel you may harm yourself or others
  • any other information you felt was relevant to share
  • a summary of why you are seeking help
  • brief session notes
  • visitor behaviour information when you have contacted me through the website – www.marybannisterhypnotherapy.co.uk

Why do I need a record of this information?

For the purpose of giving you the highest quality of support. This allows me to refer back to the content and discussions of previous sessions. Your contact details/address and GP details will only be used with your explicit consent.

I use the information from the website to identify visitor information behaviour and trends.

How do you know that your information will be held securely?

  • paper: session notes/consent form/GDPR agreement are all stored in locked cabinets
  • electronic data: emails, contact form, texts, SMS messages, consent form, GDPR document – computer is password protected, emails require a username and password, smart phone is fingerprint recognition or password protected

How long will I hold your information for?

Given the nature of our work, I am required to hold your details and session notes for a period of seven years, after this, your information will be securely destroyed.

Do our discussions during sessions remain confidential?

Everything we discuss during our sessions remains strictly confidential. I undertake peer Supervision as a form of good, professional practice. This process allows me to voice any concerns I may have, in a safe and confidential environment. In order to protect all your privacy, I will refer to you by a pseudonym and I may refer to your information verbally when it’s helpful to the professional process. My Supervisor also adheres to the GDPR.

If your health is in jeopardy or I feel you may harm yourself, I may share your contact information with an emergency healthcare service (GP or mental health crisis team). If I become aware if your intent to cause harm to another person/organisation, the law may require that I inform an authority and that may include sharing your contact information.

What if I see you away from a hypnotherapy session?

I am obligated by GDPR to protect your confidentiality, so for this reason, although I will acknowledge you, it would be better to avoid any further conversation. However, if you wish to discuss your therapy with other people, you are welcome to do so.

Will I discuss your details with other Health and Social Care Professionals?

I am only able to contact other health and social care professionals with your written consent. Should I write to your GP, to notify them that you have come to see me for therapy, and again at the end of the therapeutic relationship, I would require your signature in line with GDPR requirements. The only exceptions to this would be if I believed you were about to harm yourself or another when I would be required to inform the relevant authorities as part of my ‘Duty of Care’. However, I would always aim to discuss this with you before taking any action. Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.

Data Protection Complaints

If you have concerns about how your personal information has been collected, stored, shared or used, you have the right to make a data protection complaint.

Complaints may relate to matters including:

  • access to your records or notes
  • correction or deletion of personal information
  • confidentiality or security of your data
  • how your information has been shared
  • retention of therapy records
  • any other concern regarding the handling of your personal data

You may raise a complain by contacting me at:

Mary Bannister Hypnotherapy

Email: mary@marybannisterhypnotherapy.co.uk

Telephone: 07770 885925

Postal address: Wellcroft Cottage, Wellcroft, Ivinghoe, Buckinghamshire, LU7 9EF

I will:

  • acknowledge receipt of your complaint within 30 days
  • investigate your concerns appropriately and without undue delay
  • keep you informed where further time is needed
  • provide you with an outcome once the investigation is complete

I maintain records of data protection complaints in accordance with my legal and professional obligations.

If you remain dissatisfied after our response, you have the right to complain to the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO)

ICO Registration Number: ZB734881