In May 2018, the Data Protection Act was replaced by the General Data Protection Regulation
(GDPR). Lorraine is GDPR registered. The changes to the Data Protection Act are aimed at ensuring
your personal, confidential, and sometime sensitive data, is held privately and securely. This means
that any data you give to Lorraine must be processed in a way you agree with. GDPR exists to protect
your rights as a consumer. It applies to your identifiable data, eg your Name and address & any
reason you might have for visiting Lorraine. It also covers any session records, text messages or
emails between Lorraine & yourself.
How long will you hold my information for?
Lorraine is a member of the Organisation. As such she is bound by their regulations regarding the
length of time they must hold onto your information. The Organisation insists that Lorraine must
hold onto your data for 8 years after your final session. However, the rule for children is different
and the Organisation stipulates that their data must be held until their 25th birthday. The exception
to this rule applies to young adults whose treatment ends when they are 17 years old when Lorraine
must keep their records until they reach their 26th birthday. Client records will be destroyed in the
January after the dates given above. This is in line with NHS regulations for holding data.
What if I would like my data to be destroyed before this date?
Under the GDPR rules, you are able to request the deletion of any of your records at any time.
Simply write to Lorraine requesting that your records are destroyed and once she has confirmed
your identity, she will do so. There is no charge for this service. Lorraine will then ensure that all your
paper records are shredded with a cross shredding machine. Any electronic data held by Lorraine,
such as emails or texts will be permanently deleted from the devices they are stored on. NB.
Lorraine may need to save the written deletion request you sent them, if her insurance company
insists on it, but would destroy any other data.
Am I able to see or get a copy of the information held by you?
In line with GDPR, if you send Lorraine a request in writing, specifying the data you wish to see, she
will supply you with a copy of your data within 30 days. Lorraine will need to confirm your identity
before sending you the information. There will be no charge for this service. NB Lorraine’s insurance
company’s legal team may wish to verify any information Lorraine sends out.
What are your reasons for collecting this information?
Lorraine is keen to offer the highest quality support to clients and in order to do so will collect the
following information:
• An idea of what you would like to achieve by coming for hypnotherapy
• A small amount of medical information
• Some brief session notes
• Your contact details
• GP contact details
• CORP research data
• Some basic information about your important others
This information allows Lorraine to provide continuity within the sessions, in order to help you
towards your goal. This information will allow Lorraine to refer to the content of earlier sessions and
previous discussions. Lorraine will only use your contact details/address and GP’s details with your
explicit consent. See client agreement and initial consultation. The CORP research programme
collects unidentifiable information for the purposes of producing scientifically measured outcomes
for Solution Focused Hypnotherapy.
How do I know that Lorraine will store my information safely?
• Paper session notes -Lorraine stores all paperwork behind two locks in line with GDPR guidance.
• Text messages -Lorraine’s phone is secured by a passcode.
• Emails-Lorraine’s email account and computer requires a password to access.
• CORP research data- accessed via a password protected programme on a laptop.
Are our discussions within the hypnotherapy sessions confidential?
Everything you discuss with Lorraine during your sessions remains strictly confidential. Occasionally
it may be necessary for Lorraine to discuss elements of your sessions with their supervisor to ensure
that they are helping you in the most effective way. However, no identifying features about you will
be disclosed during these discussions. Lorraine’s supervisor is also registered with the ICO and abides
by GDPR requirements.
What if I see Lorraine outside of a hypnotherapy session?
Lorraine is obliged by GDPR to always protect your confidentiality. So, for this reason, although she
may acknowledge you, it would be ideal if any further conversation could be avoided. However, if
you wish to discuss your therapy with other people, that is your choice, and you are welcome to do
so.
Lorraine is only able to contact other health and social care professionals with your written consent.
Should she write to your GP, to notify them that you have entered into a therapeutic relationship
with them, or to notify them that your therapy has been successfully concluded, Lorraine would
require your signature, in line with GDPR requirements. Lorraine does have a ‘duty of care’ towards
clients, so the only exceptions to this would be if she believed that you were about to harm yourself
or others. Should this occur then Lorraine would be required to inform the relevant authorities.
However, Lorraine would always aim to discuss this with you before taking any action. Legally,
Lorraine would also have to provide the police with information as set out in a warrant or court
order, should the situation arise.
Who is the Data Controller and what is their ICO registration number?
Data Controller is Lorraine Shoult. This policy was last updated 07/07/23. It may be updated yearly,
so please check back regularly to ensure that you're aware of the latest version. Please note that the
cookie policy for Website address is available to view online.
ICO Registration number: ICO:00013019742
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.