Name: Julia Lewis
Phone Number: 07780837466
To offer you a safe and ethical hypnotherapy service, I need to hold certain personal information from the point of our initial contact, until after our hypnotherapy sessions have ended. Your security is important to me, and I will take every precaution to keep all information shared with me safe and secure and only use it for the purpose it was given to me.
I collect the following personal information:
Some of this information is categorised as ‘sensitive’, which means I am legally required to take strong measures to protect your confidentiality.
I obtain your personal information via the following means:
GDPR states that there must be a lawful basis for processing personal data. I collect this data initially to allow me to fulfil a contract between myself as a Clinical Hypnotherapist involved in the provision of a healthcare service to you, the client.
Client Paper records - are stored in a secure location in a locked cabinet or safe. I use a bag with a lock to transport documents to sessions where required. Except for the initial face-to-face meeting, client contact forms are stored separately from client case notes and linked via a unique client code.
Client Phone – phone contacts are stored on a smart phone protected via passcode / facial recognition and to which only I have access. I will store your telephone number for the duration of our work then delete this from my phone.
Client SMS / Text – your telephone number may be stored in my SMS if we exchange messages this way and held on the phone’s SMS app. I will delete these from the phone on completion of our work. Any messages that relate to our hypnotherapy work, e.g., confirmation of reading the therapy agreement or linked to session content, will be stored either in electronic encryptable format or as paper documents.
Continuum-Hypnosis Website – none of your data is collected by my website. You can choose to contact me directly via the contact information held on my website site.
Video/Audio Recordings - any videos or audio recordings I make will be stored on a local password protected hard drive.
Payment details (Bank Transfer) - If you (or someone on your behalf) choose to pay for a session by bank transfer, then my bank will record the transactions, and these will appear on my bank statements.
*nb: Recording sessions, in person or online, requires the explicit consent of both the therapist and client. To do so without such an agreement will be considered a breach of this privacy agreement.
As part of our therapy agreement, I will ask you to provide contact details of an emergency contact. Having obtained your prior permission, if an emergency arises during our session, I will also seek your consent in real-time, if possible, before contacting your nominated emergency contact.
If there is a risk of serious harm, or medical emergency, then I may share necessary information with emergency services. I will seek your consent to do this as part of our therapy agreement before beginning therapy, and will also seek consent in real-time, if possible, before doing so.
If the need to contact an emergency contact or emergency services arose, I would not disclose that the reason for our meeting was for the purpose of conducting a hypnotherapy session.
There are some circumstances where I am legally required to disclose illegal activities, for example, if I am made aware of activities related to drug trafficking or terrorist activity.
If ordered to by a court, I am l required by law to provide personal, relevant information.
I would also, if required, share documentation such as receipts and invoices, appointment diaries and bank statements with the HMRC for tax-related issues.
If tested positive for COVID-19, I may be required to provide the details of people I have been in contact with to the NHS track and trace system. In this case, I would need to provide your name and contact details if our last meeting was within the relevant time frame.
I would not disclose that the reason for our meeting was for the purpose of conducting a hypnotherapy session.
I share a limited amount of personal data on bank statements and invoices/receipts with third parties, to fulfil legal obligations regarding tax and accounting purposes.
If your appointments are paid for via a third-party the only information shared is regarding attendance or non-attendance for payment purposes.
If you have been referred via Anxiety UK, there may be times where selected information needs to be shared with third-parties due to legal obligation or contractual obligation, as outlined in the Anxiety UK Therapy Services Therapist - Client Contract - Member / Partner referrals document which you have signed. Details of the content of our sessions will not be disclosed.
I will never pass on your contact details to any third-party organisations for sales or marketing purposes.
For the delivery of online hypnotherapy sessions, I use the video conferencing platform Zoom. This uses the Advanced Encryption Standard (AES) 256 with a one-time key for each online session. The Zoom platform I use meets GDPR and Health Insurance Portability and Accountability Act of 1996 (HIPPA), which is considered the “gold standard” of secure online communication in healthcare.
I ensure that this software is kept fully up to date and that all devices I use run up to date software and, where appropriate have anti-virus/malware software installed.
No personal information is shared with Zoom as part of the hypnotherapy process.
Whilst Zoom offers end to end encryption, like all online platforms, complete confidentiality cannot be guaranteed. If you have concerns over this, then I am happy to discuss these.
Documents requiring signature are sent via secure encrypted email service, protected by a unique user password, issued separately to clients via SMS/text message.
I am based in the UK and, as such, governed by UK jurisdiction.
If at any point I discover a breach of security resulting in personal data being compromised I will inform you and take relevant action to report this in accordance with GDPR regulations.
I will hold paper contact form details for three months after our last meeting, after which this will be securely shredded and disposed of securely. If you return after more than three months, then a new paper contact form will be created.
I will hold electronic and paper documents related to our hypnotherapy sessions for eight years after ending the process, in accordance with insurance, and legal obligations and in line with other forms of health records, as required by the CNHC. After this time, I will shred or delete these documents securely.
Details regarding cash payments, receipts, invoices, bank statements and appointment diaries are retained for six years should the HMRC need to review these for tax associated matters. After this time, I will shred or delete these documents securely.
Under GDPR, 2018 guidelines you have the following rights:
If you have any concerns about how I use your personal data, then please contact me at firstname.lastname@example.org .
You can also complain to the Information Commissioners Office (ICO) if you are unhappy with how your personal information is treated.
The ICO’s address is:
This privacy notice may be updated from time to time, so please check occasionally for any updates.