GDPR Statement

How will my data be processed and stored? 

In May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). Hypnotherapy By Madi is GDPR registered. The changes to the Data Protection Act are aimed at ensuring your personal, confidential and sometime sensitive data, is held privately and securely. This means that any data you give to Hypnotherapy By Madi must be processed in a way you agree with. GDPR exists to protect your rights as a consumer. It applies to your identifiable data, e.g., your name and address & any reason you might have for visiting Hypnotherapy By Madi. It also covers any session records, text messages or emails between Hypnotherapy By Madi & yourself.  

​

How long will you hold my information for? 

Hypnotherapy By Madi is a member of the National Council for Hypnotherapy. As such they are bound by their regulations regarding the length of time they must hold onto your information. The National Council for Hypnotherapy insists that Hypnotherapy By Madi must hold onto your data for 8 years after your final session. However, the rule for children is different and the Organisation stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old when Hypnotherapy By Madi must keep their records until they reach their 26th birthday. Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.  

​

What if I would like my data to be destroyed before this date? 

Due to the sensitive nature of what Hypnotherapy By Madi offers, the insurance company advises that deletion of a client's data cannot occur before the minimum term (see above) has expired.  

​

Am I able to see or get a copy of the information held by you? 

In line with GDPR, if you send Hypnotherapy By Madi a request in writing, specifying the data you wish to see, they will supply you with a copy of your data within 30 days. Hypnotherapy By Madi will need to confirm your identity before sending you the information. There will be no charge for this service.  

​

NB Hypnotherapy By Madi’s insurance company’s legal team may wish to verify any information Hypnotherapy By Madi sends out.  

​

What are your reason for collecting this information? 

Hypnotherapy By Madi is keen to offer the highest quality support to their clients and in order to do so they will collect the following information:  

• An idea of what you would like to achieve by coming for hypnotherapy 

• A small amount of medical information 

• Some brief session notes 

• Your contact details 

• GP contact details 

• CORP research data 

• Some basic information about your important others 

This information allows Hypnotherapy By Madi to provide continuity within the sessions, in order to help you towards your goal. This information will allow Hypnotherapy By Madi to refer to the content of earlier sessions and previous discussions. Hypnotherapy By Madi will only use your contact details/address and GP’s details with your explicit consent. See client agreement and initial consultation.  

​

How do I know that Hypnotherapy By Madi will store my information safely? 

Paper session notes - Hypnotherapy By Madi stores all paperwork in a locked cabinet. 

Text messages - Hypnotherapy By Madi’s work phone is secured by fingerprint recognition and a password. 

Emails - Hypnotherapy By Madi’s email account requires a password to access emails.   

CORP research data- accessed via a password protected programme on a secure laptop device. 

​

Are our discussions within the hypnotherapy sessions confidential? 

Everything you discuss with Hypnotherapy By Madi during your sessions remains strictly confidential. Occasionally it may be necessary for Hypnotherapy By Madi to discuss elements of your sessions with their supervisor to ensure that they are helping you in the most effective way. However, no identifying features about you will be disclosed during these discussions. Hypnotherapy By Madi’s supervisor is also registered with the ICO and abides by GDPR requirements.  

What if I see Hypnotherapy By Madi outside of a hypnotherapy session? 

Hypnotherapy By Madi is obliged by GDPR to protect your confidentiality at all times. So, for this reason, although they may acknowledge you, it would be ideal if any further conversation could be avoided. However, if you wish to discuss your therapy with other people, that is your choice and you are welcome to do so.  

​

Will Hypnotherapy By Madi discuss information about me with other health and social care professionals? 

Hypnotherapy By Madi is only able to contact other health and social care professionals with your written consent. Should they write to your GP, to notify them that you have entered into a therapeutic relationship with them, or to notify them that your therapy has been successfully concluded, Hypnotherapy By Madi would require your signature, in line with GDPR requirements. Hypnotherapy By Madi does have a ‘duty of care’ towards their clients, so the only exceptions to this would be if they believed that you were about to harm yourself or others. Should this occur then Hypnotherapy By Madi  would be required to inform the relevant authorities. However, Hypnotherapy By Madi would always aim to discuss this with you before taking any action. Legally, Hypnotherapy By Madi would also have to provide the police with information as set out in a warrant or court order, should the situation arise.  

 

Who is the Data Controller and what is their ICO registration number? 

Data Controller is Madeleine Kish, Hypnotherapy By Madi. This policy was last updated 28.4.2025. It may be updated at any time, so please check back regularly to ensure that you're aware of the latest version.  

ICO Registration number: 00010032776