top of page

Privacy Policy

Information for you about how we look after personal information about you.

 

Background

 

The General Data Protection Regulations (GDPR) came into force in May 2018. There is a lot of terminology used within the GDPR, but basically this is about how personal information is collected about you and how we use and look after it. This document sets out the detail about how the personal information provided will be used and looked after and explains your rights in relation to it.

 

1.Our commitment to you

 

Our commitment is to:-

 

  • Keep personal information about you safe and private;

  • Not use personal information for any purpose other than in connection with your children’s studies, keeping you informed of information about the business, to continue to develop the business to deliver the most effective and rewarding experience possible and in accordance with the other purposes set out in this notice;

  • Make it easy for you to approach us if you have any concerns or questions relating to the holding of personal information;

  • Not provide personal information to others save where legally required to do so or to assist us with our tasks.

 

​

2.Who we are and how we operate

 

 

Raise Hypnotherapy is a service operated in person and online to treat a range of conditions.

 

The Data Controller at Raise is Debbie Ray.

 

To operate effectively Raise Hypnotherapy require some personal information about you. We set out in this document what personal information is collected and how it is used.

 

 

3.How information is collected from you

 

​

Information might be collected by providing information verbally, whether face to face or by telephone, completion of paper documents or by electronic means such as through email or interaction with our website. Please ensure that all personal information is accurately provided as the information which is held is only as accurate as the information provided in the first place.

 

If any of the personal information provided changes, please notify the Data Controller as soon   as possible in order that the personal information can be updated.

 

​

4.What personal information will the Data Controller collect from you?

 

​

The Data Controller will require the following information about you:-

 

  • Name;

  • Address;

  • Contact details;

  • Date of birth;

  • Health related information and other information relevant to being able to treat you most effectively;

 

The Data Controller may also ask for or receive contextual information about you. This might, for example, relate to your lifestyle, interests and

skills, be about your family including the structure of it and the occupation of the parent(s), any background issues that may be impacting upon your treatment.

 

 

5.Who will the Data Controller provide personal information to?

 

​

The Data Controller will not provide personal information for use by anyone else without your specific consent or unless this is necessary for health and safety reasons, to comply with child protection policies and procedures, otherwise in relation to child welfare and child protection, for example in cooperating with local and public authorities to comply with legal requirements and those of regulators, or unless it is otherwise provided for in this Privacy Notice.

 

 

6.What about outsourcing by the Data Controller?

 

​

It is possible that the Data Controller will pass personal information to other organisations to assist him or her. This is not for other organisations to use on their behalf but rather to process information on the Data Controller’s behalf. This will be for the efficient and effective administration and running of the business and provision of the study programme for example for IT needs including for the purposes of establishing, developing and maintaining relevant databases including the data collection system and customer relationship management, but also for purposes such as book-keeping and accounting, training and printing.

 

​

7.What will the Data Controller use the personal information for?

 

​

  • to provide the course of treatment;

  • ensure the quality of the service;

  • to respond to enquiries about the service offered;

  • to seek feedback about service experiences;

  • to address and communicate about operational issues such as the need to close suddenly or amend an appointment, for example because of illness or bad weather;

  • to record and/or report upon the progress of the treatment;

  • to respond to complaints.

​

​

•To ensure vital interests:-

​

 

This relates to your health and safety. For example, if there was a medical emergency the Data Controller may need to provide relevant medical information about you to the emergency services. Similarly, information may be provided to local or public authorities where welfare and child protection issues arise.

​

 

•When it is the Data Controller’s legal duty

​

​

The Data Controller may in very rare circumstances be required by child welfare and child protection issues to provide information to local or public authorities including the police.

 

​

•When legitimate interests apply

​

​

It is possible that from time to time the Data Controller may wish to communicate with you concerning other matters which may be of interest to you. The nature of such contact will be:-

 

  • Providing news updates about developments;

  • To communicate about particular opportunities and useful information about particular trials, promotions and campaigns.

 

Any communication under this heading will be of the nature referred to above. The Data Controller will not communicate to you under this heading where there is any perceived detriment to you in receiving the communication.

 

If you do not wish to receive communications under this heading, please contact the Data Controller and let her know which type of communications you would not wish to receive. If you receive this notice electronically you can do so by clicking the link in the Schedule.

 

​

•When you consent

 

​

There are certain uses to which the Data Controller will not put personal information without your specific consent. Where such consent is requested it will be sought separately. It is likely to be in areas such as in publicity photographs, names and/or photographs in publicity material and/or publication of reviews.

 

If consent is given it can be withdrawn at any time by providing notification to the Data Controller in writing or by email.

​

​

•Other

 

​

The Data Controller may also use personal information for management and statistical   purposes to enable better running of the practice.

 

 

8.What happens if I don’t wish to provide personal information to the Data Controller?

 

​

The Data Controller requires the personal information set out in this privacy notice in order to ensure that the Raise service can be safely and effectively delivered to you and continually developed and improved. Without this information it will not be possible to deliver the service as well as we would like.

If you do have an objection to any personal information being used under the heading ‘Legitimate Interests’ you may object to the Data Controller. If the Data Controller or wishes to gather personal information for which consent is required they will obtain that specific consent before gathering that information and you have the right not to provide such information.

 

 

9.How long will you keep personal information for?

 

​

The Data Controller will only retain personal information:-

 

  • For as long as necessary to fulfil the purposes it was collected for as set out in this Privacy Notice;

 

  • In relation to those that enquire about the services which we can provide we would not normally keep that information for longer than 12 months after the last communication from the enquirer;

 

  • Whilst you are receiving treatment it is necessary for us to retain the personal information. Thereafter we will not normally keep it for longer than 24 months unless we have legitimate reasons, including child protection reasons, for doing otherwise;

 

  • In some circumstances you have the right to request erasure of personal information held.  This will be addressed below.

 

 

10.Your rights in relation to the information held in relation to you

 

​

  • Access - the right to make what is known as a Subject Access Request to either a copy of the personal information which we hold about you or your children. If you make such a request we are required, in most circumstances, to provide a copy of the personal information without charge and within 30 days. You may also seek confirmation of the personal information that the Data Controller holds about you.

 

  • Correction – it is important that you keep the Data Controller up to date with any changes to the personal information provided. Subject to that you have the right to ask the Data Controller to correct or complete any inaccurate or incomplete data held about you. It is possible that evidence will be required of the new information provided.

 

  • Erasure – you are entitled to ask either the Data Controller to delete or remove personal information held where there is no good reason for the Data Controller to continue to hold it. It may not always be possible to comply with your request due to ongoing obligations in relation to the personal information. However, where this is the case you will be informed and be told of the reasons why it is not possible to comply with the request.

 

  • Object to processing – you may object to the Data Controller processing personal information. There are some circumstances in which it will not be possible to comply with your request, for example if it is necessary to process the information in connection with obligations which the Data Controller has and which have been explained to you in this document. If you object to the Data Controller processing information which has been processed under the legitimate interest head, we will stop processing it.

 

  • Restriction of processing – you may ask the Data Controller to suspend processing of personal information in the following situations:-

 

  • If you want the data accuracy to be established;

  • Where the use of the personal information is unlawful but you do not want it to be erased;

  • You need the data to be held even though the Data Controller no longer requires it as you need it to establish, exercise, or defend legal claims; or

  • You have objected to the use of the data by the Data Controller but the Data Controller need time to determine whether they have overriding legitimate grounds to process it.

 

  • Request the transfer of information – sometimes rights apply to request a transfer of personal information held to other organisations. This right only applies to personal information that is processed by automated means and is held because it was necessary for the performance of the contract with you or personal information which is processed based on consent.

 

 

11.Keeping personal information safe

 

​

The Data Controller has put in place appropriate security measures to prevent the personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to personal information is limited to those employees and contractors who have a business need to know the personal information and will only be processed upon instructions from  the Data Controller and procedures had been put in place to deal with any suspected breach of the requirements under the GDPRs and you and/or the Regulator referred to below will be notified of any potentially significant breach.

 

​

12.What happens if you want to complain?

 

​

It is hoped that you will not have cause to complain. If you do complaints relating to the Data Controller should be referred to the Data Controller where possible. If it is not possible or appropriate to refer a complaint to the Data Controller it may be referred to the Regulator. This will vary depending upon whether you are based in the UK or Ireland. For the UK the contact details are:-

 

Information Commissioner's Office Wycliffe House

Water Lane Wilmslow Cheshire SK9 5AF

For more information contact www.ico.org.uk In Ireland the contact details are:-

Office of the Data Protection Commissioner Canal House

Station Road Port Arlington Co. Laois

R32 AP23

 

For more information contact www.dataprotection.ie

 

 

13.If I have any questions who do I ask?

 

​

Please ask your Data Controller using the details in the Schedule.

 

 

Dated 10th January 2021

 

Schedule

 

Contact information

 

 

Data Controller:

Mrs. Debbie Ray

debbierayPA Ltd

26 Grimshaw Lane

Ormskirk

L39 1PD

07951070568

debbie@raisehypnotherapy.co.uk

float away stress and anxiety

Hypnotherapy is effective however success is not guaranteed, and full client commitment is important. Listening to the hypnotic induction track between sessions is a vital element in the process and participation is required. This will be fully explained in the initial consultation.

  • Facebook
  • Instagram

© 2020 by Raise Hypnotherapy

bottom of page