Privacy & Data Protection
I, Trudi Fitzsimmons, am the Data Controller and Processor for Fit Mind Hypnotherapy. I take protecting your confidentiality very seriously, and I will not share information about you with anyone without your consent, with the following exceptions:
If I am ordered to release information by a court order
where it would be for the ‘greater good’. This means that if you tell me something that suggests you are going to hurt yourself or someone else, I would need to take appropriate action to protect you, or the other person, from harm. This could mean disclosing some of the information you had given me.
You have the right to access any information which I hold about you, and to correct anything which you think is inaccurate or incomplete in your records. You can also ask to be forgotten (ie. have your data erased). In such instances, I will delete all applicable information, where it no longer needs to be held for the original purpose. There are some exceptions to this right (eg. the need to comply with a legal obligation or in the defence of legal claims). You also request to “obtain and reuse” your data for your own purposes (eg. you ask that your records are transferred to a new therapist).
Paper records are kept in a locked filing cabinet and electronic information is stored on a password protected laptop. When not in use, the laptop is kept in a secure location. I can access some information from my Smart Phone (eg. emails, texts, Facebook messages). My phone can only be unlocked using a secure PIN or my fingerprint.
Data which is held by Fit Mind Hypnotherapy is only used for the purposes for which it has been provided. If you contact me to enquire about treatment, a note of your name, address and contact details and any other information you give to me as part of the enquiry will be kept. In addition, if you attend for treatment the following information will be kept:
Details of your GP and general health
Details of the issue which you have asked me to treat
Details of any other information you disclose during discussion, as part of our work together
Emails, texts and private Facebook messages you send
Information from third parties which relates to your treatment
Details of the treatment which I provide
Your information will be retained for 7 years (this is an insurance requirement). At the end of this period any paper records which relate to you will be shredded and all electronic data permanently deleted.
Credit card information is not retained.
However, if you use PayPal or online banking then these systems may retain your data, and you should refer to their Data Protection Policies for more information.
You should also be aware that some social media sites (such as Facebook) retain information about interactions between two parties, and this is outwith my control. I am also unable to control any data (emails, texts) which you send me beyond retaining a secure copy at my end.
If there is any breach of data security, I will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do everything possible to minimise the potential impact of a data breach.