top of page
PRIVACY POLICY

 

PRIVACY POLICY

 

 

Who I am

Controller: Lynda Fitzpatrick
Phone Number: 07306746411
Website: www.clickhypnotherapy.com
E-mail: support@clickhypnotherapy.com
ICO Registration Number: ZB308790

The UK GDPR is the principal legislation governing how records, information, and personal data are managed. It sets in law how personal and special categories of information may be processed.

1. How I Process Your Personal Data

Click Hypnotherapy’s data controller, Lynda Fitzpatrick, complies with her obligations under the UK General Data Protection Regulation (UK GDPR) by:

  • Keeping personal data up to date

  • Storing and destroying data securely

  • Not collecting or retaining excessive amounts of data

  • Protecting personal data from loss, misuse, unauthorised access, or disclosure

  • Ensuring appropriate technical measures are in place, including encryption, access restrictions, and two-factor authentication for electronic data

2. The Personal Data I Collect

I collect and process the following types of personal information:

  • Name, age, contact information (email, phone number, address)

  • Relevant health information (e.g., symptoms, medication, medical history & GP contact details if applicable)

  • Relevant information shared during sessions (e.g., goals)

  • Payment and invoicing details (if applicable)

​​

3. How I Collect Your Data

Data is collected through:

  • Online intake and consent forms via Microsoft 365 Business and Wix Forms

  • Email communications via Gmail (Google Workspace)

  • Phone and text communications

  • In-session notes

  • Booking or payment platforms (e.g., TidyCal, Stripe)

 

All electronic data collected via these platforms is stored securely, encrypted, and access is restricted to authorised personnel only.

4. Why I Process Your Data

I use your personal data to:

  • Deliver the services you have requested

  • Manage bookings and communicate with you

  • Maintain professional records

  • Comply with legal and professional obligations

 

Lawful basis for processing under UK GDPR:

  • Contract: clear consent to provide therapy services

  • Legitimate interest: for safe and effective practice

  • Legal obligation: to retain records as required

 

By submitting forms, bookings, or payments, you provide explicit consent for the processing of your personal and health information via the services described above.

5. Sharing Your Data

Your data is kept confidential. I do not share it with third parties unless:

  • You request or consent to it

  • I am legally required to (e.g., safeguarding concerns, court orders)

  • I share anonymised case material with a professional supervisor (standard practice for safe and ethical therapy)

 

All third-party services (Microsoft 365 Business, Gmail, TidyCal, Stripe, Wix Forms) act as data processors under GDPR and are bound by contractual agreements to ensure security and confidentiality.

Individual client data will never be passed to any other third party without your express consent, except where necessary for safety or legal obligations.

6. How Long I Keep Your Data

In accordance with my need to maintain the possibility of access to client data as a result of returning clients or those who may wish to lodge a complaint in respect of our professional services to either our professional body or our insurers (i.e. in all cases perhaps after a long period of time has elapsed), I retain client data for a minimum period of 7 years. For clients under the age of 18, data will be retained until their 25th birthday.

Data stored by third-party processors is also subject to GDPR-compliant retention policies.

7. How Your Data Is Stored

Your data is stored securely:

  • Digitally via encrypted files and GDPR-compliant cloud services (Microsoft 365 Business, Gmail/Google Workspace, Wix Forms, TidyCal, Stripe)

  • Access to electronic data is restricted to authorised personnel, protected with strong passwords and two-factor authentication

  • Paper records (if used) are stored in a locked, secure location

​​

8. Your Data Protection Rights

Under data protection law, you have rights including:

  1. Right of access – request copies of your personal information

  2. Right to rectification – correct inaccurate or incomplete information

  3. Right to erasure – request deletion of your personal data in certain circumstances

  4. Right to restriction of processing – limit how your personal data is used in certain circumstances

  5. Right to object to processing – object in certain circumstances

  6. Right to data portability – request your personal data be transferred to another organisation or to you

 

You are not required to pay any charge for exercising your rights. Requests will be responded to within one month.
 

Please contact us at support@clickhypnotherapy.com to exercise any rights.

How To Complain

If you have any concerns about our use of your personal information, you can make a complaint to me at support@clickhypnotherapy.com.

 

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO address is:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow

Cheshire SK9 5AF
 

Helpline: 0303 123 1113
Website: https://www.ico.org.uk

bottom of page