top of page
Privacy Policy
​

I have produced this privacy policy to set out how I will collect your data, how I will store it, and what I will do with it. This privacy policy applies to my website julieacotthypnotherapy.co.uk; whether you want information from me, support from me or to use my services. I will be the controller and responsible for your personal data.

​

If you have any questions about this privacy policy, please contact me using the details below: julieacotthypnotherapy@gmail.com.

​

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protections issues (ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact me in the first instance.

​

​

Changes to the privacy policy and your duty to inform me of changes

 

This privacy policy may change from time to time, so please check this page occasionally to see if I have included any updates or changes.

​

It is important that personal data I hold about you is accurate and current.

Please keep me informed if your personal data changes during your relationship with me.

​

​

The data I collect about you

​

I may collect, use, store and transfer different kinds of personal data about you which I have grouped together as follows:

​

Identity Data: name, title, date of birth, next of kin, significant others, GP name

 

Contact Data: billing address, email address, telephone numbers, GP address

 

Financial Data: bank account and payment card details

 

Session Data: Session notes that are made during the initial consultation and subsequent therapy sessions. Your address and doctor's details will only be used with your explicit consent.

​

​

Information which you give to me directly

​

This is information, which you give to me when you:

  • Make an enquiry by completing forms and corresponding with me by post, phone, email or otherwise. None of your personal information is stored on my website, other than to momentarily collect and send it to my email account for the purposes of our initial contact.

  • Give me feedback or contact me.

  • Request marketing to be sent to you.

  • Sign up to my newsletters and blog posts.

 

 

Information which you give to me indirectly

​

This is information, which I may obtain if you interact with me on my social media channels: Facebook, WhatsApp, Twitter and Instagram. This will depend on your own privacy settings on these individual channels, so make sure you check these first.

​

​

How I use your personal data

​

I will use your personal data to:

  • Provide you with information on the services you have requested or that I feel might be of interest to you.

  • Respond to direct requests where you contact me with a query - I will use your personal information to respond.

  • Carry out essential administrative tasks e.g. booking appointments, recording progress.

  • Transact: I will use your personal information to take payments from you when processing payments for services.

  • Keep you safe: in the event that I reasonably think you (or someone else) is at risk of serious harm or abuse.

 

​

Disclosures of your personal data

​

I will only use your personal information for the purposes for which it was obtained in the first place. I will not share it with any third parties, and you will not receive any communications from other organisations. However, where I am legally bound to disclose your personal information for example, to further criminal investigation, or as part of my ‘duty of care’ to keep you safe if I believe you (or someone else) is at risk of serious harm or abuse, I may share your data.

 

​

Data security

​

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.   

​

Storage of personal data

I hold data in both written and electronic form.

Written documents - are all stored in a locked cabinet in a locked room.

Text messages – my mobile phone is secured with a pin code. I do not store your full name, just your first name and the initial of your surname.

Emails – my email account is accessed via password protected user accounts on my laptop and mobile phone.

Electronic data – is held in spreadsheets, invoices, receipts or for the purposes of sending e-newsletters and is held on password protected laptops.

Online therapy – I use the industry standard online meeting software Zoom. It provides a secure environment for online sessions. I ensure that my anti-virus and firewall protection are up to date. I also ensure that I am using a private space during sessions. Access to my Zoom sessions is via a password.

 

 

Confidentiality

​

Our discussions during a session is strictly confidential. To comply with professional standards, I may discuss elements of our sessions with my supervisor. During these discussions I will not disclose any details that may identify you. You may share with other people information about the therapy you are receiving.

 

​

How long will you use my personal data for?

​

I am committed to not holding your personal data for longer than necessary in relation to the purpose for which it was first collected. I am regulated by the CNHC, an organisation that stipulates that I must hold onto your data for 8 years after your final session. Unless you are a child, in which case I must hold your data until your 25th birthday, unless you are 17 when treatment ends and then I must keep it until your 26th birthday. Therefore, all records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data.

​

​

Your legal rights

​

Under certain circumstances, you have rights under data protection laws in relation to your personal data to:

  • Request access to your personal data.

  • Request correction of your personal data.

  • Request erasure of your personal data.

  • Object to processing of your personal data.

  • Request restriction of processing your personal data.

  • Request transfer of your personal data.

  • Withdraw consent.

 

I would like to explain your right to erasure further:

You are entitled under certain circumstances to request the erasure of your personal data. In this instance any hard copy of your personal data will be shredded and any electronic data permanently deleted. I will notify you once it is completed. I will hold details of your request for deletion of your personal data and the confirmation of completion securely until eight years after the request was made.

 

If you would like to make a request relating to any of the rights above, please send a request by emailing: julieacotthypnotherapy@gmail.com.

 

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I could refuse to comply with your request in these circumstances.

 

 

What I may need from you

​

I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up our response.

​

Time limit to respond

I try to respond to all legitimate requests within one month. Occasionally it could take longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.

bottom of page