Data Protection (GDPR) and Confidentiality
When we work together I collect personal information from you to help me provide safe and effective therapy. In handling this information, I am bound by two sets of rules, the General Data Protection Regulations (GDPR) and my professional body’s code of ethics. This page will explain how these affect the way I work.
If you have questions about any of this, please discuss them with me before booking a session, or at a session you have already booked.
Protecting your personal information
Protecting your personal information
- My company, MindPlan Hypnotherapy, is registered with the ICO – You can learn more about this on https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- As I am the only person who works for the company I am both the Data Controller and the Data Protection Officer. My contact details are; Angelo Soteriou, email [email protected], phone 07515 595 398
- If you are referred by someone else (e.g. an employer) I may get some information from them
- In most cases, the information about you that I collect comes from you, via an email, phone call, forms or during our face-to-face sessions. If you are under 18, I may get some information from your parents or school
I use your personal data in the following ways:
- To deliver therapy
- To allow me to collect payment from you, and maintain my records and accounts
- To contact you between therapy sessions if necessary
- To reply to you if you contact me with questions about my services
You have no legal requirement to share any information with me. But, if you do not do so I will not be able to work with you.
The categories of data/information I collect include:
- your name and contact details
- your medical history
- your family situation and support network
- the nature of your employment
- your hobbies and interests
- your lifestyle, and details of the problem you’d like me to help with
These details are necessary to provide you with safe and effective therapy.
Sharing Information:
I am the only person who has access to your information unless:
- I am working with you as part of a care team, or you have been referred to me by someone else (e.g. an employer), in which case pre-arranged levels of information will be shared with these relevant parties
- There is a legal requirement for me to share the information (e.g. a court order or warrant is issued)
- The Duty of Care Provision from my Code of Ethics applies – see the notes about this further down
- You ask me in writing to share your information with someone else
I keep the information you give me for seven years, which is the length of time required by my professional body and my insurance company.
After this time it is shredded and disposed of securely.
After this time it is shredded and disposed of securely.
You have rights over the information I hold about you. These are as follows:
- Portability – You can ask me to send your information to someone else
- Rectification – If you think my records are wrong you can ask me to change them
- Erasure – In some circumstances you can ask me to remove your details from my records (this is sometimes called ‘the right to be forgotten’)
- Fair profiling – You can ask that any processes I automate are done by a person instead of a computer. I do not automate any information processing
- Right of access – You can have a copy of the information I hold at any time by requesting it in writing. If you do this it will be provided within 30 days and free of charge. If there multiple requests, then a fee may be charged
- Restricting processing – In some circumstances you can request that I stop processing your information
- Objection – You can object to the way I process information (e.g. if it is used to send you direct marketing you don’t want to receive)
- Information – You have the right to understand how I collect and process your information (hence this privacy notice)
If you are under 18 I will need permission from a parent or guardian before working with you.
You can learn more about these rights on https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You can withdraw your permission for me to use your information at any time, this means ending your therapy.
You have a right to complain to the ICO if you have any problem with the way I store or use your data, or if you do not think your rights are being respected.
You have a right to complain to the ICO if you have any problem with the way I store or use your data, or if you do not think your rights are being respected.
Professional Bodies
I am advised to keep the information you give me private and confidential unless one of the following applies:
These exceptions to the confidentiality rule come under a provision called the ‘Duty of Care’.
My Code of Ethics also allows me to share anonymous case histories verbally or in hypnotherapy publications for the purposes of supervision or training. Anonymous means your personal details are removed and small details about your situation are changed so that you could never be recognised.
- There is a legal requirement for me to share information (as above)
- There is good cause to believe that if I do not disclose information you or others would be exposed to a serious risk of harm
These exceptions to the confidentiality rule come under a provision called the ‘Duty of Care’.
My Code of Ethics also allows me to share anonymous case histories verbally or in hypnotherapy publications for the purposes of supervision or training. Anonymous means your personal details are removed and small details about your situation are changed so that you could never be recognised.