For my practice to provide you with the services you wish from me, we need to manage your data. We do this in line with the EU General Data Protection Regulation (“GDPR”) which came into effect on May 25, 2018
I will only process and retain the data that is necessary for me to provide you with therapy or coaching services. Your data will not be used for any other purpose.
What Data Do We Hold and How Do We Use it?
If you enquire about services, the data I hold includes information you have sent me by email/text/message in person or by post.
If you attend at least one session, in addition, the data I hold includes:
- Basic information such as name, email address, phone number
- Information that you give me as part of the work we do together
- Records of treatment/ interventions used in sessions and progress
- Emails, texts and/or messages that are sent between us
- Information sent from any third party, e.g. GP, insurance company, solicitor
Data is not shared with anyone without your explicit consent unless I am required to do so by law.
You will receive email communication about booked appointments, and email and text reminders.
You may also receive re-booking text reminders as part of providing an ‘easy to access’ service to you.
You may receive a confidential client feedback request by email, the results of which allow us to improve services.
You will not be directly added to my practice mailing list by default unless you explicitly sign up to do this. You will be able to unsubscribe at any time from the email itself or email me directly at firstname.lastname@example.org
How is data stored?
All your data is held securely, and password protected, either on my computer’s hard drive or exchange server, or secure cloud-based storage which is itself GDPR compliant.
Any texts sent between us are held on my cloud-based practice management system (password protected) or my iphone which is code protected.
Your name, email address and telephone number, along with appointment times are held in my Practice Management System ‘Timely’ who as a data processor are fully GDPR compliant. My practice management system is securely password protected.
Handwritten clinical notes are kept in a locked filing cabinet within locked premises.
If you use Paypal or online banking then clearly these systems will hold your data. I will download from these systems for accounting purposes and the resulting spreadsheets are held in Dropbox and QuickBooks. When sent to my accountants, they will be password protected.
Your data is kept for 8 years. This is the length of time stipulated by my insurer and professional bodies. After this time any paper records are shredded, and computer records permanently deleted.
Dr Emma Rae Rhead Hypnotherapy and Coaching takes the security of data very seriously and endeavours to protect your data securely as far as is always possible.
However, I am not in control of data (including emails and texts) which you send me and Apps such as Facebook routinely access any information held and this is beyond my control.
If there is any breach of data security, Dr Emma Rae Rhead Hypnotherapy and Coaching will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
You have rights with regards to the data held including:
- The Right of Access. I will provide you with all data I hold on you as soon as possible following a request for data within 30 working days (unless this is impossible due to holidays or illness). There may be a small administrative fee for this service.
- The Right to Rectification. If any data I hold is incorrect, let me know and I will correct it as soon as I can following a request within 30 working days (unless this is impossible due to holidays or illness).
-The Right to Erasure Right to be Forgotten. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records that I legally can as soon as I can following a request (and definitely within 30 working days, unless this is impossible due to holidays or illness).
- The Right to Data Portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
Direct marketing from my Dr Emma Rae Rhead Hypnotherapy and Coaching Mailing List is on an opt-in basis only. You will need to explicitly consent to receiving newsletters, freebies, offers, rebooking text alerts and any other communication that is outside the remit of what is required to provide you with therapy. If you wish or no longer wish to receive any direct marketing communication, you will be able to unsubscribe from the email themselves or please email email@example.com with your request and we will update our records.
The named Data Controller and Processor of ‘Dr Emma Rae Rhead Hypnotherapy and Coaching’ is Dr Emma Rae Rhead.
Dr Rhead can be contacted on firstname.lastname@example.org or by writing to
Dr Emma Rae Rhead
Cherry Tree House
86 Pine Grove, Hoole
Chester, Cheshire CH2 3LE
Dr Emma Rae Rhead Hypnotherapy
Hypnotherapy Chester | Chester Hypnotherapy | Chester Hypnotherapist
Hypnotherapy North Wales | North Wales Hypnotherapy
Cheshire Hypnotherapy | Hypnotherapy Cheshire