This website address is https://www.hypnotherapyinoxfordshire.uk
If you wish to contact me, please see the Contact page.
Although I treat your emails with the same confidentiality as anything else, email is inherently insecure. Please exercise care when using email, as I cannot promise that no one else can access this data. In particular, I use Google’s Gmail to process emails.
I keep your emails only as long as required, and then delete them.
Contact via the website form uses email, and as such is not protected against interception. Please exercise the same care as if you were submitting an email.
Telephone, SMS, chat applications, postal mail.
Telephone calls, SMS, other chat applications, and postal mail are only as secure as the companies that provide the services, and the governments that control them. I cannot vouch for their security.
What personal data I collect and why I collect it
Problems can be connected in unexpected and non-intuitive ways, and so I keep records of anything that might be important even if it appears to be irrelevant.
I also keep your name, address and contact information.
With whom I share your data
I do not share your data with anyone, unless any of the following apply.
- I am required to do so for legal or regulatory reasons.
- To protect against harm.
- To address fraud.
- To protect confidential data.
- To protect the rights, interests or property of this business.
- I collaborate with therapists and life coaches worldwide for the purposes of education, mutual help and skills improvement. For this reason, I sometimes share case studies, which include only fully anonymised and relevant details.
- You have given explicit permission to do so, e.g. to allow me to contact your GP or to display a testimonial.
In all cases, sharing will be kept to only the pertinent details, and shared only with the applicable people.
Except where the above applies:
- I do not share your data with a spouse, partner, parent, child, or anyone else, except that a parent or legal guardian may request data about their charge (see “What rights you have over your data” below).
- If you provide a testimonial, I might use it and your personal details, but only to the extent that you give me explicit permission to do so.
For how long I retain your data
Both law and insurance require minimum data retention periods.
Subject to that, I keep your information only for as long as I need it for therapy; for follow-up; and when I believe that I should keep it for longer for potential future contact or problems.
How I keep your data
All data are kept electronically (not on paper) and encrypted to industry standards. Only I have the passphrase. No one else can access your data except as described in “With whom I share your data” above.
Any paper copies (e.g. notes and contracts) are scanned or copied into the encrypted electronic area, and the paper copy is shredded immediately afterwards.
Backups are also encrypted, with a separate passphrase. I use SpiderOak ONE (which is GDPR-compliant), which means that the backup is kept on servers in the USA. However, the data remains fully encrypted, both in transmission and on storage. Even the SpiderOak staff don’t have the passphrase, and so cannot access the data.
What rights you have over your data
You may request a written or electronic copy of your own data. I am legally required to confirm your identity before sharing the data. Such data will be provided in a timely manner.