How will my data be processed and stored?

In May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). Tara Gabriel of Inner Sage Hypnotherapy is GDPR registered. The changes to the Data Protection Act are aimed at ensuring your personal, confidential, and sometime sensitive data, is held privately and securely. This means that any data you give to Inner Sage Hypnotherapy must be processed in a way you agree with. GDPR exists to protect your rights as a consumer. It applies to your identifiable data, e.g. your name and address & any reason you might have for visiting Inner Sage Hypnotherapy. It also covers any session records, text messages or emails between Inner Sage Hypnotherapy & yourself.

How long will you hold my information for?

Tara is a member of the NCH (National Council Hypnotherapy). As such they are bound by their regulations regarding the length of time they must hold onto your information. The NCH (National Council Hypnotherapy) and insists that Tara must hold onto your data for 8 years after your final session. However, the rule for children is different and the NCH (National Council Hypnotherapy) and stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old when Tara must keep their records until they reach their 26th birthday. Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.

What if I would like my data to be destroyed before this date?

Under the GDPR rules, you can request the deletion of any of your records at any time. Simply write to Inner Sage Hypnotherapy requesting that your records are destroyed and once they have confirmed your identity, they will do so. There is no charge for this service. Inner Sage Hypnotherapy will then ensure that all your paper records are shredded with a cross shredding machine. Any electronic data held by Inner Sage Hypnotherapy, such as emails or texts will be permanently deleted from the devices they are stored on. NB. Tara may need to save the written deletion request you sent them, if their insurance company insists on it, but would destroy any other data.

Am I able to see or get a copy of the information held by you?

In line with GDPR, if you send Inner Sage Hypnotherapy a request in writing, specifying the data you wish to see, they will supply you with a copy of your data within 30 days. Inner Sage Hypnotherapy will need to confirm your identity before sending you the information. There will be no charge for this service. NB Tara’s insurance company’s legal team may wish to verify any information Tara sends out.

What is your reason for collecting this information?

Inner Sage Hypnotherapy is keen to offer the highest quality support to their clients and to do so they will collect the following information:

·        Contact details.

·        An idea of what you would like to achieve by coming for hypnotherapy.

·        Brief session notes.

·        Basic medical information.

·        GP contact details.

·        Basic information about your important others.

This information allows Inner Sage Hypnotherapy to provide continuity within the sessions, to help you towards your goal. This information will allow Inner Sage Hypnotherapy to refer to the content of earlier sessions and previous discussions. Inner Sage Hypnotherapy will only use your contact details/address and GP’s details with your explicit consent. See client agreement and initial consultation. The CORP research programme collects unidentifiable information for the purposes of producing scientifically measured outcomes for Solution Focused Hypnotherapy.

 How do I know that Inner Sage Hypnotherapy will store my information safely?

·        Electronic consultation & session notes – Inner Sage Hypnotherapy keeps these on password protected laptop and on password/ two factor authentication protected cloud-based storage.

·        Text / WhatsApp messages – Inner Sage Hypnotherapy work phone is secured by passcode.

·        Emails – Inner Sage Hypnotherapy user account is secured by password/ two factor authentication.

·        CORP research data – Accessed via a password protected programme on a password protected laptop.

What if I see Tara outside of a hypnotherapy session?

Tara is obliged by GDPR to always protect your confidentiality. So, for this reason, although they may acknowledge you, it would be ideal if further conversation could be avoided. However, it is your choice if you wish to discuss your therapy with others and you are welcome to do so.

Will Inner Sage Hypnotherapy discuss information about me with other health and social care professionals?

Inner Sage Hypnotherapy is only able to contact other health and social care professionals with your written consent. Should they write to your GP, to notify them that you have entered a therapeutic relationship with them, or to notify them that your therapy has been successfully concluded, Inner Sage Hypnotherapy would require your signature, in line with GDPR requirements. Tara does have a ‘duty of care’ towards their clients, so the only exceptions to this would be if they believed that you were about to harm yourself or others. Should this occur then Inner Sage Hypnotherapy would be required to inform the relevant authorities. However, Tara would always aim to discuss this with you before taking any action. Legally, Inner Sage Hypnotherapy would also have to provide the police with information as set out in a warrant or court order, should the situation arise.

Are discussions within the hypnotherapy session confidential?

Occasionally, Tara may need seek advice from her supervisor to ensure the highest quality of service and standard of practice. However, no identifying features will be disclosed during this discussion.

Who is the Data Controller and what is their ICO registration number?

Data Controller is Tara Gabriel - Inner Sage Hypnotherapy.  ICO Registration number: ZB441297

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

This policy was last updated 1/12/2023. It may be updated at any time, so please check back regularly to ensure that you're aware of the latest version.