GDPR Privacy Policy

GDPR Privacy Policy

The purpose of this privacy policy is to outline how William Hard Hypnotherapy has established measures to protect your privacy and information rights.

The basis on which we keep client data is that of “Legitimate Interests”. This means that the data is necessary for us to fulfil the contract that we have together (that is, to provide therapy) and that it is data that you would reasonably expect us to hold and use.


Your Rights

William Hard Hypnotherapy recognise your rights as a ‘data subject’ and that we have an obligation to uphold these rights.
This privacy notice aims to outline how we maintain these rights. It outlines:
• How we collect and process your information;
• Why we do this;
• How you can exercise your rights;
• Who to contact in the event you are unhappy with our performance.
In various circumstances, your rights are as follows:


Right to be Informed

This encompasses the obligation for us to be transparent in how we collect and use your personal data.

Right of Access

You have the right to access your personal data and supplementary information. Following a request, we will provide all your data that we have on file within 30 days (unless this is not possible due to holidays or illness).


Right of Rectification

If the data we hold about you is incorrect, inaccurate or incomplete, you can request that we correct this. Following a request, we will correct the information as soon as possible (and within 30 days, unless this is impossible due to holidays or illness).


Right to Erasure

You can request that we delete or remove personal data where this is no compelling reason for us to continue processing. Following a request, we will delete any computer records and destroy any paper records as soon possible (and within 30 days, unless this is impossible due to holidays or illness).

Note that data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing, but this would never include case notes or data such as address/email/phone.


Right to Restrict Processing

You have the right to request that we cease processing your data. If:
• You consider it inaccurate or incomplete;
• You object to processing and we considering whether we still have a legitimate interest to process it.

This would usually be a temporary measure before correction of any errors or before erasure.


Right to Data Portability

Where you have consented to our processing your data, or where the processing is necessary for us to deliver a contract, you can request a copy of that data be provided to a third party in electronic form.

For example, this may apply if you wish that we send your notes to another therapist. The simplest solution in such cases would likely be to return the data to you, which is covered under the Right to Access.

Right to Object

You have the right to object to our processing under certain circumstances. For example, you can object to:
• Direct marketing (including profiling). William Hard Hypnotherapy does not engage in these activities.
• Processing for purposes of scientific/historical research and statistics. Please provide grounds for your objection.
• Automated decision making (including profiling). William Hard Hypnotherapy UK Ltd does not engage in these activities.

This would usually be a temporary measure before correction of any errors or before erasure.


Right to Data Portability

Where you have consented to our processing your data, or where the processing is necessary for us to deliver a contract, you can request a copy of that data be provided to a third party in electronic form.

For example, this may apply if you wish that we send your notes to another therapist. The simplest solution in such cases would likely be to return the data to you, which is covered under the Right to Access.

Right to Object

You have the right to object to our processing under certain circumstances. For example, you can object to:
• Direct marketing (including profiling). William Hard Hypnotherapy does not engage in these activities.
• Processing for purposes of scientific/historical research and statistics. Please provide grounds for your objection.
• Automated decision making (including profiling). William Hard Hypnotherapy does not engage in these activities.

For example, this may apply if you wish that we send your notes to another therapist. The simplest solution in such cases would likely be to return the data to you, which is covered under the Right to Access.


Right to Object

You have the right to object to our processing under certain circumstances. For example, you can object to:
• Direct marketing (including profiling). William Hard Hypnotherapy Ltd does not engage in these activities.
• Processing for purposes of scientific/historical research and statistics. Please provide grounds for your objection.
• Automated decision making (including profiling). William Hard Hypnotherapy does not engage in these activities.

Information We Collect

Please find below a summary of the information we hold and how we use this to deliver services to you.

Basic Personal Records, Contracts, Correspondence and Billing

Our basis for processing this information is that it is necessary for us to deliver the services that you have contracted to.


The data we hold includes:
• Basic information such as name, email address, phone number;
• Information that you give us as part of the work we do together;
• Records of what interventions that we use (or potentially do not use) in our sessions;
• Emails, texts and/or messages that are sent between us;
• Information sent from any third party, e.g. GP, insurance company, EAP;
• Audio recordings of sessions (unless you specifically object).


Special Category Data

Some of the information that you provide may be regarded as special category of data as defined by the General Data Protection Regulation (GDPR), Article 9. The condition for processing this special data is “processing is necessary for… medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems” (2,h). However, data on any criminal offences (including allegations, proceedings and convictions) will require your specific consent in order to hold any such information.

Sharing Your Data

Data is not shared with anyone, except possibly your GP (see GP info section below), and for any reasons covered by the Requirements for Disclosure section below. However, if you were to make a complaint about us to our professional body GHR, we would be entitled to share your notes with any investigation procedures.


Transfer and Storage of Data

We share data with a number of third parties in the course of delivering our services. These are summarised below:
• We use Microsoft Office 365 to handle our email and other office automation (Microsoft’s servers and hence, online software, are GDPR compliant);


• We have a firm of accountants who operate payroll on our behalf and carry out auditing (any information is shared using encrypted and password protected documents);
• Any emails sent between us are held either on our computer’s hard drive or Microsoft Exchange Server;
• If emails are archived, they are stored in Microsoft OneDrive which is secure cloud-based storage which is itself GDPR compliant;
• Any texts/WhatsApp messages/Messenger messages sent between us (See Social Media and Electronic Information section below) are held on a Samsung mobile phone which is fingerprint/code protected;
• If you use PayPal or online banking, then these systems will hold your data. We will download from these systems for accounting purposes and the resulting spreadsheets are held in password-protected documents in Microsoft OneDrive.

Any credit card information is destroyed as soon as processed.

Your notes are handwritten and are kept in a locked filing cabinet. A coding system enables the therapist to know to whom the notes belong, but should a stranger see them, they would not be able to identify to whom they referred.

Any audio recordings are stored in a secure computer database on a computer which is not connected to the internet and is password protected and accessible only by the Data Controller and Processor, William Hard.

Your data is kept for 7 years. The length of time is based on the requirements of our insurer. After this time, any paper records are destroyed, and computer records permanently deleted.


Securing Your Information

William Hard Hypnotherapy takes the security of data seriously and as such:
• All data is held securely (see details of Transfer and Storage of Data above);
• Any data transmitted is sent encrypted and password-protected, where possible;
• For accounting purposes, encrypted and password-protected Microsoft Excel spreadsheets are used.

However, please note that:
• We are not in control of data (including emails and texts) which you send to us;
• Mobile phone and desktop applications such as Facebook routinely access any information held on electronic devices and this is beyond our control.

If there is any breach of data security Day and Night Therapy/TMI Outreach UK Ltd. will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.

This privacy policy outlines how we are transparent in our processing. Please get in touch with us through the ‘Contact Us’ section of our website to find out more or to exercise your information rights.



Share by: