07710 360926

Privacy Policy

Deborah Winyard Hypnotherapy
Address: 17 Adams Way, Earley, Reading, Berkshire, RG6 5UT
Email: debbie@deborahwinyardhypnotherapy.com
Telephone: 07710 360926
Website: www.deborahwinyardhypnotherapy.com
Effective date: 03/11/2025
Next review date: 02/11/2026

1. Introduction

This Privacy Policy explains how I, Deborah Winyard, collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018.

I am the Data Controller for all personal data I process in connection with my clinical hypnotherapy services.

I take your privacy very seriously and am committed to maintaining the confidentiality and security of your personal information.

2. Information I collect

When you contact me or receive hypnotherapy services, I collect and hold personal information such as:

  • Your full name, address, telephone number, and email address.

  • Date of birth and preferred gender identity.

  • Emergency contact details.

  • Relevant medical history, health and psychological information, and GP details.

  • Session notes, treatment goals, progress summaries, and consent forms.

  • Referral details (for example, from Changes4Life, AnxietyUK).

  • Payment information, invoices, and receipts.

  • Communication records, including emails and messages.

  • Data submitted via my website contact form.

If you visit my website, technical data (such as IP address, browser type, and cookies) may also be collected for basic functionality and analytics.

3. Why I collect your information

Your personal data is used for the following purposes:

  • To assess your needs and provide appropriate hypnotherapy services.

  • To maintain accurate records of our work together.

  • To manage appointments, communication, and payments.

  • To comply with professional, legal, and insurance requirements.

  • To coordinate care with your GP, or another professional, if appropriate and with your consent.

  • To receive referrals (for example, from Changes4Life and AnxietyUK).

  • To ensure the safe and effective operation of my website and online contact form.

4. Lawful basis for processing

I process your personal data on the following legal grounds under the UK GDPR:

  • Contract: Processing is necessary for the performance of a contract (to deliver therapy services you have requested).

  • Legal obligation: To meet record-keeping, accounting, and insurance requirements.

  • Legitimate interests: For effective communication, practice management, and ensuring continuity of care.

  • Special category data (health information): Processed under Article 9(2)(h) – necessary for the provision of health care or treatment by a health professional bound by confidentiality.

  • Consent: For specific purposes such as sharing information with third parties or sending marketing materials (if you have opted in).

5. How I store your data

Your information is stored securely using the following methods:

  • Paper records (e.g. client notes) are stored in a locked filing cabinet accessible only to me.

  • Electronic records are stored on an encrypted laptop and backed up to Dropbox, which provides secure, encrypted cloud storage.

  • Emails are received and stored via a Gmail account linked to my website contact form, which is password-protected and uses Google’s secure servers.

  • All devices and systems are protected by strong passwords and encryption.

  • Data is regularly reviewed, and unnecessary or outdated information is securely destroyed.

6. Who I share your information with

Your personal data is treated as strictly confidential. It will only be shared in the following circumstances:

  • With your explicit consent: For example, sharing information with your GP or another healthcare provider.

  • With Changes4Life, AnxietyUK: Where you have been referred by them or I need to update them about your referral, with your consent.

  • In exceptional circumstances: If I believe you or someone else is at risk of serious harm, I may need to share relevant information with appropriate authorities, in line with safeguarding obligations.

  • When required by law: For example, if ordered by a court or required for tax or regulatory compliance.

  • With service providers: Such as Dropbox (data storage) or Google (Gmail and website hosting), which act as secure data processors under GDPR-compliant agreements.

  • With my insurer or professional adviser: Only if necessary, and usually in anonymised form.

Your data will never be sold or shared for marketing or commercial purposes.

7. Data retention

I keep your personal data for only as long as necessary:

  • Client records: 7 years after the final session, or until a child client reaches age 25, whichever is longer.

  • Financial and tax records: Retained for 6 years as required by HMRC.

  • Website contact form enquiries: Retained for up to 12 months unless you become a client, after which it is held in line with client record retention.

  • Marketing data: Retained until you withdraw consent or unsubscribe.

At the end of the retention period, all records are securely destroyed by shredding (paper) or permanent digital deletion.

8. Your rights under data protection law

You have the following rights:

  • Access – to request a copy of your personal data.

  • Rectification – to correct any inaccurate or incomplete information.

  • Erasure (“right to be forgotten”) – to request deletion of your data where appropriate.

  • Restriction – to limit how your data is used.

  • Data portability – to receive your data in a portable format.

  • Objection – to processing based on legitimate interests or for marketing purposes.

  • Withdraw consent – where processing is based on consent, you may withdraw it at any time.

To exercise your rights, please contact me at debbie@deborahwinyardhypnotherapy.com.
Requests will be acknowledged promptly and completed within one calendar month.

If you are not satisfied with my response, you may raise your concerns with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

9. Website, cookies, and online communication

My website, www.deborahwinyardhypnotherapy.com, uses cookies to improve functionality and analyse site usage.
You can manage or delete cookies through your browser settings.

If you use the contact form on my website, the information you submit (your name, email, phone number, and message) is sent securely to my Gmail account. This information is used solely to respond to your enquiry and is not shared with third parties without your consent.

No automatic decision-making or profiling takes place using your personal data.

10. Security and confidentiality

I take appropriate technical and organisational measures to safeguard your personal data, including password protection, encryption, and secure storage.

Confidentiality may only be broken if required by law or if there is a serious risk of harm to yourself or others.

11. Changes to this Privacy Policy

This Privacy Policy is reviewed annually, or sooner if there are relevant changes in legislation or professional guidance.
The latest version will always be available on my website and upon request.

Deborah Winyard Hypnotherapy
Committed to protecting your privacy and maintaining the highest professional standards.

 

Copyright © 2025 - dashboard
POWERED BY ROCKETSPARK
Shape Created with Sketch.
Home
About me
Working together
Hypnotherapy
Virtual Hypnotherapy
Treatments & Fees
My FeesAnxietyHypnotherapy for Health AnxietyPhobiasDriving Test AnxietyStressWeight Loss & Binge EatingStop SmokingStop VapingHypnosis for ConfidenceLoss and GriefMaking Better DecisionsTrauma & PTSDChronic Pain
Contact
Hypnotherapy near ReadingHypnotherapy EarleyHypnotherapy near WoodleyHypnotherapy near Wokingham
Blog