Privacy Policy

Who we are

Resource Hypnotherapy (‘Resource Hypnotherapy or ‘we’ or ‘us’) is a ‘Data Controller’ for the purposes of UK Data Protection legislation. This means we are responsible for, and control the processing of, your Personal Data. We are committed to the appropriate protection and use of personal information, collected through our websites, telephone calls, emails and other mediums.

Data we collect

We use different methods to collect data from and about you including;

• Calling us or using our online messaging service. When calling or messaging you will be asked for your name, telephone number and email address.

• Additional information will be taken to access your initial inquiry, to understand the nature of your concerns, any medical conditions in order to determine suitability for hypnotherapy.

• When you attend an appointment, the therapist will collect additional personal data as well as special categories of personal data relating to health – see below for further information.

• Communications received (phone or letter) from other multidisciplinary professionals involved in your care e.g. referral letters or treatment updates.

We collect Personal Data provided by you which may include, but is not limited to, your name, email address, phone number, gender, date of birth and in some cases personal preferences, existing or historical medical details.

Our website may use cookies and collects IP addresses, which means a number that can uniquely identify a specific computer or other device on the internet. This non-personal identification data may be collected whenever you interact with our website and may include technical data about your browser, type of device used, operating system, Internet service provider, and other similar data.

Special Category Data Collected

Due to the nature of our business, patient sensitive personal data may be collected in relation to health matters. Such data is provided with explicit consent of the patient.

How do we use personal data?

We use personal data in the normal course of our business, for example:

• to respond to enquiries about our Services. Lawful basis: Legitimate Interests.

• to provide our Services, including to treat patients and to provide advice and support. Lawful basis: Contract and Healthcare.

• to analyse and improve the Website and the Services, for example to improve the visitor or patient experience. Lawful basis: Legitimate Interests, however where for example applicable law requires your consent to use certain cookies, we will ask for your Consent having provided you with relevant information.

• in certain circumstances, to share it with a limited number of third parties as described in this policy, for example for operational requirements and business continuity purposes. The legal bases are discussed below.

Legal basis for processing special categories of personal data

Where that personal data is in a ‘special category of personal data’ such as your health data, we will also need a separate legal basis for that processing. In descending order of use, that legal basis will be that the processing:

• is necessary for the purposes of provision of the service

• is based on your explicit consent (‘Explicit Consent’) in which case we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent, or

• is necessary to protect your or another person’s vital interests where you are physically or legally incapable of giving consent (‘Vital interests’).

Legal basis for processing any personal data

The legal basis for processing of personal data relating to you will be (in descending order of use) that the processing:

• is necessary to perform a contract with you, for example to provide treatment to you and to invoice you (‘Contract’),

• is necessary to comply with our legal obligations, for example to retain personal data for a specified period (‘Legal Obligation’),

• is necessary for our legitimate interests in carrying out our business, including to maintain, improve and market our products and services, provided those interests are not outweighed by your rights and interests (‘Legitimate Interests’),

• is based on your consent (‘Consent’), in which case we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent, or

• is necessary to protect your or another person’s vital interests (‘Vital Interests’).

Sharing your Personal Data

We do not sell or trade your Personal Data to others.

We may share personal data in the following limited circumstances. In each case, we share the minimum personal data necessary.

• For purposes of your treatment and direct care, we may share your personal data and discuss our treatment of you as our patient with the healthcare professional who referred you to our practice. Legal basis: Contract and Healthcare.

• For purposes of your treatment and direct care, we may recommend that we refer you to a third-party practitioner or practice as their patient. We will only share your personal data in this situation with your prior explicit consent. Legal basis: Explicit Consent.

• To protect your or another person’s vital interests. Legal basis: Vital Interests or SC Vital Interests.

• We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. Legal basis: Legal Obligation.

• For provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third party providers, such as with our contractors and advisors to help us operate, secure our business. Legal basis: Legitimate Interests or Contract.

Your Personal Data rights

You have certain rights concerning the information we hold about you, as defined under the UK General Data Protection Regulation. If you wish to exercise these rights, please contact us, with your name and email address.

• Requesting a copy of your information - You may request a copy of any data we hold about you.

• Updating or correcting your information - It is important that the information we hold about you is accurate. If you change email address, or any of the other information we hold is inaccurate or out of date, please contact us so that we can correct our records.

• Deleting your information - You have the right to request erasure of your personal information in certain circumstances. Data will be retained no longer than necessary in accordance with legal obligations and regulatory requirements.

• Automated decision making - We do not use any personal information for automated decision making or profiling; your data is not subject to automated decision making or profiling.

Keep your Personal Data safe

We take your data security very seriously and have put in place physical, and electronic procedures to safeguard and secure your information these include:

• The use of an email encryption service for sending and receiving letters and referrals

• Password best practice including two factor identification where applicable.

How to contact us

If you wish to contact us, please send an email to Isabel.rosen@protonmail.com or phone +44 7392 752 872