The Privacy policy in accordance with the Data Protection Act (2018)


Outlined in this policy

  1. Data Obtained and retained

  2. Kept up to date and accurate

  3. Legally retained information for a specified period in association with The National Hypnotherapy Society

  4. Measures taken to securely store data 

  5. Ensure GDPR compliance is adhered to

What is Data Protection

The data Protection Act aims to protect an individual’s rights and freedom to privacy, in respect of personal data processing.

It applies to paper and electronic records containing personal information relating to living individuals who can be identified from the data.

Individuals have the right to gain access to their own data; they are entitled to make a subject access request in order to do this. This implies access to:

  • A description of their personal data

  • The purposes for which it is being processed

  • Details of whom this information may be disclosed to and in what circumstances

Types of date held

Data classes refers to the type of data which is being held about clients. Stephanie Murphy holds the following type of details:

  • Personal details – name, email address, phone numbers

  • Some limited medical information (disclosure of serious health conditions and medication)

  • Doctor’s name and address

  • Client notes

  • Hypnotherapy scripts, which are anonymised

Hard copy storage

Client details are collected by means of a client questionnaire and contract, to be signed by both Stephanie Murphy and the client – with a scanned copy provided so that both parties have access to the terms of engagement.

Both the contract, questionnaire and any notes shall be kept in a securely locked filing cabinet, accessed only the sole key-holder, Stephanie Murphy.