The Ginger Well Limited, trading as "Steve Horrocks Hypnotherapy", is a limited company registered in England and Wales (Company No. 05309741), with its registered office at First Floor, Templeback, 10 Temple Back, Bristol BS1 6FL. We are listed on the Information Commissioner's Office register of data controllers (ICO Registered No. Z9020405).
We comply with our obligations under the GDPR by:-
- Processing personal data fairly, lawfully and transparently, without adversely affecting your rights;
- Collecting personal data for clear and legitimate purposes, and only undertaking additional processing of the data for compatible purposes;
- Ensuring the personal data we process is appropriate for our stated purposes;
- Ensuring personal data is accurate and, where necessary, kept up to date;
- Keeping data in a form that allows individual data subjects to be identified for no longer than is necessary for the purposes for which we process that personal data;
- Ensuring appropriate technical and business procedures are in place to protect personal data from loss, misuse, unauthorised access and disclosure.
You should read this Privacy Notice, together with any other privacy notice we may provide when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
Changes to this notice and your data
We may change this Privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
The personal data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified.
If you visit our website, opt-in to receive marketing communications from us, enquire about our services, or you become one of our clients, this will result in us collecting personal data about you. In some cases we may also receive information about you from third party sources.
The personal data we collect in different circumstances is shown below:-
|Information collected automatically:||
Technical information: type of device accessing our website, the Internet Protocol (IP) address used to connect your device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the device you are using to access our website;
Site visit data: source of visit, pages visited (including date, time and duration), page response times, download errors, and site visit duration;
|Email marketing:||First name, email address, email marketing opt-in [Not active yet].|
|Basic contact details||Full name, email address, telephone number/s;|
|Appointment preferences:||Preferred clinic, days & times;|
|Enquiry details:||Questions, concerns, objectives/issues;|
|Source of enquiry:||General and specific details (i.e. online | search engine);|
|Communication:||Letters, emails, website form submissions, text messages, brief notes of phone conversations.|
|Full contact details:||Full name, home address, email address, telephone number/s;|
|Parent/Guardian info:||Full name of parent/guardian, home address, email address, telephone number/s [For clients under 18yrs];|
|Communication:||Letters, emails, texts, brief notes of phone conversations;|
|Appointment details:||Clinic, dates and times, duration;|
|Age-related data:||Age and date of birth. In certain circumstances we may need to see documentation showing DOB or proof of age;|
|Marketing opt-ins:||Marketing opt-ins for each communication channel: direct mail, text messaging, phone and email;|
|Preferred contact:||Family member/friend: full name and telephone number/s;|
|Fee payment info:||Method and date of payment, amount, account name [Data from client & a third party] ;|
|Health-related info:||Current and recent health conditions, medication;|
|Hypnotherapy-related:||Aims for sessions, previous treatments, experience of hypnosis/hypnotherapy;|
|GP/Therapist consent:||GP and/or referring therapist contact details, consent for us to receive/share info (where this is required);|
|GP/Therapist briefings:||GP and/or referring therapist client briefings and communication [Data from a third party];|
|Session notes:||Hypnotherapist notes relating to client's sessions, progress, experiences and homework.|
|Feedback forms:||Client feedback on their treatment, their hypnotherapist and hypnotherapy in general.|
How we use this information
The personal data we collect about you may be used for some or all of the purposes listed below:-
Providing you with hypnotherapy and wellbeing information by email, post, text message or phone
We only do this where you have opted-in to receiving our marketing messages by our chosen communication channel;
- Replying to your enquiries;
- Entering into a contract to provide you with a service;
- Arranging, re-arranging or cancelling appointments;
- Managing payments;
Receiving information from third parties
Where you pay for our services by BACs or Faster Payment we receive confirmation of your payment, including the name of your account from our Bank. In addition, if you choose to make use of the online forms on our website, we receive your form data from our web hosting company;
Sharing client information with third parties
We may share your name (or client reference) and information about the hypnotherapy fees you have paid with our accountants in order for them to prepare our company accounts;
Sending you pre-appointment paperwork
One of the documents that you will receive is this Privacy Notice. This is to ensure that you are aware in advance how we will use the information you provide;
Communicating with your GP
There are some conditions that are contra-indicated for hypnotherapy and sometimes there are circumstances where it may be necessary to contact your GP before commencing therapy. You will be informed of this at your appointment if this is required.
Communicating with your referring healthcare professional
Where you have been referred to us we request the contact details of the referring healthcare professional. We also ask for your permission to ask for, or share, appropriate levels of information from, or with, them about your circumstances and hypnotherapy treatment;
Communicating with your preferred contact
We ask for brief details of someone you can rely on and with whom you feel comfortable. You can choose either a family member or a friend to be your preferred contact. This information is only used in emergency situations or where you would find it difficult to travel on your own. We recommend that you get the permission of your preferred contact before sharing this information with us;
Communicating with you outside of your hypnotherapy sessions
This may include us sending you various documents and files via email, text message or post;
Planning the approach taken during your hypnotherapy treatment
The notes we make in your hypnotherapy sessions inform the planning of future sessions and assist us in the creation of personalised therapeutic suggestions;
- Notifying you about changes to our terms or privacy policies ;
Creating and sharing anonymised case histories
If we have your permission, we may create and share one or more case histories of our work together for research, peer group discussion or supervision purposes. Any such case histories will be sufficiently anonymised that you and other individual clients cannot be identified;
Sharing your feedback anonymously
If we have your permission, we may share selected information from your client feedback form on an anonymous basis. Depending on the type of permission you give us, your hypnotherapist may share this information with their peer support group and their supervisor, and we may use your feedback in our marketing activities;
Maintaining our own accounts and business records
We only retain limited details about client payments in order to fulfil our legitimate interests in this area. In particular, where you pay by cheque we do not record your bank details;
Using age-related data to support best practice
If you are a young person, or look younger than your years, we use the age & date of birth information you have provided to help us operate according to best practice;
Statistical analysis for business planning
The data we use for statistical analysis and business planning purposes will be retained in an anonymised format once all of our personal data processing purposes no longer apply. Once it is in an anonymised format the data no longer contains any personal information and will fall outside the scope of the GDPR and this Privacy Notice;
- Exploring ways that we can improve our website, services & marketing;
- Verifying your identity;
- Responding to GDPR data rights communications and requests;
- Complying with laws and regulations in applicable jurisdictions.
On what basis do we process your personal data?
We will only process your personal data if at least one of the following applies:-
- You have given consent to the processing of your personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which you are a party, or in order to respond to your requests prior to you entering into a contract;
- Processing is necessary for compliance with a legal obligation to which we are subject;
- Processing is necessary to protect the vital interests of you or of another natural person; or
- Processing is in our legitimate interests, or, in certain situations, those of a third party.
How we process your personal data and on what basis, or bases, we do so are shown below:-
Marketing channel opt-ins
Where you have opted-in to receiving our marketing messages by one or more specific communication channels, you have given your consent to us processing your personal data for this purpose. Furthermore, the processing is necessary for our legitimate interests;
Responding to your enquiries
Where you enquire about our services you have given your consent to us processing your personal data for the purpose of us responding to your enquiry. Furthermore, this processing is necessary for our legitimate interests;
Entering into a contract
Where you express interest in arranging an initial appointment with us we will collect specific information from you, including via pre-appointment paperwork, and this will be on the basis of you entering into a contract with us;
Providing your hypnotherapy treatment
Our use of your personal data for the purpose of hypnotherapy is on a contractual basis and is necessary for our legitimate interest of providing you with the best standard of treatment we can;
Following your hypnotherapy treatment
The processing of your health-related personal data that we undertake after your treatment has been concluded is based on our legitimate interest. Your hypnotherapist is registered with the Complementary & Natural Health Council (CNHC) and is fully-insured, and therefore our legitimate interest in retaining your client session data relates to our contractual obligations with both the CNHC and our insurer. Specifically, we are required to keep client records safely and in good condition for eight years from the date of a client's last visit or, if the client is a child, until his or her 25th birthday, or 26th birthday if the client was 17 when the treatment ended. Any processing of your data we undertake beyond this time is based on your consent and our legitimate interest in making any further treatment you receive from us as efficient and effective as possible. Having access to the data from your earlier client sessions is necessary for us to achieve this aim;
Use of client feedback
Where you have given us permission to use your client feedback on an anonymous basis in our marketing activities we have a legal obligation and a legitimate interest in retaining some brief contact details linked to your feedback. This is to ensure that we can respond to any client feedback 'authenticity' requests from the Advertising Standards Authority (ASA) or other similar trading standards body.
Your data rights
Under the General Data Protection Regulations (GDPR) you have a number of non-absolute rights with respect to your personal data. Unless subject to an exemption under the GDPR your rights are:
The right to be informed of the ways your personal data is being processed
This Privacy Notice is a significant part of our response to this right;
The right of access
This right allows you to request a copy of the personal data we hold about you;
- The right to have personal data corrected or updated;
The right of data portability
In certain situations, this right allows you to have personal data we hold about you transferred to another person or organisation;
The right to restrict processing
Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction is placed on further processing;
- The right to have your personal data deleted, where it is no longer necessary for us to retain the data;
- The right to withdraw your consent at any time, where consent was the lawful basis for processing your data;
The right to object to our processing of personal data, where applicable
Where we are using your personal information based on legitimate interest, or direct marketing you have the right to object to that use of your personal information.
If you wish to exercise any of the above data rights you should direct your request to Steve Horrocks, either by email using firstname.lastname@example.org, or by post at The Ginger Well Limited, 26 Marine Court, Trafalgar Square, Poringland, Norwich, NR14 7WT. Subject to there not being an issue, we will respond in full within 30 days of us receiving your written request.
When not in use by your hypnotherapist all hard copy personal information is stored in a locked cabinet in a locked location. All personal data held by us electronically is safeguarded by at least device-level password protection and only accessed by your hypnotherapist.
Where the personal data is one of the special categories, such as health-related information, we use document-level password protection or encryption as an extra safeguard. Any device we use to store special category personal data in electronic form is kept in locked storage in a locked location when not in use.
We will only retain your personal data for as long as necessary to fulfil the purposes we collect it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
By law we have to keep basic information about our clients (including name, contact details, services used and fees paid) for six years after they have last used used our services for tax purposes.
In some circumstances we may anonymise your personal data, so that it can no longer be associated with you, for analysis and business planning purposes. Where we do this we may use this information indefinitely without further notice to you.
Data location and transfers
We do not transfer your personal data outside the European Economic Area (EEA).
We uphold the common law principle of confidentiality, where the duty to keep confidence is measured against the concept of the ‘greater good’. If in the opinion of your hypnotherapist there is good reason to believe that not disclosing one or more concerns would cause danger or serious harm to you, the therapist or others, then your GP or other appropriate agencies may be contacted. Only information required to ensure the safety of the relevant parties would be disclosed.
Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime.
Links to third-party websites and other online resources
Our website may contain links to third-party websites, plug-ins and other online resources. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We have no control over how your data is collected, stored or used by these third-party websites and resources, so we encourage you to read the privacy notice of every website you visit.
Queries and comments
Any comments or queries about this policy should be directed to Steve Horrocks, either by email using email@example.com, or by post at The Ginger Well Limited, 26 Marine Court, Trafalgar Square, Poringland, Norwich, NR14 7WT.
If you believe that we have not complied with this policy or acted otherwise than in accordance with Data Protection law, you can contact the Information Commissioner's Office (ICO). However, the ICO recommends that prior to this you take steps to resolve the matter with the data controller before involving them.
You can contact the ICO by calling 0303 123 1113 or by visiting their website: ico.org.uk.
This policy was last updated 25th May 2018.
Version No. PN1805-1.