At Suzanne Gardner-Cuthbert Hypnotherapy we take your privacy and data very seriously and adhere to the GDPR rules of compliance.
What is GDPR?
The General Data Protection Regulation act came into effect on 25th May 2018. It replaces the EU Data Protection Directive 95/46/EC and in the UK the Data Protection Act 1998. GDPR brings the same Data Privacy Rules for all EU Member states. By law, all businesses and organisations that process data must comply to the GDPR rules.
At the first point of contact with Suzanne Gardner-Cuthbert Hypnotherapy, we collect and process data via our website online form, by email and text. We usr the data so that we can reply and contact you about the service that we provide. Our legal basis for processing this information is legitimate interest.
We comply with the regulation by keeping personal data up-to-date, by storing and destroying it securely, by not collecting or retraining excessive amounts of data, by protecting personal data from loss, misue, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
What Information We May Collect
We may collect the following data
- Contact telephone numbers
- Email address
- Emergency 3rd party name and contact number
- GP Name
- GP Surgery address
- GP Surgery Contact Number
- Midwife Name (Where applicable)
- Midwife Surgery Address (Where applicible)
- Midwife Surgery Contact Number (Where appliciable)
- Lifestyle details
- Job title
- List of current medications
- Medical history
- Details of issue
- Information regarding past treatments tried for current issue
- IP Address
Due to offering a therapy/coaching service we will process some identifiable personal data, which is identifiable personal data, which is caterogised as Special Caterogy Data under the GDPR
Special Caterogy Data includes
- Political Opinions
- Religious or
- Trade Union Membership
- Genetic Data
- Biometric Data
- Health Data
- Data Concerning a Persons Sex Life
- Data concerning a Persons Sexual Orientation
What We Do with The Information That You Provide
To deliver the services that the client has requested
To contact those clients, as neccessary in accordance with the services they have requested
To contact clients via surveys to acertain their opinions on the service they received from us
To main our own accounts and records
In the event that our recorded data is utilised for our own supervision, all such data will be sufficiently anonymised, to the extent that indvidual clients cant be identified
Store your information on file for at least 7 years in line with insurance requirements
What Is the Legal Basis for processing Client (service user) Data?
Our legal grounds for processing client (service user) data is consent. Our legal basis for storing client (service user) data after the sessions have ended is legitimate interest.
Will My Data Be Shared with Any Third Parties?
We use third party services providers to enable us to operate our business. Each of these service providers have been checked to ensure that they adhere to the GPDR . The only personal data that is processed, is the data that is required to ensure that the business activity can be performed. For example, a merchant provider is required to allow us to invoice our services and collect monies.
Client data will remain confidential expect in the following situations:-
If there was a concern for the safety of the therapist, or that of the client, the client's family members or other members of the public. If any legal action or legal requirement that requires me to share information. Or if a complaint is made to my Professional Membership Organisation or a claim being investigated by my insurers. Only relevant data would be shared. We will not ask your permission to share this data. The legal grounds that we process this information is legitimate Interests.
At all other times, indvidual client data will never be passed to a third party without the consent of the respective client.
How Long Will My Data Be Stored?
In accordance with my need to maintain the possibility of access to client data, as a result of returning clients
The data that you provide us will be stored manually for at least 7 years in line with insurance requirements. Clients under the age of 18, data will be returned until their 25th birthday.
Financial paperwork will be stored for 7 years in line with the HMRC regulations.
Website messages stored on the websites, will be deleted within 30 days or sooner.
Text messages are deleted at the end of the communication with the client.
Website comments made on our blog will stay on the website blog page or until the blog article is no longer relevant for the website and the page is deleted.
Our website has SSL (Secure Socket Layer) encryption. SSL protection ensures that information exchanges can not be intercepted. Our website is also password protected. Confidential emails are encrypted.
Paper files are stored in a locked cabinet.
Client material is removed from the computer system at the end of the contracted work and is stored in a locked file.
The Computer system is protected with virus protection and virus checks are performed on a weekly basis.
Messages received from you via the website form are automatically deleted after the 30 days or sooner.
Text messages are protected by a phone screen code.
We ensure that the service providers that we use are compliant with the GDPR. If our service provider is outside the EEA and is US based, we ensure that the EU-US privacy shield is being adhered to.
What Rights Does A Subject Data Have?
Right to be informed
You have the right to be informed. This notice briefly explains what the GPDR is and informs you who the data controller is at Suzanne Gardner-Cuthbert Hypnotherapy. We have informed you, what personal information we hold about you and how we use your personal data. How we store your data and how we secure your data.
Rights of Access
You can request assess to the data that we hold. Please contact Suzanne Gardner-Cuthbert by emailing [email protected] We will respond to your request within one month.
Right to Rectification
You have the right to have any inaccurate personal data rectified. In cases where personal data is incomplete, you have the right for this data to be completed. You can request your data to be rectified either verbally or in writing.
Right to Erasure
You have the right to have personal data erased in certain circumstances. This is where it is no longer necessary for Suzanne Gardner-Cuthbert to retain the data.
You have the right to withdraw your consent to the processing of data at any time.
Right to Restrict Processing
You have the right to request the restriction or suppression of your personal data in certain circumstances. If your data is restricted, Suzanne Gardner-Cuthbert Hypnotherapy, still has the right to store your data.
Right to Data Portability
You have the right to ask for the data you have provided to be transferred back to you or transferred to another data controller. Where appliciable. This only applies where the processing is based on consent, or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.
Right to Object
You have the right to object to the uses of your personal data in certain circumstances. This only applies where processing is based on legitimate interests( or the performance of a task in the public interest, direct maketing and processing purposes of scientific/historical reasearch and statistics.
Right Related to Automated Decision Making including Profiling
You have a right to object to Automated Decision Making. Suzanne Gardner-Cuthbert Hypnotherapy does not use any automated decision- making systems.
In the Event of a Data Breach
We are required to report any breach of data to the ICO within 72 hours.
How Can A Data Subject Raise A Complaint?
You have the right to make a complaint to the ICO (Information Commissioners Office) https://ico.org.uk/make-a-complaint/
This privacy notice will be updated periodically. It is recommended that you check the website www.suzannegardnercuthbert.com for updates.
If you have any questions about this privacy notice, please email Suzanne at the email address at the top of the page.
Updated on the 15th March 2021
Updated 28th April 2021