Under the General Data Protection Regulation (GDPR), to comply with the Data Protection Act of 2018, and in our role my role as a hypnotherapist and counsellor, I am deemed to be a data controller, which means I process information including your name and contact details. I also keep session notes – themes and dates of your sessions. These are anonymised and kept separately from your contact details.
This data is stored in encrypted files and will be destroyed after five years in accordance with guidelines from the United Kingdom Hypnotherapy and Counselling Society, with whom I am registered. Your contact details will be accessed by myclinical supervisor, only in the event of my sudden illness, accident, or death, and so that you may be informed of such an eventuality. Any other access to this data would only be granted if obliged to by law. I will not forward to any other third parties, unless for onward referral or continuity of care, which would be discussed with you at the time.
The purpose of holding this data is to provide a professional service, and associated administration.
The basis on which I process your data is consent. You have certain rights in relation to this data including: the right to withdraw consent; the right to access; the right to erasure of data; and the right to ensure that the personal data we hold is accurate and up to date. You can find a full list of your rights at www.ico.org.uk under Your data matters/ Your rights.