Therapy client data GDPR: With effect from 25th May 2018, under the General Data Protection Regulations (GDPR) I (Jill Wilson, Clinical Hypnotherapist) am required, by law, to inform you (as a current therapy client, or as potential therapy client) about how I process and keep safe the data I hold that relates to you.
I am required to gain your explicit consent to holding and processing your data and I take your privacy and confidentiality seriously.
Should you not wish to give your consent, you have the option to discuss with me and the ramifications.
You have the right to withdraw your consent at any time, we would, however, need to discuss what this means in practice. The primary aim is to keep you safe. In certain situations, it may be a requirement that certain information is retained and legal input may be sought in such instances.
The client therapy data that I hold may include:
- Your name and address
- Your phone number and email address
- Your GP name and contact details
- Relevant medical information
- Session notes
- Payment information
- My emails to you, and yours to me
Under the GDPR, you have the right to know what client therapy data I hold, the reason why I hold it and the period of time I will hold it.
In addition, you have the right to view the data held and to request changes to be made.
Sensitive client data is destroyed completely within my wood-burner.
I will notify you as soon as possible if I discover that there has been a data breach of your personal information which could put you at risk.
This information is required to enable me to work safely and professionally with you, in line with the guidelines of professional bodies I belong to, including BSCH.
Your information is stored securely and the following procedures are in place:
All session notes are hand written and not stored digitally, your session notes are stored and kept securely in a locked filing cabinet. Session notes may include dates and times of attendance and notes of the issues arising from the session, progress made and future sessions. I keep a ‘clear desk’ policy, which means that session notes and other information are not left unattended.
My PC is password protected and runs a robust anti virus software.
Emails are deleted after reading, a paper copy may be placed with your session notes.
My website is a WordPress site which is SSL certified and encrypted.
I use ‘cookies’ on my website and this information is gathered for data stats only and contains no personal information about you and you can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer.
I will not store your phone number, name or personal information on my phone.
Your data is stored secured for 7 years, in accordance with insurance and professional guidelines, after which time it is destroyed.
I will not contact you via email or by phone unless you have agreed for me to do so.
Please sign and date below if you consent to the therapy client data GDPR points above. A digital signature (or simply your printed name) is acceptable.
☐ I agree to Jill Wilson holding, controlling, processing and storing my data as stated. Signed (first and last name ) & date:
If you have any other questions regarding how your therapy client data GDPR is processed and handled, please do not hesitate to discuss with me.
This document regarding therapy client data GDPR is subject to regular review and will be updated as appropriate.