Privacy Policy
Privacy Statement
We take the responsibility of your personal data very seriously, and we are committed to respecting and protecting your privacy. The following Privacy Statement has been developed in order to be in line with the General Data Protection Regulations (GDPR) in effect from Friday 25th May 2018. This statement lets you know how we handle the information you give us, and what we do with it.
What data do we collect?
Our therapists will collect personal data from you, such as your name, age, address, telephone number, email, occupation, family, and personal circumstances,
We also collect ‘special categories of personal data,’ such as health data, that are required to plan your treatment.
How do we collect your data?
We collect your data through our website enquiry forms, through telephone conversations we have with you, and in person at our Initial Consultations, therapy sessions, yoga classes, workshops, supervision sessions, and training.
We may also use questionnaires that we ask you to complete and bring back to a subsequent session.
Why do we collect your data?
We collect your data to help us:
• To assess and plan your treatments, therapy, supervision, training, or yoga practice.
• To contact you regarding your ongoing treatment, including logistics of planning sessions.
• To inform you of any relevant news, offers and updates, with your signed permission.
• To contact you regarding supervision matters in the case of practitioners, or training matters in the case of students.
• To contribute to research into Hypnotherapy using the CORP research programme, wherein only the following information is collected and stored:
First initial of the first name, age, gender, condition being treated, and session by session measurements of progress across seven different areas, completed by you.
Our legal basis for processing your personal data is:
• Consent or contract for personal data, and
• The fact that the processing of the special category of personal data is necessary for the provision of healthcare.
How do we store and protect your data?
We employ strict information security procedures to ensure your personal data is protected from unauthorised access, unlawful processing, and accidental loss, destruction and damage.
Personal data recorded on paper is stored securely in locked filing cabinets, and accessed only by the practitioner for the purposes of planning, reviewing and implementing treatment, training, supervision or yoga.
Any personal data stored on computer is kept securely and password protected.
Each practitioner is responsible for securely storing data relating their own clients. Please speak to your practitioner about how they store your data once you have made contact regarding treatment.
How long is your data stored for?
In line with the regulations of the governing bodies of the profession, together with indemnity insurance requirements, personal data will be kept safely and in good condition for eight years from the date of the client’s last visit. In the case of children, personal data will be kept until the child’s 25th birthday, or 26th birthday if the client was 17 when the treatment ended. This constitutes a legitimate interest in retaining records for this period. After this time, personal data will be securely destroyed.
Who will we share your data with?
The Observatory Practice administration will pass your intial enquiry to a relevent practitioner to contact you.
We will not pass on your data to third parties, unless required to do so by law, or in the interests of preventing or reporting harm to self or others.
No client personal data is shared with other practitioners during supervision. Any cases reviewed are done so with the utmost respect and attention to confidentiality.
Your rights:
You have the right to see any of your information and update it at any time.
Our commitment:
We will continue to review, update and enhance our Privacy Statement, reflecting our commitment to respect and protect your privacy.