Privacy Policy

Privacy Notice
Contact information:

Iwona Dlugoszewska (Sole Trader)
Hypno-Psychotherapy Healing
Tel: +44 7341 214610

I keep client data on the basis of “Legitimate Interests” needed to fulfil the contract that we have together (i.e. to provide therapy) and that it is data that you would reasonably expect me to hold and use.

For those who make inquiries, the data I hold includes any information you have sent me by email, text or voice message.

For those who book and attend at least one session, the data I hold includes:

  • Basic information such as name, email address, phone number
  • Information that you give me as part of the work we do together
  • Records of what interventions that I use (or potentially do not use) in our sessions
  • Emails, texts and/or messages that are sent between us
  • Information sent from any third party, e.g. referrals by your GP, insurance company, employee assistance programme, occupational health provider.

Some of the information that you give me may fall under the definition of special category data as defined by the General Data Protection Regulation (GDPR). The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.

I do not share with anyone, except possibly your GP, except for the reasons covered by the Requirements for Disclosure which are detailed and discussed when we first meet.

The data is primarily used to enable me to provide therapy or supervision for you. It may also be used scientific research and statistical purposes.

Details of where data is held:

  • Emails are held either on my computer’s hard drive or exchange server and are password protected. Any emails held on my mobile devices are fingerprint/code protected.
  • Any SMS or WhatsApp messages are held on my mobile devices which are fingerprint/code protected (See Social Media and Electronic Information section).
  • Handwritten and are kept in a locked filing cabinet. A coding system enables the therapist to know whose notes are whose, but a stranger seeing the notes would not be able to identify who they referred to.
  • If you use online banking then these systems will hold your data. I will download from these systems for accounting purposes and the resulting spreadsheets.

Your data is kept for seven years, the period stipulated by my insurer. After this time any paper records are shredded and computer records permanently deleted.

I take data security seriously and therefore:

  • All data is held securely (see details of where data is held above)
  • Any data transmitted is sent encrypted, whenever possible
  • For accounting purposes Excel spreadsheets are used

However:

  • I am not in control of data (including emails and texts) which you send me.
  • Some apps and algorithms, such as Facebook, may access information in ways that are beyond my control.

If there is any breach of data security, I will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.

You have rights with regards to the data held:

  • The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
  • The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
  • The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include case notes or data such as address/email/phone
  • The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure
  • The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
  • The right to object to:
    ◦ Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). I do not engage in these things
    ◦ Direct marketing.
    ◦ Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
    ◦ Automated decision making and profiling. I do not engage in automated decision making or profiling

Last updated: 18.02.2024