DATA PROTECTION AND CONFIDENTIALITY
When I work with you I collect personal information from you to enable me to provide safe and effective therapy. I am bound by two sets of rules in handling this information, the General Data Protection Regulations (GDPR) and my professional body’s Code of Ethics. This page will explain how these affect the way I work, and will provide detailed information as to when and why I collect your personal information, how I use it and how I keep it secure. GDPR comes into affect on 25th May 2018, and if applicable, this Policy will be updated accordingly after the completion of the UK’s exit from the European Union. If you have any questions about this please discuss with me before you book a session, or at our first session together. (I apologise for the length of this policy!)
PROTECTING YOUR PERSONAL INFORMATION
I am the only person who works for my business, Linda Oram Therapies, and I am both the Data Controller and the Data Protection Officer, as defined by the Information Commissioner’s Office (ICO).
My contact details are: Linda Oram, email: firstname.lastname@example.org and telephone: 07305 997168.
In most cases, the information about you that I collect comes from you, via an email, telephone or during face to face sessions. If you are under 18, I may obtain some information from your parents.
I use your personal data in the following ways:
To deliver therapy safely and effectively.
To reply to you if you contact me with questions about my services.
To contact you between therapy sessions if necessary.
To allow me to collect payments from you, and maintain my records and accounts.
You have no legal requirement to share any information with me, but if you choose not to, unfortunately I, will not be able to work with you.
The categories of data/information I collect includes: your name and contact details, your medical history, your family situation and support network, the nature of your employment, your hobbies and interests, your lifestyle, and details of the problem you would like me to help you with.
Collecting and using your personal information is essential to providing my therapy services safely and effectively, and you give me written consent to use your personal data in the ways specified here when you sign my consent form at our first session.
I am the only person who has access to this information unless:
There is a legal requirement for me to share the information (e.g. a court order or warrant is issued)
You ask me in writing to share your information with someone else.
The Duty of Care Provision from my Code of Ethics applies – see the notes about this further down.
I keep the information you give me for 7 years, which is the length of time required by my professional body and my insurance company. After this time it is shredded and disposed of securely.
All personal and sensitive data kept by me is held securely in a locked filing case.
You have rights over the information I hold about you. These are:
Portability – you can ask me to send your information to someone else.
Rectification – if you think my records are wrong you can ask me to change them.
Erasure – in some circumstances you can ask me to remove your details from my records (this is sometimes called the ‘right to be forgotten’)
Fair profiling – you can ask that any processes I automate are done by a person instead of a computer. However, I currently don’t automate any information processing.
Right of access – you can have a copy of the information I hold at any time, by requesting it in writing. If you do this it will be provided within 30 days and free of charge.
Restricting processing – in some circumstances you can request that I stop processing your information.
Objection – you can object to the way I process information (e.g. if it is used to send you direct marketing you don’t want to receive) and you can ask me to stop using it in that way. However, I don’t currently use it for marketing purposes.
Information – you have the right to understand how I collect information and process your information (hence this privacy notice).
If you are under 18, I will need permission from a parent or guardian before working with you.
You can withdraw your permission for me to use your information at any time, but unfortunately, this will mean ending your therapy with me.
You have a right to complain to the ICO if you have any problem with the way I store or use your data, or if you do not think your rights are being respected.
MY PROFESSIONAL BODY
The General Hypnotherapy Register (GHR) ask me to keep the information that you share with me private and confidential unless one of the following applies:
There is a legal requirement for me to share information as above.
There is good cause to believe that if I do not disclose information you or others would be exposed to a serious risk of harm.
These exceptions to the confidentiality rule come under a provision called the ‘duty of care’, which applies to everyone.
My Code of Ethics also allows me to share anonymous case histories verbally for the purposes of supervision or training. Anonymous means your personal details are removed and small details about your situation are changed so that you could never be recognised.
My website uses tracking software to monitor its visitors, in order to understand how they use it. It will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website, but it will not store, save or collect personal information.
CONTACT AND COMMUNICATION
Users contacting me through my website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until such time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure email submission process, but I must advise users that using such forms is at their own risk.
Although this website may include links to other websites of interest, this does not signify that I endorse these websites. Users are advised to adopt a policy of caution before clicking on external links, as I cannot guarantee or verify the contents of any externally linked websites, despite my best efforts. Once you have used a link to leave my site, you should note that I do not have any control over that other website, therefore, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites.
Users should also use caution before clicking on shortened URL links (Uniform Resource Locators), a common system for shortening long URL’s to a length that is more visually pleasing, in order to verify their authenticity before proceeding.
Although I undertake due diligence before including external links, I cannot guarantee or verify the content of them, so users should, therefore, be aware that I cannot be held liable for any damages or implications caused by visiting these links.
Users are advised to use social media platforms wisely, with due care and caution regarding their own privacy and personal details. I will never ask for personal or sensitive information, or passwords through social media, and users wishing to discuss sensitive details should do so through primary communication channels, such as by telephone or email.
Users are advised that using social media sharing buttons is at their own discretion: the social media platform may track and save your request to share a web page through your social media platform account.
To learn more about how individual social media platforms collect, store and use your personal information and other data, I recommend that you read the Privacy Policies published by each respective social media platform.
Linda Oram Therapies