At hypnotherapylounge.co.uk, owned by Amber365 Limited, we understand the importance of maintaining the privacy and confidentiality of your personal health information.
This Patient Privacy Policy explains how we collect, use, and protect your personal data as a hypnotherapy patient and your rights regarding that information under applicable privacy laws, including the GDPR.
By accessing our services, you agree to the terms outlined in this policy.
1. Data We Collect
We collect and process personal health information from you, which may include:
- Personal Identification Information: Name, address, phone number, email address, and other contact details.
- Health Information: Medical history, psychological conditions, current medications, details of therapy sessions, and other relevant health data provided during your consultations.
- Session Data: Notes, recordings, and assessments from your hypnotherapy sessions.
2. How We Use Your Data
We use your personal and health information for the following purposes:
- Providing Hypnotherapy Services: To assess, plan, and deliver personalised hypnotherapy treatments.
- Communication: To communicate with you regarding appointments, therapy plans, or follow-up care.
- Improving Care: To improve the quality of our services through reviews, evaluations, and feedback.
- Legal Compliance: To comply with legal obligations, such as keeping medical records for a specified period.
We will only process your data when necessary for these purposes and with your consent where required.
3. Legal Basis for Processing
The legal bases for processing your personal and health data include:
- Consent: We require your explicit consent to collect and process sensitive health data.
- Contractual Necessity: To provide the services you have requested and maintain accurate records of your treatment.
- Legal Obligations: To comply with health, safety, and regulatory requirements for medical data.
4. How We Share Your Data
Your health information is kept strictly confidential and is only shared under the following circumstances:
- With Your Consent: If you provide written consent for sharing your information with other healthcare providers or third parties.
- Service Providers: We may share data with trusted third-party providers who support our services (e.g., booking systems, data storage providers). These providers are bound by confidentiality agreements.
- Legal Requirements: We may share your data when legally required to comply with a legal obligation or protect the rights, property, or safety of our business or patients.
5. Data Retention
We retain your personal and health data for as long as is necessary to provide services to you, comply with legal requirements, or fulfill contractual obligations.
Health records are typically retained for at least 7 years from the date of the last treatment session, unless a longer retention period is required by law.
6. Your Rights as a Patient
As a patient, you have the following rights regarding your personal and health data:
- Right to Access: You can request access to the personal and health information we hold about you.
- Right to Rectification: You can request correction of any inaccurate or incomplete information.
- Right to Erasure: You have the right to request the deletion of your data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
- Right to Restrict Processing: You can request that we limit the processing of your health data.
- Right to Object: You can object to the processing of your data for specific purposes, such as marketing or research.
- Right to Withdraw Consent: If consent is the basis for processing your data, you may withdraw it at any time.
To exercise any of these rights, please contact us at the details provided below.
7. Data Security
We take the security of your personal and health data seriously. We implement appropriate technical and organisational measures to protect your information from unauthorised access, alteration, disclosure, or destruction. However, no method of data transmission over the internet is completely secure, and we cannot guarantee absolute security.
8. Complaints
If you believe your privacy rights have been violated, you can file a complaint with the relevant data protection authority or supervisory body in your jurisdiction. In the UK, you can contact the Information Commissioner’s Office (ICO) for further assistance.
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
9. Changes to This Policy
We may update this Patient Privacy Policy periodically to reflect changes in our services or legal requirements. Any updates will be posted on this page with a revised “Last Updated” date.
10. Contact Us
If you have any questions or concerns about this Patient Privacy Policy, or if you wish to exercise any of your data rights, please email or write to us at Amber365 Limited:
155 Armstrongs Fields, Aylesbury, Buckinghamshire, HP22 7BX, United Kingdom.
Amber365 Limited company registration number is 9210824.