Nomad Hypnotherapy: Healing Journeys from Anywhere

Privacy Policy

Business Name: Nomad Hypnotherapy Effective Date: 23.12.25 Last Updated: 23.12.25

1. Introduction
At Nomad Hypnotherapy, I am committed to protecting and respecting your privacy. This policy explains when and why I collect personal information about my clients and website visitors, how I use it, the conditions under which I may disclose it to others, and how I keep it secure.

For the purposes of the General Data Protection Regulation (GDPR), the "Data Controller" is [Your Name] of Nomad Hypnotherapy.

2. What Information Do I Collect?
To provide safe and effective Solution Focused Hypnotherapy, I need to collect personal and sensitive information.

Personal Data (Identity & Contact)
Name, address, email address, and phone number.
Date of birth.
GP (Doctor) contact details.
Occupation.
Special Category Data (Sensitive Health Information)
Medical history and current health conditions.
Medication details.
Lifestyle habits (e.g., sleep patterns, alcohol consumption).
Session notes: As part of Solution Focused Hypnotherapy, I keep brief notes on your progress, scaling (1-10 scores), and the content of our sessions.

3. How Do I Collect This Information?
Information is collected primarily through:

Initial Consultation: Forms you fill out or answers you give verbally during our first meeting.
During Sessions: Notes taken during therapy sessions to track progress.

Electronic Communication: Emails, texts, or contact forms on my website.

4. Why Do I Need This Data? (Lawful Basis)
Under the GDPR, I rely on the following lawful bases to process your data:

Contract: To fulfill the contract of providing you with therapy services.
Legitimate Interest: To maintain records for my business administration and professional liability insurance.
Legal Obligation: To comply with tax laws (HMRC) and professional standards.
Special Category Data Condition: For the provision of health or social care or treatment (Article 9(2)(h) of the GDPR).

5. Confidentiality and Sharing Data
Everything discussed in our sessions is strictly confidential. I will not share your data with third parties without your permission, with the following strictly limited exceptions:

Risk of Harm: If I believe there is a significant risk of harm to yourself, another person, or a child. In such cases, I am ethically and legally obligated to contact appropriate authorities (e.g., your GP or emergency services).
Legal Requirement: If I am required to do so by a court of law.
Professional Supervision: As a requirement of professional standards, I attend supervision. I may discuss your case with my supervisor to ensure you receive the best care, but your identity will remain anonymous (e.g., referring to you as "Client A").

6. How I Store Your Data
I take data security seriously and use the following measures:

Paper Records: Kept in a locked cabinet/secure facility.
Digital Records: Stored on password-protected devices. Any files sent via the internet are sent through secure, encrypted email where possible.
Payment Data: I do not store credit card details. Payments are processed via [Insert Provider, e.g., PayPal/Stripe/Bank Transfer], who are responsible for their own secure data handling.

7. Data Retention (How Long I Keep It)
I am required by my insurance provider and professional body to retain client records for a specific period after our last session.

Standard Retention: [Usually 7 years] from the date of the last session.
Minors: For clients under 18, records are kept until they reach the age of 21 (or 7 years after the last session, whichever is longer).
After this period, paper records are shredded, and digital records are permanently deleted.

8. Your Rights
Under data protection law, you have rights including:

Right to Access: You have the right to ask for copies of your personal information (Subject Access Request).
Right to Rectification: You can ask me to correct information you think is inaccurate.
Right to Erasure: You can ask me to delete your personal information in certain circumstances (however, insurance retention requirements usually override this for clinical notes).
Right to Restriction of Processing: You have the right to ask me to restrict the processing of your information in certain circumstances.
To exercise any of these rights, please contact me at the details below.

9. Website Cookies
My website uses "cookies" to collect statistical information about your browsing actions and patterns. This does not identify you as an individual. You can switch off cookies in your browser preferences.

10. Contact Information
If you have any questions about this privacy policy or the information I hold about you, please contact:

Name: Corrina Whiteman
Email: [email protected]
Phone: 0300 000 000