As required by law, Alison Leverett-Morris is registered as a data controller with the Information Commissioner’s Office (ICO). The personal data collected about you (the client), including name, contact details, medical history and name of doctor (GP), is collected for the purpose of providing professional and ethical hypno-psychotherapy services.
Your personal data will only be used for the purpose for which it was collected. Your personal data will not be used for marketing or information sharing purposes without your separate, written consent and you can opt out from receiving any such communications at any time by emailing email@example.com.
Personal data will not be shared with third parties unless absolutely necessary within the bounds of the law and the professional code of ethics of UKCP (UK Council of Psychotherapy) and NSHPM (National Society for Hypnosis, Psychotherapy and Mindfulness); for example: a legal requirement to share your personal data with a court of law for reason such as harm to self or others, terrorism or money laundering.
Personal data is stored securely, within a practice of data minimization. Consideration is given as to what is adequate, relevant and not excessive holding of data within the bounds of regulatory requirements and professional standards and ethics. For example: data of short-term value (such as emails confirming appointments) will be securely deleted (electronic data) or shredded (paper data) after its intended purpose has been fulfilled. Financial records (eg. client payment records) will be kept for 7 years as required by HMRC; clinical notes will be securely archived for 7 years, from the date of end of therapy, as required by the therapist’s professional indemnity insurer. For clients under the age of 18, the required period for keeping records is 7 years from the date that the client reaches majority (aged 18).
Under GDPR (General Data Protection Regulation) you (the client) have rights as an individual which you can exercise in relation to the information the therapist holds about you. For details of these rights: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/