Client GDPR Policy
Terms
“Eteri McKenzie” and “Eteri McKenzie Hypnotherapy” are used interchangeably in this document.
General
This Policy explains what data Eteri McKenzie may collect from clients and how it is used or stored. It ensures compliance with the General Data Protection Regulations (GDPR).
How long will you hold my information for?
Eteri McKenzie is a member of the following professional associations: CNHC, AfSFH, and NCH. She is bound by their regulations regarding the length of time client information must be retained. These organisations require that data is held for eight (8) years after the final session. For children, data must be held until their 25th birthday, except for young adults whose treatment ends at 17 years old. For them, records must be kept until their 26th birthday. Client records will be securely destroyed in January after these dates, in line with NHS regulations.
What if I would like my data to be destroyed before this date?
Certain data must legally be retained, including session notes and related communications. However, you may request these be anonymised by removing all identifying information. The remaining data will then be stored with coded filenames. Requests for account deletion and anonymisation can be emailed to Eteri McKenzie at no cost.
Am I able to see or get a copy of the information held by Eteri McKenzie Hypnotherapy?
Under GDPR, you can submit a written request specifying the data you wish to access. Eteri McKenzie will provide the information within 30 days after confirming your identity. There is no charge for this service, although her insurance company’s legal team may verify the information.
What and Why is the Data Collected?
To offer the highest quality support, Eteri McKenzie collects:
- Your therapy goals
- Relevant medical information
- Brief session notes
- Contact details (yours and your GP’s)
- Basic information about significant others
This data ensures continuity and effectiveness in your sessions. Contact and GP details are only used with explicit consent, barring exceptional circumstances (see below).
How do I know my information will be stored safely?
- Session Notes: Taken on a PIN-/biometric-secured tablet, stored as PDFs in a secure electronic folder.
- Paper Notes: Either securely digitised and destroyed or stored in a locked cabinet within a locked room.
- Text Messages: Mobile phone secured by fingerprint/PIN.
- Emails: Protected by a strong password.
Are our discussions within hypnotherapy sessions confidential?
Yes, everything discussed remains strictly confidential. Occasionally, anonymous details may be shared with a supervisor for professional support. Supervisors are GDPR-compliant and ICO-registered.
What if I see Eteri McKenzie outside of a session?
To maintain confidentiality, Eteri McKenzie will acknowledge you but avoid further conversation. You are free to discuss your therapy with others as you wish.
Will Eteri McKenzie discuss information about me with other professionals?
Contact with other professionals requires your written consent. This includes notifying your GP about starting or completing therapy, unless exceptions apply (see below).
When might confidentiality have to be broken?
If Eteri McKenzie believes you are at risk of harming yourself or others, she may be obligated to notify relevant authorities. This will be discussed with you beforehand if possible. Legal obligations, such as complying with a court order, also apply.
Who is the Data Controller, and what is their ICO registration number?
- Data Controller: Eteri McKenzie Hypnotherapy
- ICO Registration Number: ZB873137
Last Updated: January 2025
This policy may be updated at any time. Please check regularly to ensure you have the latest version. For the website privacy policy, visit Privacy Policy.
