GDPR & PRIVACY NOTICE
GDPR, Data Protection and Confidentiality
Privacy Notice & Cookies
I collect personal information from you as part of my client induction process. In handling this information, I am bound by two sets of rules, the General Data Protection Regulations (GDPR) and my professional body’s (the GHR) code of ethics. This page will explain how these affect the way I work.
Who I am and how I process your personal data
I am both the Data Controller and the Data Protection Officer. My contact details are, Ghitta Basson, email@example.com, 07717 748203
The information about you that I collect comes from you, via direct conversations, email correspondence and agreement form (either online or on paper)
You have no legal requirement to share information with me, but if you do not I will not be able to offer you my services
The purpose of collecting personal information from you is to enable me to decide if I can offer you my therapy services, to administer the therapy programme once you are enrolled, to enable me to invoice you and receive payment, and to provide you with information via email
I use your personal data for the following purposes
The categories of data/information I collect include: your name and contact details, your payment preferences, your medical history, your therapeutic issues, case history, and ongoing treatment records
You give me permission to hold and use this information in line with these guidelines when you apply for therapy services
I keep the information you give me for seven years after your treatment finishes, which is the length of time suggested by my professional body and insurance company for client records
Sharing your information: I do not share your information
My professional body’s code of ethics also allows me to share anonymous case histories verbally or in hypnotherapy publications for the purposes of supervision or training. Anonymous means your personal details are removed and no information that might identify you is used.
I only divulge sensitive information where there is a legal requirement for me to do so e.g. where the Children’s Act applies or a court order is issued, or when there is good cause to believe that if I do not disclose information you or others would be exposed to a serious risk of harm.
My Lawful Basis for processing client personal data
You have rights over the information I hold about you. These are:
Portability – you can ask me to send your information to someone else
Rectification – if you think my records are wrong you can ask me to change them
Erasure – in some circumstances you can ask me to remove your details from my records (this is sometimes called ‘the right to be forgotten’)
Fair profiling – you can ask that any processes I automate are done by a person instead of a computer. I don’t currently automate any information processing, although I may use online forms to collect information.
Right of access – you can have a copy of the information I hold at any time, by requesting it in writing. If you do this it will be provided within 30 days and free of charge.
Restricting processing – in some circumstances you can request that I stop processing your information
Objection – you can object to the way I process information (e.g. if it is used to send you direct marketing and you don’t want to receive this) and can ask me to stop using it in this way
Information – you have the right to understand how I collect and process your information (hence this privacy notice)
You can withdraw your permission for me to use your information at any time, although it would mean terminating the treatment programme
You have a right to complain to the ICO if you have any problem with the way I store or use your data, or if you do not think your rights are being respected (see below)
The client has the right to complain to the Independent Commissioner’s Office (ICO) if they think there is a problem with the way we are handling their data
What are cookies?
Who sets the cookies?
The cookies stored on your computer or other devices when you access this website are set by Rewind Your Mind, our suppliers who partner with us to help deliver a high-quality website and on-line shopping experience, and other third parties. Some cookies are set by or on behalf of Rewind Your Mind and are necessary to enable customers to make purchases on our website.
Cookies may also be set by third parties who participate with us in affiliate marketing programmes. None of these third parties collect any personal data from which they would be able to identify individual customers.
What are cookies used for?
The main purposes for which cookies are used are:-
1. For technical purposes essential to the effective operation of the website, particularly in relation to on-line transactions.
3. To enable Rewind Your Mind to collect information about the browsing and shopping habits and activities of customers, including to monitor the success of campaigns, competitions etc.
4. To enable Rewind Your Mind to meet its contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.
How do I disable cookies?
If you want to disable cookies you need to change your website browser settings to reject cookies. How to do this will depend on the browser you use and we provide further detail below on how to disable cookies for the most popular browsers:-
For Microsoft Internet Explorer:
1. Choose the menu “tools” then “Internet Options”
2. Click on the “privacy” tab
3. Select the setting the appropriate setting
For Mozilla firefox:
1. Choose the menu “tools” then “Options”
2. Click on the icon “privacy”
3. Find the menu “cookie” and select the relevant options
For Opera 6.0 and further:
1. Choose the menu Files > “Preferences”
What happens if I disable cookies?
This depends on which cookies you disable, but in general, the site may not operate properly if cookies are switched off. If you only disable 3rd party cookies you will not be prevented from making purchases on this site. If you disable all cookies you will be unable to complete a purchase on this site.
Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
Details collected automatically from the site, including the IP addresses or domain names of the computers utilized by the users who connect to the site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of provenance, the features of the browser and the operating system utilized by the visitor, the various time details per visit (for instance the time spent on each page) and the details about the path followed within the site with special reference to the sequence of pages visited, other parameters about the operating system and the user’s IT environment.