Privacy Policy GDPR

Gregorio Sosa Clinical Hypnotherapist website is owned by Privacy Policy, which is a data controller of your personal data.

How will my data be processed and stored?In May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). Gregorio Sosa is GDPR registered. The changes to the Data Protection Act are aimed at ensuring your personal, confidential and sometime sensitive data, is held privately and securely. This means that any data you give to Gregorio Sosa must be processed in a way you agree with. GDPR exists to protect your rights as a consumer. It applies to your identifiable data, e.g., your Gregorio Sosa and address & any reason you might have for visiting Gregorio Sosa. It also covers any session records, text messages or emails between Gregorio Sosa & yourself. How long will you hold my information for? Gregorio Sosa is a member of the Organisation NCH. As such they are bound by their regulations regarding the length of time they must hold onto your information.

The Organisation insists that Gregorio Sosa must hold onto your data for 8 years after your final session. However, the rule for children is different and the Organisation stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old when Gregorio Sosa must keep their records until they reach their 26th birthday. Client records will be destroyed in January after the dates given above. This is in line with NHS regulations for holding data. What if I would like my data to be destroyed before this date?Due to the sensitive nature of what Gregorio Sosa offers, the insurance company advises that deletion of a client's data cannot occur before the minimum term (see above) has expired. Am I able to see or get a copy of the information held by you? In line with GDPR, if you send Gregorio Sosa a request in writing, specifying the data you wish to see, they will supply you with a copy of your data within 30 days. Gregorio Sosa will need to confirm your identity before sending you the information. There will be no charge for this service. NB Gregorio Sosa’s insurance company’s legal team may wish to verify any information Gregorio Sosa sends out. What are your reasons for collecting this information? Gregorio Sosa is keen to offer the highest quality support to their clients, and in order to do so they will collect the following information:

·An idea of what you would like to achieve by coming for hypnotherapy

·A small amount of medical information

·Some brief session notes

·Your contact details

·GP contact details

·CORP research data

·Some basic information about your important othersThis information allows Nameto provide continuity within the sessions, in order to help you towards your goal. This information will allow to refer to the content of earlier sessions and previous discussions. Gregorio Sosa will only use your contact details/address and GP’s details with your explicit consent. See client agreement and initial consultation. How do I know that Gregorio Sosa will store my information safely? Electronic paper session notes - Gregorio Sosa stores all electronic paper in a computer - Gregorio Sosa’s work phone is secured by password and face password - Gregorio Sosa’s email account requires security password to access emails. CORP research data- accessed via a password protected programme on a computer device. Are our discussions within the hypnotherapy sessions confidential Everything you discuss with Gregorio Sosa during your sessions remains strictly confidential. Occasionally it may be necessary for Gregorio Sosa to discuss elements of your sessions with their supervisor to ensure that they are helping you in the most effective way. However, no identifying features about you will be disclosed during these discussions. Gregorio Sosa’s supervisor is also registered with the ICO and abides by GDPR requirements. What if I see Gregorio Sosa outside of a hypnotherapy session? Gregorio Sosa is obliged by GDPR to protect your confidentiality at all times. So, for this reason, although they may acknowledge you, it would be ideal if any further conversation could be avoided. However, if you wish to discuss your therapy with other people, that is your choice and you are welcome to do so. Will Gregorio Sosa discuss information about me with other health and social care professionals? Gregorio Sosa is only able to contact other health and social care professionals with your written consent. Should they write to your GP, to notify them that you have entered into a therapeutic.

Relationship with them, or to notify them that your therapy has been successfully concluded, Gregorio Sosa would require your signature, in line with GDPR requirements. Gregorio Sosa does have a ‘duty of care’ towards their clients, so the only exceptions to this would be if they believed that you were about to harm yourself or others. Should this occur then Gregorio Sosa would be required to inform the relevant authorities. However, Gregorio Sosa would always aim to discuss this with you before taking any action. Legally, Gregorio Sosa would also have to provide the police with information as set out in a warrant or court order, should the situation arise. Who is the Data Controller and what is their ICO registration number? Data Controller is Gregorio Sosa, Clinic in 7, Dean Lane, BS331DB.This policy was last updated on Date. It may be updated at any time, so please check back regularly to ensure that you're aware of the latest version. Please note that the cookie policy for Website address is available to view online. ICO Registration number: XXXXXXXXXX

Signed Name ...................................................Date ........................

Contact information:

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to gregoriososa@gspsychotherapist.co.uk.