Who I am and how I process your personal data
Dr Rosalind Green of DrRosalindHypnotherapy.com complies with her obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing (and destroying it) securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
I use your personal data for the following purposes
To deliver the service that you have requested;
To contact those clients as necessary in accordance with the services they have requested;
To maintain my own accounts and records.
Individual client data will never be passed to a third party without the express consent of the respective client, always provided that such confidentiality is neither inconsistent with the therapist’s own safety nor that of the client, the client’s family members or other members of the public, nor in contravention of any legal action or legal requirement.
In accordance with my need to maintain the possibility of access to client data as a result of returning clients or those who may wish to lodge a complaint in respect of our professional services to either our professional body or our insurers (i.e. in all cases perhaps after a long period of time has elapsed), I retain client data for a minimum period of 7 years. For clients under the age of 18, data will be retained until their 25th birthday.
My Lawful Basis for processing client personal data:
The client has given clear consent for me to process their personal data for a specific purpose. Further, the processing is necessary for both my client’s and my own legitimate interests.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of your personal data which DrRosalindHypnotherapy.com holds about you;
The right to request your personal data is erased where it is no longer necessary for DrRosalindHypnotherapy.com to retain such data;
The right to withdraw your consent to the processing at any time;
The right to request that I provide the client with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable).
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable)
The right to lodge a complaint with the Information Commissioners Office. (See below).
Complaints Notice
The client has the right to complain to the Independent Commissioner’s Office (ICO) if they think there is a problem with the way I am handling their data
(see https://ico.org.uk/concerns/handling/).
Your digital data will be protected by password and 2-factor identification.
DrRosalindHypnotherapy.com is registered with the Information Commissioner's Office (ICO). ZB928468
All your data will be destroyed by Mr Neil Lang of Southview Consulting (UK) in the event of my permanent incapacity.
(reviewed June 2026)
1. Who I am
- Email: hypnotherapy@greendoctor66.com
- Location: London, UK
2. What data I collect
a) Basic personal data
- Name
- Email address
- Phone number
- Appointment details
b) Special category data (health data)
- Mental health information
- Medical background (where relevant)
- Session notes and therapy records
c) Technical data
- IP address
- Browser/device information
- Usage data (via cookies – see Section 8)
3. How I use your data
- To provide therapy services
- To manage bookings and appointments
- To communicate with you
- To maintain clinical records
- To comply with legal and professional obligations
- To improve website functionality and user experience
4. Lawful bases for processing
|
Activity
|
Lawful basis
|
|
Responding to enquiries
|
Consent
|
|
Providing therapy services
|
Contract
|
|
Maintaining therapy records
|
Legal obligation + legitimate interests
|
|
Follow-up communication
|
Legitimate interests
|
|
Health information processing
|
Explicit consent + provision of health care
|
5. Data sharing
- Professional bodies or insurers (where required)
- Legal or regulatory authorities (if legally required)
- Service providers that support my business, including:
- Website hosting providers
- Booking platforms (e.g. WebHealer or equivalent)
- Email and mailing list providers (e.g. Mailchimp)
6. International data transfers
- UK-approved safeguards are in place (e.g. Standard Contractual Clauses)
- Data protection standards are not materially lower than those in the UK
7. Data retention
- Therapy records: minimum 7 years after last contact
- Under 18s: until age 25
- Enquiry data: up to 12 months if no ongoing relationship
8. Cookies and website tracking
- Ensure website functionality
- Analyse website usage
- Improve performance
- Obtain your consent before placing non-essential cookies
- Provide clear options to accept, reject, or manage cookies
9. Automated decision-making
10. Your rights
- Access your personal data
- Request correction of inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
11. Complaints procedure (DUAA requirement)
Step 1: Contact me
Step 2: Escalate to the ICO
12. Data security
- Secure storage systems
- Access controls
- Confidentiality procedures
- Encrypted communication where appropriate
13. Children’s data
- Appropriate parental or guardian consent will be obtained
- Additional safeguards will be applied to protect their data
14. Changes to this policy
