Privacy Policy - Mid-Cheshire Clinical Hypnotherapy

PRIVACY NOTICE (Data Processing)

Who we are and how we process your personal data

 David Webb / Mid-Cheshire Clinical Hypnotherapy complies with his obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing (and destroying it) securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

 We use your personal data for the following purposes

To deliver the services that clients have requested;

To contact those clients as necessary in accordance with the services they have requested;
To contact clients via surveys to ascertain their opinions on the service they received from us;
To maintain our own accounts and records.

 N.B. In the event that our recorded data is utilised for research purposes, our own supervision or for the instruction or tuition of students, all such data will be sufficiently anonymised to the extent that individual clients cannot be identified. Should a client indicate that their data should not be used for these purposes, we would refrain from using that data.

 Individual client data will never be passed to a third party without the express consent of the respective client, always provided that such confidentiality is neither inconsistent with the therapist’s own safety or that of the client, the client’s family members or other members of the public, nor in contravention of any legal action or legal requirement.

 In accordance with (my/our) need to maintain the possibility of access to client data as a result of returning clients or those who may wish to lodge a complaint in respect of our professional services to either our professional body or our insurers (i.e. in all cases perhaps after a long period of time has elapsed), we retain client data for a minimum period of 7 years. For clients under the age of 18, data will be retained until their 25th birthday.

 Our Lawful Basis for processing client personal data

 The client has given clear consent for (me/us) to process their personal data for a specific purpose. Further, the processing is necessary for both my client’s and my own legitimate interests.

 Your rights and your personal data

 Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

 The right to request a copy of your personal data which the Mid-Cheshire Clinical Hypnotherapy holds about you;

 The right to request that the Mid-Cheshire Clinical Hypnotherapy corrects any personal data if it is found to be inaccurate or out of date;

The right to request your personal data is erased where it is no longer necessary Mid-Cheshire Clinical Hypnotherapy to retain such data;

The right to withdraw your consent to the processing at any time;

The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [N.B. This only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].

The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

The right to object to the processing of personal data, (where applicable) [N.B. This only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]

 The right to lodge a complaint with the Information Commissioners Office. (See below).

 Complaints Notice

The client has the right to complain to the Independent Commissioner’s Office (ICO) if they think there is a problem with the way we are handling their data

(see https://ico.org.uk/concerns/handling/).

Who we are

Our website address is: https://midcch.co.uk.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.