client gdpr policy
This policy has been produced to explain what data Tom Price may collect from clients and how it is used or stored. It serves to help Tom to comply with the General Data Protection Regulations (GDPR).
In May 2018 the Data Protection Act was replaced by the General Data Protection Regulations (GDPR). The changes to the Data Protection Act are aimed at ensuring that your personal, confidential and sometimes sensitive data, is held privately and securely.
Tom is a member of the National Council for Hypnotherapy (NCH) professional association. The NCH insists that Tom should keep written records stored securely for 8 years after the last interaction with an adult client and up to the age of 25 for a child under 16 when last seen or 26yrs for young adults aged 17 and 18 years old.
Due to the sensitive nature of what we do, Tom’s insurance company does not allow the deletion of data, before the minimum time for holding said data.
In line with GDPR, yes, within 30 days.
Tom is keen to offer the highest quality support to his clients and to do so he will collect the following information:
An idea of what you would like to achieve by coming for hypnotherapy
A small amount of medical information
Some brief session notes
Your contact details
GP contact details
Some basic information about your important others
This information allows Tom to provide continuity within the sessions, to help you towards your goal. This information will also allow Tom to refer to the content of earlier sessions and previous discussions. Tom will only use your contact details/address and GP’s details with your explicit consent.
Session Notes:
All session notes and client information will initially be collected and recorded on a password-protected Windows laptop. It is then securely stored using Microsoft OneDrive, a cloud-based service that complies with UK GDPR regulations. OneDrive uses encryption to protect your data, and access is password-protected and restricted solely to Tom.
Paper Notes:
Where paper notes are taken, these will be promptly converted to digital format and stored securely in OneDrive, as above, and then destroyed.
Text Messages:
Tom’s mobile phone is secured by a PIN and/or face recognition. Emails: Tom’s email account is password-protected with Multi Factor Authentication (MFA) using Google Authenticator.
Yes, unless Tom needs support from his supervisor or he believes that you are about to harm yourself or another.
Tom is obliged to always protect your confidentiality. So, for this reason, although Tom may acknowledge you, it would be ideal if any further conversation could be avoided. However, if you wish to discuss your therapy with other people, that is your choice, and you are very welcome to do so.
Only with your written consent.
The Data Controller is Tom Price. ICO Number: CSN2083699.