Embedded Files
Last Updated: May 2026
As a hypnotherapist I respect and ensure your privacy and only collect information that informs safe and effective practice.. This notice explains how I collect, use, and protect your personal information when you book a consultation or use my therapy services.
I operate as a "Data Controller" under UK data protection laws, including the UK GDPR and the Data (Use and Access) Act.
1. Contact Details
1. Contact Details
Name: Lauren Hayes
Email Address: lauren.hayes@tuneintoyouhypnotherapy.com
ICO registration reference: ZB977141
2. Personal Information I collect
2. Personal Information I collect
To provide safe, professional, and effective therapy, I process two categories of information:
A. General Personal Data (For Administration)
A. General Personal Data (For Administration)
Your name, email address, phone number, and appointment booking times.
Emergency Contact Details: Name and phone number of a trusted contact, collected purely for safety purposes.
B. Special Category Data (For Clinical & Safe Practice)
B. Special Category Data (For Clinical & Safe Practice)
As hypnotherapy involves health and well-being, I collect highly sensitive information during our initial consultation and subsequent sessions:
As hypnotherapy involves health and well-being, I collect highly sensitive information during our initial consultation and subsequent sessions:
Relevant medical history, physical/mental health conditions, and current medications.
Brief, handwritten or typed clinical session notes outlining our progress.
3. Lawful Basis for Processing Your Information
3. Lawful Basis for Processing Your Information
Under the UK GDPR, I must have a valid legal reason to hold your data.
For General Data: I process this under Contractual Obligation to manage and deliver the appointments you book.
For Special Category (Health) Data: Because health data is sensitive, I satisfy Article 9(2)(h) of the UK GDPR, which permits the processing of health data for the provision of health or social care treatment.
4. How I Store and Protect Your Sensitive Data
4. How I Store and Protect Your Sensitive Data
I strictly apply the principle of security to protect your clinical information:
Digital Separation: Your basic booking details are handled securely in the cloud by Cal.com and Google Calendar (within secure European hubs).
Offline Medical Storage: To maximize security, your medical histories, health information, and clinical session notes never live on the internet. They are stored exclusively on a secure, password-protected external hard drive that remains offline and locked away when not in use.
How Your Data Moves (Third-Party Processors)
How Your Data Moves (Third-Party Processors)
To keep your data safe and professional, I use trusted, highly secure external platforms. Your information flows through the following secure systems:
Google Sites: Hosts this website.
Cal.com & Google Calendar: Acts as my automated booking assistant to process your appointment time and date. This data is securely stored within European data hubs under strict contractual protections.
IONOS: Securely hosts my business email network where your booking notifications arrive.
Doxy.me: The encrypted, medical-grade video platform used for our live video consultations. No video or audio from our therapy sessions is ever recorded or stored by Doxy.me or myself.
I will never sell, rent, or pass your information to third parties for marketing purposes.
5. Information Sharing and Confidentiality
5. Information Sharing and Confidentiality
Everything we discuss remains strictly confidential. Your data will only ever be shared under two very specific circumstances:
A. Communication with your GP (With Your Explicit Consent)
A. Communication with your GP (With Your Explicit Consent)
- As a matter of safe practice, I may occasionally need to request health information from or share updates with your GP.
- I will always ask for your explicit, signed consent before doing this.
- You have the right to refuse or withdraw this consent at any time.
- As a matter of safe practice, I may occasionally need to request health information from or share updates with your GP.
- I will always ask for your explicit, signed consent before doing this.
- You have the right to refuse or withdraw this consent at any time.
B. Safeguarding & Duty of Care (Legal Exemption)
B. Safeguarding & Duty of Care (Legal Exemption)
- I hold a professional duty of care to protect you and the public.
- I hold a professional duty of care to protect you and the public.
- I may share relevant information with medical professionals, emergency services, or local authorities without your consent only if:
- I may share relevant information with medical professionals, emergency services, or local authorities without your consent only if:
I reasonably believe you are at imminent risk of serious harm to yourself or someone else.
I am legally compelled to do so by a court of law or safeguarding legislation.
6. How Long I Keep Your Data
6. How Long I Keep Your Data
I keep your clinical files, contact details, and session notes for 7 years after our final session. This timeline is a strict mandatory requirement set by my professional hypnotherapy insurance body. Once this timeframe passes, all files on the external drive are permanently wiped and destroyed.
7. Your Data Protection Rights
7. Your Data Protection Rights
Under UK data protection law, you have distinct rights. You can ask to see what information I hold about you, request corrections to your files, or ask me to limit its processing.
You do not have to pay a fee to exercise your rights. If you make a request, I have one month to respond to you. Please contact me at lauren.hayes@tuneintoyouhypnotherapy.com
8. How to Complain
8. How to Complain
If you have any concerns about how your data is handled, please email me at: lauren.hayes@tuneintoyouhypnotherapy.com so I can resolve it.
You also have the right to lodge a formal complaint with the UK's data protection regulator:
Organisation: Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk
Helpline: 0303 123 1113
Page updated
Google Sites
Report abuse