GDPR Policy

Privacy Notice – Trancespire Hypnotherapy

At Trancespire Hypnotherapy, your privacy is of utmost importance. This Privacy Notice explains how I, Lorraine Sheppard, Clinical Hypnotherapist and sole trader, handle your personal information in accordance with the General Data Protection Regulation (GDPR) and the National Council for Hypnotherapy (NCH) Code of Ethics.

Who is responsible for your data?

As the owner of Trancespire Hypnotherapy, I am both the Data Controller and Data Protection Officer.
ICO Registration Number: ZB900787

Trancespire Hypnotherapy is registered with the Information Commissioner’s Office (ICO). You can find out more about your rights at https://ico.org.uk.

Why I Collect Your Information

Your personal data is essential for me to:

  • Create a tailored treatment plan

  • Provide safe, effective hypnotherapy

  • Maintain accurate records for professional and legal compliance

  • Process payments and communicate with you about appointments

You are not legally required to share personal data, but if you choose not to, I may not be able to provide an effective therapeutic service.

What Personal Information I May Collect

I may ask for:

  • Your full name and contact information

  • Medical history and current health conditions

  • Social, family, and professional background

  • Lifestyle details, hobbies, and interests

  • The specific issues you are seeking help for

If you are under 18, I will also collect consent and relevant information from a parent or guardian.

How I Collect Your Information

Most of the information comes directly from you. However, I may receive information from:

  • Parents/guardians (if you are under 18)

  • Referring professionals (e.g., employer or GP)

  • Other health or care providers, with your consent

How Your Information Is Used

I use your information to:

  • Provide personalised hypnotherapy

  • Communicate with you between sessions when needed

  • Maintain records for insurance and regulatory purposes

  • Collect payments for services

How Will My Data Be Stored and Secured?

Your data will be securely stored in one or more of the following ways:

  • Digitally encrypted files on password-protected devices

  • Secure cloud storage with two-factor authentication

  • Paper records stored in a locked cabinet within a secure location

Only I have access to your data unless legal or ethical obligations require otherwise.

How Long Will You Hold My Information?

  • Adult client records are kept for 7 years after our last session.

  • For clients under 18, records are kept until age 18, then stored for an additional 7 years.

After this period, your records will be shredded or permanently deleted.

Can I Request My Data Be Destroyed Sooner?

Yes. Under the “right to erasure”, you may request that your data be deleted before the retention period ends.
Please note: In some cases, legal or ethical obligations may prevent immediate deletion (e.g., safeguarding concerns).

Can I Access the Information You Hold About Me?

Yes. Under GDPR, you have the right to:

  • Request a copy of all information I hold about you

  • Request that incorrect information be corrected

  • Ask for your data to be deleted or for its use to be restricted

I will respond to such requests within 30 days.

Are Our Sessions Confidential?

Yes, everything discussed in your hypnotherapy sessions is confidential, except where I am legally or ethically obligated to share information. These exceptions include:

  • If there is risk of serious harm to you or others

  • If required by law (e.g., court order)

  • If you consent in writing for me to share information with another party

  • If you are referred by an employer and have agreed to a specific level of information sharing

I may also share anonymised case details in supervision or training, with all identifying information removed.

What Happens if I See You Outside of a Session?

If we see each other in public, I will respect your privacy and not initiate contact or acknowledge our therapeutic relationship, unless you do so first. This is to protect your confidentiality.

Will You Discuss My Information With Other Professionals?

I will only speak to other health or care professionals:

  • With your explicit, written consent

  • If required by law or safeguarding duties

  • If part of a pre-agreed information-sharing process (e.g., employer referral or care team involvement)

COVID-19 and Public Health

In accordance with government guidelines, if I (or a member of my household) test positive for a notifiable disease such as COVID-19, your contact details only may be shared with NHS Track & Trace or relevant authorities.

Your Rights Under GDPR

You have the legal right to:

  • Be informed about how your data is used (this document serves that purpose)

  • Access your personal data

  • Correct inaccurate data

  • Request erasure of your data

  • Restrict how your data is processed

  • Object to how your data is used in specific situations

Concerns or Complaints

If you have concerns about how your data is handled, you have the right to file a complaint with the ICO.
More information is available at:
https://ico.org.uk/your-data-matters