When we work together I collect personal information from you to help me provide safe and effective therapy. In handling this information, I am bound by two sets of rules, the General Data Protection Regulations (GDPR) and my professional body’s code of ethics. This page will explain how these affect the way I work.
If you have questions about any of this, please discuss them with me before booking a session, or at a session, if you have already booked.
Protecting your personal information
- My company, Yorkshire Therapies & Training Ltd, is registered with the ICO – https://ico.org.uk/ESDWebPages/Entry/ZA230146.
- I am both the Data Controller and the Data Protection Officer. My contact details are; Debbie Waller, email email@example.com or phone 01977 678593.
- In most cases, the information about you that I collect comes from you, via an email, phone call, online form, or during our face-to-face sessions.
- If you are under 18, I may get some information from your parents and/or school.
- If you are referred by someone else (e.g. an employer) I may get some information from them.
- I use your personal data in the following ways
- to provide you with items you have purchased, e.g., audio downloads,
- to deliver therapy,
- to reply to you if you contact me with questions about my services,
- to contact you between therapy sessions if necessary,
- to allow me to collect payment from you, and maintain my records and accounts.
- You have no legal requirement to share any information with me, but if you do not do so I will not be able to offer you any therapy.
- The categories of data/information I collect include your name and contact details, your medical history, your family situation and support network, the nature of your employment, your hobbies and interests, your lifestyle, and details of the problem you’d like me to help with. These details are necessary to provide you with safe and effective therapy.
- The lawful basis of my collecting and processing data is consent or contract or legitimate interests. You consent to my holding and using your information when you submit an online form.
Clicking a PayPal button creates a contract to supply goods or services which I cannot do without using your data. If you undertake therapy with me you will sign my terms and conditions, which creates a contract.
If you email, phone or contact me via social media with enquiries it is a legitimate interest of my business to use your contact details to reply to you.
- Sharing information:
- Otherwise, I am the only person who has access to your information unless:
- you ask me in writing to share your information with someone else,
- the Duty of Care Provision from my Code of Ethics applies – see the notes about this further down.
- I am working with you as part of a care team, or you have been referred to me by someone else (e.g. an employer), in which case pre-arranged levels of information will be shared with these relevant parties
- I am temporarily or permanently rendered incapable of acting (e.g., by ill health or death) in which case my therapeutic executor (David Waller) will be given access to your contact details.
- I keep the information you give me for eight years, which is the length of time required by my professional body and my insurance company. If you are under 18, I keep it till eight years after your 18th birthday. After this time it is shredded or burned and disposed of securely.
- You have rights over the information I hold about you. These are:
- Portability – you can ask me to send your information to someone else,
- Rectification – if you think my records are wrong you can ask me to change them,
- Erasure – in some circumstances, you can ask me to remove your details from my records (this is sometimes called ‘the right to be forgotten’),
- Fair profiling – you can ask that any processes I automate are done by a person instead of a computer. I don’t automate any information processing, although I do use online forms to collect information. If you prefer not to complete these, the information can be collected face-to-face during our first session,
- Right of access – you can have a copy of the information I hold at any time, by requesting it in writing. If you do this it will be provided within 30 days and free of charge,
- Restricting processing – in some circumstances you can request that I stop processing your information,
- Objection – you can object to the way I process information (e.g. if it is used to send you direct marketing you don’t want to receive) and you can ask me to stop using it in that way,
- Information – you have the right to understand how I collect and process your information (hence this privacy notice).
- If you are under 18 I will need permission from a parent or guardian before working with you, and if you are under 13 I will need to verify your date of birth.
- You can learn more about these rights on https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- You can withdraw your permission for me to use your information at any time, this means ending your therapy.
- You have a right to complain to the ICO if you have any problem with the way I store or use your data, or if you do not think your rights are being respected.
This policy was last updated on 5.5.23 to remove COVID test and trace provisions.
My Professional Body
I belong to a number of professional bodies that require me to keep the information you give me private and confidential unless one of the following applies:
- there is a legal requirement for me to share information (for example a court order or warrant is issued),
- there is good cause to believe that if I do not disclose information you or others would be exposed to a serious risk of harm (for example, if you are at risk from suicide or abuse, or taking part in serious law-breaking).
These exceptions to the confidentiality rule come under a provision called the ‘Duty of Care’.
My Code of Ethics also allows me to share anonymous case histories verbally or in hypnotherapy publications for the purposes of supervision or training. Anonymous means your personal details are removed and small details about your situation are changed so that you cannot be recognised.
The Duty of Care provision applies to everyone but you can opt out of this other use of your information by dropping me an email.