Get in touch

Privacy Policy

Name: Becky Smyth
Tel: 07883 649013
Address: 14 Clough Avenue, Burscough, Lancashire, L40 5BG
Email address: info@beckysmyth.co.uk

I am the Data Controller and Processor for information collected from you. I provide Hypnotherapy and Psychotherapy services to clients in the United Kingdom. This Privacy Notice aims to explain how I collect, process and use your personal data and, in doing so, how I comply with data protection law and our obligations to you. I am committed to protecting the privacy of all clients and users of the website.

Client information is collected and retained if it is deemed necessary or of ‘Legitimate Interest’ to fulfil the services provided to the client, i.e. therapy. This information would be that which a client would reasonably expect me to hold and use, namely:

  • Client’s or prospective client’s name
  • Client’s or prospective client’s telephone number
  • Client’s or prospective client’s email address (if provided)
  • Confirmation that the client or prospective client is over 18 years of age
  • Information provided to us by a client or prospective client relating to reasons why they wish to
    consider therapy
  • Information shared with the client and therapist in therapy sessions
  • Information relating to interventions used by the therapist with the client in therapy sessions
  • Information relating to correspondence between therapist and client via emails, texts,
    WhatsApp, voice notes, voice messages or Zoom.
  • Information sent from any third party, for example, a General (Medical) Practitioner,
  • Allied Health Practitioner, Occupational Health Provider, Insurance Provider,
  • Employee Well-being Program (EAP)

 

Some of the information that clients share will fall under the category of ‘special data’ under the General Data Protection Regulation (GDPR). In such cases, I am expected to process such information when it is deemed “necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional” (General Data Protection Regulation, 2016). Information relating to allegations or proceedings, offences or convictions of a criminal nature will require specific consent from the client for such information to be held.

All clients will receive a Requirements of Disclosure document as part of the Client Therapist Agreement in their initial meeting, and the client will be required to sign and date this document to acknowledge their understanding of when client information must be shared between me and with third parties. Apart from the requirements stipulated in the Requirements of Disclosure documents, I will not share your information with anyone, with the possible exception of the client’s GP. My accountant will see all payment information, namely debit or credit card information and PayPal records, which will contain client information. If a client wishes me to redact data relating to their history, they can request I do so by emailing info@beckysmyth.co.uk

Details of where data is held:

  • Any emails sent between us are held either on my computer’s hard drive or the Exchange server, or if archived, in OneDrive, which is a secure cloud-based storage which is itself GDPR compliant. Any that may be held on my mobile phone are fingerprint/code protected.
  • Any texts/WhatsApp messages/Messenger messages sent between us are held on my mobile phone, which is fingerprint/code protected.
  • Your notes that are handwritten are kept in a locked filing cabinet. A numerical coding system
    which enables the therapist to identify which notes relate to a particular client, therefore, a stranger or anyone other than the therapist seeing the notes would not be able to identify who they refer to. The coding system used to identify notes with clients is securely stored with password protection, on the therapist’s hard drive and archived on OneDrive. Details on how to access this coding system are in the therapists Professional Will and are only accessible should the therapist become incapacitated or deceased.
  • Credit card information is shredded as soon as processed.
  • If you use PayPal or online banking, then clearly these systems will hold your data. I will download from these systems for accounting purposes, and the resulting spreadsheets are held in OneDrive. When sent to our accountants, they will be password-protected.
  • Your data is kept for 7 years. The length of time is based on the stipulation of our insurers. After this time, any paper records are shredded, and computer records are permanently deleted.

 

Your Rights:

  • The right to be informed about the personal data the Company processes on you.
  • The right of access to the personal data that the Company processes about you.
  • The right to rectification of your personal data,
  • The right to erasure of your personal data in certain circumstances.
  • The right to restrict processing of your personal data.
  • The right to data portability in certain circumstances.
  • The right to object to the processing of your personal data that was based on a public or legitimate interest.
  • The right not to be subjected to automated decision-making and profiling, and the right to withdraw consent at any time

 

Where you have consented to me processing your personal data and sensitive personal data, you have the right to withdraw that consent at any time by contacting the Data Protection Officer, Becky Smyth, at info@beckysmyth.co.uk

If you wish to complain about this privacy notice or any of the procedures set out in it, please contact me at info@beckysmyth.co.uk

I take the security of data seriously, however, we are not in control of data which is sent to us by other parties. Online applications can routinely access information held, and this is beyond my control. If there is any breach of data, I will inform the ICO and any parties affected within 72 hours of the breach and endeavour to do whatever is necessary to minimise any potential impact to all parties concerned.

Cookies:

As with many businesses, this website uses cookies. A cookie is a small amount of data or information sent to the browser of your device from a website’s computer and is stored on the hard drive of your device. Cookies record data relating to your online preferences. I do not use cookies to collect personally identifiable data or information about you. Cookies enable me to understand how visitors to my website interact and engage with the information on the website, and allow me to continually improve and enhance the visitor experience. You can protect your privacy by restricting or blocking cookies through your browser settings.