At Suzanne Gardner-Cuthbert Hypnotherapy we take your privacy and data very seriously and adhere to the GDPR rules of compliance.
What is GDPR?
The General Data Protection Regulation act came into effect on 25th May 2018. It replaces the EU Data Protection Directive 95/46/EC and in the UK the Data Protection Act 1998. GDPR brings the same Data Privacy Rules for all EU Member states. By law, all businesses and organisations that process data must comply to the GDPR rules.
What Information We May Collect
We may collect the following data
- Contact telephone numbers
- Email address
- Emergency 3rd party contact number
- GP Name
- GP Surgery address
- Midwife Name
- Midwife Address
- Lifestyle details
- Job title
- List of current medications
- Medical history
- Details of issue
- Information regarding past treatments tried for current issue
- IP Address
What We Do with The Information That You Provide
- Record Keeping
- Refer you to another practitioner or organisation (If required)
- Obtain further information or treatment consent from GP
- Obtain further information from Midwife
- Store your information on file for 7 years in line with insurance requirements
What Is the Legal Basis for Collecting the Data
For Suzanne Gardner-Cuthbert Hypnotherapy to process specific data, your permission will be required in certain circumstances. The legal grounds for processing this data will be consent.
For Suzanne Gardner-Cuthbert Hypnotherapy to fore fill it’s contract with you (to hold treatment consultations or client training sessions) data will be collected under the legal basis of legitimate interest.
Will My Data Be Shared with Any Third Parties?
We use third party applications on our website such as social share buttons and social networking platforms.
We use third party services providers to enable us to operate our business. Each of these service providers have been checked to ensure that they adhere to GPDR law. The only personal data that is processed, is the data that is required to ensure that the business activity can be performed. For example, a merchant provider is required to allow us to invoice our services and collect monies.
Any confidential information that you share with me, will remain confidential except in the following circumstances listed below. However, only relevant information will be shared.
- In Court of Law proceedings, where I am legally required to share information.
- With the police or (Social Services – where welfare concerns are made about children), where information is given that raises concerns for the safety of members of the public, members of the client’s family, the client, and any behaviour that suggests a concern for the safety of the Therapist.
- With the Client’s GP or Emergency Services, if there are any concerns about client self-harm
Other times that I may have to share personal data are listed below. Only relevant data would be shared with the organisations if required.
- If a complaint is made to the General Hypnotherapy Standards Council.
- With my insurance company should any claims be made for investigation.
- In the event of a government inspection/investigation (Such as the HMRC)
Your data will not be shared for marketing purposes.
How Long Will My Data Be Stored?
The data that you provide us will be stored manually for 7 years in line with insurance requirements.
Financial paperwork will be stored for 7 years in line with the HMRC regulations.
Website messages stored on the websites, will be deleted within 30 days or sooner.
Text messages are deleted at the end of the communication with the client.
Website comments made on our blog will stay on the website blog page or until the blog article is no longer relevant for the website and the page is deleted.
Our website has SSL (Secure Socket Layer) encryption. SSL protection ensures that information exchanges can not be intercepted. Our website is also password protected. Confidential emails are encrypted.
Paper files are stored in a locked cabinet.
Client material is removed from the computer system at the end of the contracted work and is stored in a locked file.
The Computer system is protected with virus protection and virus checks are performed on a weekly basis.
Messages received from you via the website form are automatically deleted after the 30 days or sooner.
Text messages are protected by a phone screen code.
We ensure that the service providers that we use are compliant with the GDPR. If our service provider is outside the EEA and is US based, we ensure that the EU-US privacy shield is being adhered to.
What Rights Does A Subject Data Have?
Right to be informed
You have the right to be informed. This notice briefly explains what the GPDR is and informs you who the data controller is at Suzanne Gardner-Cuthbert Hypnotherapy. We have informed you, what personal information we hold about you and how we use your personal data. How we store your data and how we secure your data.
Rights of Access
You can request assess to the data that we hold. Please contact Suzanne Gardner-Cuthbert by emailing [email protected] We will respond to your request within one month.
Right to Rectification
You have the right to have any inaccurate personal data rectified. In cases where personal data is incomplete, you have the right for this data to be completed. You can request your data to be rectified either verbally or in writing.
Right to Erasure
You have the right to have personal data erased in certain circumstances.
Right to Restrict Processing
You have the right to request the restriction or suppression of your personal data in certain circumstances. If your data is restricted, Suzanne Gardner-Cuthbert Hypnotherapy, still has the right to store your data.
Right to Data Portability
You have the right to ask for the data you have provided to be transferred back to you or transferred to another data controller.
Right to Object
You have the right to object to the uses of your personal data in certain circumstances.
Right Related to Automated Decision Making including Profiling
You have a right to object to Automated Decision Making. Suzanne Gardner-Cuthbert Hypnotherapy does not use any automated decision- making systems.
In the Event of a Data Breach
We are required to report any breach of data to the ICO within 72 hours.
How Can A Data Subject Raise A Complaint?
You have the right to make a complaint to the ICO (Information Commissioners Office) https://ico.org.uk/make-a-complaint/
This privacy notice will be updated periodically. It is recommended that you check the website www.suzannegardnercuthbert.com for updates.
If you have any questions about this privacy notice, please email Suzanne at the email address at the top of the page.