This Privacy Policy explains how I comply with the GDPR (General Data Protection Regulation).  It explains when and why I collect personal information about you and how I protect any information you give me when you use this website or contact me by email, phone or in person.  In handling this information, I am bound by two sets of rules, the General Data Protection Regulations (GDPR) and those of my professional body, the General Hypnotherapy Standards Council (GHSC).

What information do I collect about you?

You are able to browse my website without providing any personal information.  If, at your own discretion, you request a telephone consultation via the online contact form, I need to know your name, phone number and email address so I can reply to you.  This information is private and stored securely until a time it is no longer required or has no use.

All other information that I collect about you comes from you, via email, phone call, or during our face to face sessions.  If you are under 18, I will need permission from a parent or guardian before working with you and I may get some information about you from them.

When we agree to work together, I collect the following personal information from you to help me provide relevant and effective therapy:

  • Name and contact details
  • Relevant health issues
  • Work information
  • Hobbies and interests
  • Lifestyle
  • Details of the issue you would like me to help with

You have no legal requirement to share any information with me, but collecting and using your personal information is essential so that I can understand your needs and provide you with appropriate therapy services.

The information I collect about you will be used to:

  • Deliver the therapy you have requested.
  • Reply to you if you contact me.
  • Contact you between therapy sessions if necessary.
  • Maintain my internal records.

Security

All information is kept securely as per the recommendations and legislation set out by GDPR. In order to prevent unauthorised access or disclosure, I have put in place suitable procedures to safeguard and secure the information I collect.

I am the only person who has access to this information unless:

  • There is a legal requirement for me to share the information (e.g. a court order or warrant is issued).
  • You ask me in writing to share your information with someone else.
  • The Duty of Care Provision from my Code of Ethics applies – see below.

There is no transfer of this personal data to third parties.

I keep the information you give me for seven years, which is the length of time required by my professional body and my insurance company.  After this time it is disposed of securely.

Website Visitor Tracking

When someone visits bridgetfreer.co.uk, the website host One.com, collects standard internet log information and details of visitor behaviour patterns. It does this to find out things such as the number of visitors to the various parts of the site and what part of the world those visitors are from. This information is processed in a way which does not identify any individual.  I do not make any attempt, or allow any third part to make any attempt, to find out the identities of visitors to my website.

Use of Cookies

This website uses does not use cookies – cookies being small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of websites.

Your rights

You have the following rights over the information I hold about you:

  • Portability – you can ask me to send your information to someone else.
  • Rectification – if you think my records are wrong you can ask me to change them.
  • Erasure – in some circumstances you can ask me to remove your details from my records (this is sometimes called ‘the right to be forgotten’).
  • Fair profiling – you can ask that any processes I automate are done by a person instead of a computer. I do not automate any information processing, although I do use an online contact form. If you prefer not to complete this, you can contact me by phone or email.
  • Right of access – you can have a copy of the information I hold at any time, by requesting it in writing. If you do this it will be provided within 30 days and free of charge.
  • Restricting processing – in some circumstances you can request that I stop processing your information.
  • Objection – you can object to the way I process information (e.g. if I were to use your information to send you direct marketing you do not want to receive) and you can ask me to stop using it in that way.
  • Information – you have the right to understand how I collect and process your information (hence this privacy policy).
  • You can withdraw your permission for me to use your information at any time, this means ending your therapy.
  • You have a right to complain to the Independent Commissioner’s Office (ICO)  if you have any problem with the way I store or use your data, or if you do not think your rights are being respected  https://ico.org.uk/concerns/handling/.

You can learn more about these rights at

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

My Professional Body

The GHSC ask me to keep the information you give me private and confidential unless one of the following applies:

  • there is a legal requirement for me to share information (as above).
  • there is good cause to believe that if I do not disclose information you or others would be exposed to a serious risk of harm.

These exceptions to the confidentiality rule come under a provision called the ‘Duty of Care’.  The Duty of Care provision applies to everyone.