Privacy Policy

---

GDPR (General Data Protection Regulations)

PRIVACY NOTICE

I conform to the GDPR & this document explains how we do so.

• How does GDPR affect me and how is my data stored?

In May 2018, the Data Protection Act was replaced by the GDPR and the aim of GDPR is to ensure that your personal, confidential and sometimes sensitive data is help privately and securely.  It exists to protect your rights as a consumer involving your identifiable data such as your name, address and any reason why you might visit me.  This would also include any text messages, emails and any session records.

• How long will you hold my information for?

As a member of NCH & AfSFH; I must hold your data for 8 years after your final session. The exception to this rule applies to children, for whom I must hold their data until their 25th birthday.
All records would be deleted in the January after the above retention scales.  This is in-line with NHS regulations for holding data.

• Can I ask for my information to be deleted before this date?

GDPR allows you to request the deletion of any of your records by making a request in writing to me.  Should you request this; then all your paper records would be shredded.  Any electronic data such as forms filled online, emails or text messages would be permanently deleted from the devices they are stored on.

Please note that I would have to save the deletion request you made, but would not save any other data.  Exceptions occur where there is a legitimate legal reason for maintaining your information; for example: for accounting purposes.

• Can I ask to see my data and if so, how quickly can I look at it?

Under the GDPR guidelines ; you are now able to request to see any information that is held about you.  You will receive them within 30 days of asking.  You can even ask for a copy of any personal information held by me if you wish.  It is possible however; that my insurance company's legal team may want to verify information I send out.

• What are the reasons for collecting this information?

In-order to give you the highest of support that I can, I collect information about:- what you want to achieve by coming for hypnotherapy, your medical information and some other information that might be relevant to you, alongside brief session notes.  This information allows me to refer to information about previous discussions and the content of earlier sessions. Your contact details/ address and GP's details will only be used with your consent. 

• How do I know that you will store my information securely?

- Paper session notes: These are stored in a locked filing cabinet behind a locked cupboard

-  Electronic session notes: These are secured in a tablet  with finger print recognition, passcode and password protected on One Drive

-Text messages: My phone is secured with a passcode and finger print recognition

-Emails: These are secured using user username and a password and extra two-step security authorisation

-Booking information: These are also secured on the tablet using the google calendar using a passcode and finger print recognition. If any other booking system used then it would be ensured that third party is also GDPR compliant.

• Are our discussions within the hypnotherapy sessions confidential?

Everything that is discussed in the hypnotherapy sessions is strictly confidential between you and me.  

On a particular occasion such as on supervision session; I may choose to discuss elements of our sessions with my supervisor to ensure I am doing my job effectively.  During these discussions I will not disclose any identifying details about you to my supervisor.  My supervisor also adheres to the GDPR.

• What if I see you outside of the hypnotherapy session?

I am obliged by the GDPR to protect your confidentiality, so for this reason, although I will acknowledge you, it would be better to avoid any further conversations.  However, if you wish to discuss your therapy with other people, you are welcome to do so.  Having said this, we may have a relationship that has already been established outside of our sessions.  In such cases, the usual contact may continue.  Any other further contact, the content of which does not relate directly to your sessions, can only arise at your request, so as to avoid any invasion of your privacy.

• Will you discuss me with other Health & Social Care Professionals?

I am only able to contact health and social care professionals with your written consent.  Should I write to your GP, to notify that you have come to see me for treatment and again at the end of the therapeutic relationship, I would require your signature in-line with GDPR requirements.

The only execptions to this would be if I believed that you were about to harm yourself or another; then I would be required to inform the relevant authorities as part of my 'Duty of Care'.  However, I would always aim to discuss this with you before taking any action.  Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.

• Who is the Data Controller?

I am the data controller. 

ICO Registration No: ZB636588

• Contacting me

You have the right to be informed about how your personal information is used.  This is the reason for this privacy policy.  In-order to exercise your rights under data protection law, where there is any doubt; we will need to verify your identity for your security, in order to communucate with you about your personal information.  You can contact me by emailing on:

sayyedaaroojbukhari@gmail.com