This policy sets out how we at Bright Star Hypnotherapy use and protect the information that you provide when you use our services and our website.
When you contact us and through our initial consultation process, we will collect the following information. This information is collected in order for us to contact you regarding appointments and to enable us to understand more about you to help you to achieve your goals. All information gathered is confidential and is only used for the purposes of therapy session.
We protect your data in line with the General Data Protection Regulations 2018 (GDPR). Your rights under the GDPR principles are set out below.
2. The right of access - individuals will have the right to know exactly what information is held about them and how it is processed. If you wish to request data held about you please contact us in writing, whereupon we will respond within 30 days.
3. The right of rectification - individuals will be entitled to have personal data rectified if it is inaccurate or incomplete. If you believe any data we hold about you to be incorrect, please contact us in writing.
4. The right to erasure - also known as 'the right to be forgotten', this refers to an individual's right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue. We are legally required to hold all data on you for 7 years. After this any data will be destroyed.
5. The right to restrict processing - an individual's right to block or suppress processing of their personal data.
6. The right to data portability - this allows individuals to retain and reuse their personal data for their own purpose.
7. The right to object - in certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest. We will not use your data for marketing purposes unless you have given us specific permission to do so.
8. Rights of automated decision making and profiling - the GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing. We do not use any data for the purposes of automated decisioning or profiling
This policy will be updated from time to time in line with legislation.