Dr Emma Rae Rhead Hypnotherapy
Hypnotherapy Chester | Hypnotherapy Wilmslow | Cheshire Hypnotherapist
Dr Emma Rae Rhead Hypnotherapy respects your privacy and we are committed to protecting it. The information that we ask for and you volunteer is that necessary for us to provide you with safe, effective services.
I, Dr Emma Rae Rhead, am the Data Controller and Processor of Dr Emma Rae Rhead Hypnotherapy.
The basis on which we keep client data is that of “Legitimate Interests”. This means that the data is necessary for us to fulfil the contract that we have together (i.e. to provide therapy /consulting services) and that it is data that you would reasonably expect us to hold and use.
2. Data we hold and data processing to provide you with a service
For those who enquire about services, the data we hold includes any information you have sent by email/text/message in person or by post.
For those who book and attend at least one session, the data we hold includes:
- Basic information such as name, email address, phone number
- Information that you give as part of the work we do together
- Records of the interventions used (or potentially do not use) in sessions
- Emails, texts and/or messages that are sent between us
- Information sent from any third party e.g. GP, insurance company, solicitor
Some of the information that you give may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone outside of Dr Emma Rae Rhead Hypnotherapy staff unless we are required to do so by law (see Confidentiality for requirements for disclosure). The data is primarily used to enable us to provide therapy services for you. It may also be used for scientific research and statistical purposes in anonymised forms.
With your consent, data may be shared with your GP or another health professional for your best care. For example, if I feel you may benefit from a professional colleagues expertise, I may suggest this to you, and seek your consent for basic data to be passed over in a referral process. This would only happen with your explicit consent.
If you book an appointment, you will receive automated text and email appointment reminders by default, and information will be emailed to you to enable you to attend your appointment as part of service-based messages that are required to provide you with a high quality therapeutic service.
3. Details of where data is held and how long
- Any emails sent between us are held either on our computer’s hard drive or exchange server, or if archived, in Dropbox which is secure cloud-based storage which is itself GDPR compliant. Or they are held on iPhone which is code protected.
- Any texts sent between us are held on iPhone or within my practice management system, which are password protected.
- Your name, email address and telephone number, other information you give to us, clinical notes, along with appointment times, are held in our secure Practice Management System ‘Timely’ which is securely password protected.
- Any handwritten notes are kept in a locked filing cabinet.
- Credit card information is not stored and deleted as soon as processed.
- If you use PayPal or online banking then these systems will hold your data. We will download from these systems for accounting purposes and the resulting spreadsheets are held in Dropbox. When sent to our accountants, they will be password protected.
Your data is kept for 8 years as stipulation of our insurer and professional bodies. After this time all records are permanently deleted.
4. How we protect your data
Dr Emma Rae Rhead Hypnotherapy takes the security of data seriously and as such:
- All data is held securely (see details of where data is held above)
- Any data transmitted is sent encrypted where possible.
- We do not sell or rent or share your data with any third parties.
- We will not share your data to any third parties for external marketing purposes.
5. What we cannot control
- We are not in control of data (including emails and texts) which you send me. It is your responsibility to be aware that by nature email, text, Skype or Messenger are not 100% secure or confidential.
- Apps such as Facebook routinely access any information held and this is beyond our control.
6. Website Cookies Policy
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers
7. What happens if there is a data breach?
If there is any breach of data security, Dr Emma Rae Rhead Hypnotherapy Chester will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
8. Your rights
Under the EU General Data Protection Regulation (GDPR) you have rights with regards to the data we hold. Your rights include:
- the right to access
- the right to rectification
- the right to erasure
- the right to restricted processing
- the right to data portability
- the right to withdraw consent
To access a copy of your data, restrict how it is used, or erase it, please contact us with your request. We will action this as soon as we can following a request (definitely within 30 days unless this is impossible due to holidays or illness). The first copy of data will be provided free of charge, but additional copies will be subject to a reasonable fee.
10. Contact information
Our website www.chesterhypnotherapy.co.uk is owned and operated by Dr Emma Rae Rhead Hypnotherapy.
Our data protection officer’s name and contact information is:
Dr Emma Rae Rhead
Telephone 01244 470181
Our mailing address is: Cherry Tree House, 86 Pine Grove, Chester CH2 3LE