Privacy Notice
Client General Data Protection Regulations (GDPR) for current and new clients
As from 25th May 2018, the Data Protection Act was replaced by the General Data Protection Regulations (GDPR). Joanne Vandekelf at Illuminated Minds Clinic is the data controller and GDPR registered. The GDPR is aimed at ensuring your personal, confidential and sometimes sensitive information is held privately and securely. I am required by law to inform you about how I process and keep safe the data I hold about you. This pertains to your identifiable data e.g. name, address and the reasons you may have for visiting Illuminated Minds Clinic. It also covers any session notes, text messages and emails that may be exchanged between you and me.
What data is held about me and what are the reasons?
Your privacy is important to me. I will collect and process certain data to enable me to work safely and professionally with you. The client data I collect may include:
- An understanding of what you would like to achieve by coming for Hypnotherapy
- Your contact details
- GP contact details
- Relevant medical information
- Session notes
- Basic information about your important others
- My emails to you, and yours to me
This information allows me to provide continuity within the sessions, in order to help you towards your goal. I will only use your GP contact details with your explicit consent.
How is my data stored?
- Paper based session notes – all paper based notes and paperwork is kept in a locked filing cabinet with a PIN access
- Emails – my email account requires a username and password
- Text messages – my work phone is secured with a PIN number
How long is my data stored for?
I am a member of the National Council for Hypnotherapy (NCH) and as such I am bound by a code of ethics and regulations regarding the length of time I must hold onto your information. The NCH requires me to hold your data for a period of 8 years following your final session. The ruling for children differs in that the NCH stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old, then I must hold their records until they reach their 26th birthday. Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.
Privacy Notice
Client General Data Protection Regulations (GDPR) for current and new clients (cont)
What if I would like my date to be destroyed before this date?
Under the General Data Protection Regulations, you are able to request the deletion of any of your data at any time. In order to start the process, put your request to have your records destroyed in writing to me. Once I have checked your identity, your records will be shredded using a cross shredding machine. Any electronic data will also be permanently deleted and you will be notified of the completion. Please note: the request for deletion of data and the confirmation will be held securely until 8 years after the request.
Am I able to see or obtain a copy of the information held by you?
In accordance with the General Data Protection Regulations, if you wish to see or obtain a copy of the information you wish to see, simply put your request in writing to me; stating the specific data you wish to see and I will supply you with a copy of the data within 30 days. I will need to confirm your identity before sending the information. Please note: there may be a small charge to cover printing costs. Also, I may be required to verify the information I send out with my insurance company’s legal team.
Are discussions within the Hypnotherapy sessions confidential?
Be assured that everything we discuss in the Hypnotherapy sessions is strictly confidential. On occasion, it may be necessary for me to discuss aspects of the sessions with my supervisor; this is to enable me to help you in the most effective way. During these discussions, I do not disclose any information with my supervisor that would identify you in any way. In line with GDPR, your confidentiality is protected at all times. In the event that I see you outside the Hypnotherapy sessions, I may acknowledge you however, it is preferable if any conversations could be avoided. It is of course, entirely your choice if you wish to discuss your therapy sessions with other people.
Will you share information about me with other Health and Care Professionals?
I am only able to contact other health and care professionals with your written consent. In the event that I write to your GP to notify them of your entering into a therapeutic relationship with me or, to notify them that the therapy has been concluded satisfactorily, I would require your signature in line with GDPR requirements. Please note the exception; as a therapy practitioner, I have a ‘Duty of Care’ towards the clients I work with. If I felt you were about to harm yourself or others, I would be required to inform the relevant authorities. I would endeavour to discuss this with you in the first instance before taking any action. With regards to legalities, I would also have to provide information to the police as set out in a warrant or court order, should the situation arise.