Client Confidentiality and Privacy Policy

Client Confidentiality and Privacy Policy

Client Confidentiality

Client confidentiality is the cornerstone of a responsible hypnotherapy practice. All information disclosed, notes made and everything said during the therapy session is strictly confidential and never shared nor sent to anyone else. All client records and notes are electronic and to comply with legal, professional and insurance requirements, are securely stored, encrypted and retained for seven years. Professional duty of care requires InMindz to raise concerns with the appropriate authorities if there is a real prospect of self-harming or harming others.

Privacy Policy

InMindz complies with our obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date, by storing (and destroying it) securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes:

  • To deliver the services that clients have requested;
  • To contact those clients as necessary in accordance with the services they have requested;
  • To contact clients via surveys to ascertain their opinions on the service they received from us;
  • To maintain our own accounts and records.

Individual client data will never be passed to a third party without your express consent, always provided that such confidentiality is neither inconsistent with the therapist’s own safety or that of the client, the client’s family members or other members of the public, nor in contravention of any legal action or legal requirement.

In accordance with the need to maintain the possibility of access to client data because of returning clients or those who may wish to lodge a complaint in respect of our professional services to either our professional body or our insurers (i.e. in all cases perhaps after a long period of time has elapsed), we retain client data for 7 years. For clients under the age of 18, data will be retained until their 25th birthday.

Our lawful basis for processing client personal data:

  • The client has given clear consent for us to process their personal data for specific purposes;
  • Further, processing is necessary for both the client’s and our own legitimate interests.

Your rights and your personal data. Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which InMindz holds about you;
  • The right to request that InMindz corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for InMindz to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right to request that InMindz provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data (where applicable);
  • The right to lodge a complaint with the Information Commissioners Office. (See below).

Complaints Notice

  • If you believe any information we hold about you is incorrect, please write to our registered office address or email as soon as possible. We will promptly correct any incorrect information.
  • You have the right to complain to the Independent Commissioner’s Office (ICO) if you believe there is an issue regarding the way in which your data has been handled.
  • InMindz is registered with the Information Commissioner’s Office registration number ZA024770.