Privacy Policy
General Data protection & Privacy Policy
How will my data be processed and stored?
In May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). Deborah Langstaff (DL) is GDPR registered. The changes to the Data Protection Act are aimed at ensuring your personal, confidential, and sometime sensitive data is held privately and securely.
This means that any data you give to DL must be processed in a way you agree with. GDPR exists to protect your rights as a consumer. It applies to your identifiable data e.g. your name and address and any reason you might have for visiting DL. It also covers any session records, text messages or emails between DL and yourself.
How long will you hold my information for?
DL is a member of the Association for Solution Focused Hypnotherapists (AfSFH). As such they are bound by their regulations for the length of time they must hold onto your information.
The AfSFH insists that DL must retain your data for 8 years after your final session. However, the rule for children is different and the AfSFH stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old. DL must then keep their records until they reach their 26th birthday. Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.
What if I would like my data to be destroyed before this date?
Under the GDPR rules you can request the deletion of any of your records at any time. Simply write to DL requesting that you records are destroyed and once she has confirmed your identity she will do so. There is no charge for this service. DL will then ensure that all your paper records are shredded with a cross shredding machine. Any electronic data held by DL such as emails or texts will be permanently deleted form the devices they are stored on. N.B. DL may need to save the written deletion request you sent them if her insurance company insists on it but would destroy any other data.
Am I able to get or see a copy of the information held by you?
In line with GDPR if you send DL a request in writing, specifying the data you wish to see, she will supply you with a copy of your data within 30 days. DL will need to confirm your identity before sending you the information. There will be no charge for this service. N.B. DL’s insurance company’s legal team may wish to verify any information DL sends out.
What are your reasons for collecting this information?
- DL is keen to offer the highest quality support to her clients, and to do so she will need to collect the following information:
- An idea of what you would like to achieve by coming for hypnotherapy
- A brief medical history
- Some brief session notes
- GP contact details
- Some basic information about your meaningful others
This information allows DL to provide continuity within sessions to help you towards your goal. This information will also allow her to refer to the content or earlier sessions and previous discussions. She will only use your contact details/address and GP’s details with your explicit consent. See client agreement and initial consultation.
How do I know that my information will be stored safely?
- Paper session notes – stored in a locked filing cabinet in a locked office
- Text messages – mobile phone is secured by a thumb print password
- Emails – password protected access and secure VPN
Are discussions within the hypnotherapy sessions confidential?
Everything you discuss with DL during your sessions remains strictly confidential. Occasionally it may be necessary for DL to discuss elements of your sessions with their supervisor to ensure that they are helping you in the most effective way. However, no identifying features about you will be disclosed during these discussions. DL’s supervisor is also registered with the Information Commissioner’s Office (ICO) and abides by GDPR requirements.
What if I see DL outside of a hypnotherapy session?
DL is obliged by GDPR to always protect your confidentiality. So for this reason, although she may acknowledge you, it would be better if any further conversation could be avoided. However, if you wish to discuss your therapy with other people, that is your choice, and you are welcome to do so.
Will my information be discussed with any other health and social care professionals?
DL is only able to contact other health and social care professionals with your written consent. Should she write to your GP to notify them that you have entered a therapeutic relationship with her, or to notify them that your therapy has been successfully concluded, DL would require your agreement and signature in line with GDPR requirements. She does have a ‘duty of care’ to her clients so the only exception to this would be if she believed you were about to harm yourself or others.
Should this occur then DL would be obliged to inform the relevant authorities. However, she would always aim to discuss this with you before taking any action. Legally, DL would also have to provide the police with information as set out in a warrant or court order, should the situation arise.
Who is the data controller and what is their ICO registration number?
The data controller is:
Deborah Langstaff, Ferndale Manor, Bag Enderby, Spilsby, Lincolnshire PE23 4NP.
This policy was last updated on 21.1.24.
It may be updated at any time, so please check back regularly to ensure that you are aware of the latest version.
ICO Registration number: ZB520987