Privacy Policy

Information Governance Policies and Procedures

Section A

Introduction

Data held by Calon Quay Therapy & Susan E Burn/Susie Burn-Strange Therapy will be held lawfully and for the retention periods set out in section B of this policy document. Calon Quay Therapy & Susan E Burn/Susie Burn-Strange Therapy ('we', 'I' 'my' 'our') will not disclose users' information to third parties unless legally bound to do, for example there is an identified risk to the client and/or others. I will process your personal data for the purposes of maintaining my client list and contacting you in future. Data collected by this site is used to:

• Contact you in response to an enquiry
• Administer and enhance my web site and service

The terms Calon Quay Therapy & Susan E Burn/Susie Burn-Strange Hypnotherapy ’ or ‘us’ or ‘we’ refers to the owner of the website. The term ‘you’ refers to the user or viewer of our website.

If you would prefer that we cease to send you further information about Calon Quay Therapy, Susan E Burn/ Susie Burn Strange Hypnotherapy  send an email or call or text us:

Email: calonquay@Email.com

Call/Text: 07934 982 750

This document refers to:

• Written Documents
• Spreadsheets
• Hardcopy case notes and files
• Database entries
• Images
• Recordings
• Emails
• Text messages
• Visits to the organisation’s website
• Social media communication

Aim and Purpose

The purpose of this document is to ensure that Calon Quay Hypnotherapy/ Susie Burn-Strange, has a framework that ensures the rights and freedom of individuals in relation to their personal data (Article 1) and adheres to best practice in the management of client information and business records.

Information Governance sets out the way in which information collated by an organisation is managed and ensures that any information collected:

• is the right information
• is in the right place
• at the right time
• with the right people
• for the right reasons

This is a live document and may be updated at any time to reflect changes in law or growth of the business, and therefore should be revisited regularly to check for any updates. Calon Quay Therapy & Susie Burn-Strange Hypnotherapy is fully committed to ensuring clients privacy and data protection rights.

For the purpose of this policy regarding Calon Quay Therapy & Susie Burn-Strange Hypnotherapy, Susan E Burn is the named Data Protection Officer/Controller. 

Information Governance Framework Principles for  Calon Quay Therapy / Susie Burn-Strange Hypnotherapy 

Assessment needs for Information Governance (IG) Training have been identified and fully met, a GDPR CPD Course has been completed and refresher training is completed every two years.

• Any changes to the business processes and/or operations will be planned and will comply with the framework to ensure any risks to personal and sensitive information are minimised.
• Any data collected is solely for the purpose of providing a person-centred service to an individual client.
• The Caldicott Principles are used to provide guidance in best practice when handling personal data, alongside the ICO’s Office Codes of Practice. (https://www.igt.hscic.gov.uk/Caldicott2Principles.aspx)
• All technology [Microsoft Office products & email) used to store or facilitate information and communication is maintained according to the Data Retention Policy for Calon Quay Therapy & Susie Burn-Strange Hypnotherapy. 
• All records are identifiable, locatable, retrievable, and intelligible according to regulations set out by GDPR.
• It is the responsibility of the Data Controller to ensure sufficient resources are in place to prioritise adhering to Data Protection Legislation in the business.
• Any electronic devices where personal or sensitive, confidential information is held will be password protected. Individual documents stored electronically will also contain individual passwords.
• Procedures have been put in place to ensure the General Data Protection Regulations are met. These can be found in Section C.

Section B

Privacy Notice: Use of information

In accordance with this data retention schedule there may be occasions when data is not destroyed due to ongoing investigation, ligation or enquiry. The data will be deleted upon confirmation that it is no longer required. 

On certain occasions, anonymised personal data may be retained, such as when a client provides a testimonial for use on the organisation’s website. In such cases, where data is non-identifiable, GDPR law no longer applies. Non-identifiable data means that if this data were left on a bus, no one, including the data subject, would be able to identify that it relates to them.

• Personal information is collated and stored in hardcopy in a locked filing cabinet behind a locked door.
• Any document containing personal data will clearly state “Official-sensitive, private and confidential.”
• All emails will contain a privacy statement.

Under the General Data Protection and Retention (2018) legislation, all individuals are entitled to the following rights regarding the processing of their personal data:

• - The right to be informed about the data processing activities.
• - The right of access to their personal data.
• - The right to rectify any inaccuracies in their data.
• - The right to have their data erased if it is no longer necessary.
• - The right to restrict the processing of their data.
• - The right to data portability, which allows them to transfer their data to other providers.
• - The right to object to the processing of their data, including profiling.

It is important to note that Calon Quay Therapy and Susie Burn-Strange/ Susan E Burn do not use automated decision-making tools, including profiling.

Website visitors

When an individual visits calonquay.com, Google Analytics, who are considered a third-party service, collects information about what visitors do when they click on my website, such as which page they visit the most. Google Analytics only collect non-identifiable data which means I or they cannot identify who is visiting. Calon Quay Therapy & Susie Burn-Strange will always be transparent when it comes to collecting personal data and will be clear about how that data is processed.

Website hosting

Calon Quay Therapy website is hosted on a hosting service provided by GoDaddy.com, a third-party provider. When you visit Calon Quay website using a web browser, your browser typically sends some information to the server such as the date and time of your visit, the operating system you use, and your IP address, the page or resource you are requesting, and so on. The web servers hosting my website use this anonymised data to help monitor my site’s performance, bandwidth usage, track any errors, and so on. The hosting services provided by GoDaddy.com are compliant with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Details of the Privacy Shield Framework can be found here https://www.privacyshield.gov/

Use of cookies

When accessing our Website, we will learn certain information about you during your visit.

Similar to other commercial websites, our website utilises a standard technology called "cookies" and web server logs to collect information about how our website is used. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our web site, your IP address.

A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site's computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites.

Analytical Cookies

This site utilises analytical cookies to generate insightful reports on website visitors, these cookies do not collect personal data from you. These cookies enable us to identify and quantify the number of visitors and discern their navigation patterns on the site. This data-driven information facilitates the enhancement of our website’s functionality.

Some of the following cookies may be used for analytical purposes:

__utma Google Analytics to monitor traffic levels, search queries and visits to this website

__utmb Google Analytics stores IP address anonymously on its servers and neither we nor Google associate your IP address with any personally identifiable information

__utmc Google Analytics to determine whether you are a return visitor to this site, and to track the pages that you visit during your session

__utmz Google Analytics stores the type of referral used by the visitor to reach this site

IP addresses

IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as “traffic data” so that data (such as the web pages you request) can be sent to you.

Email information

If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received online, mail and telephone.

How do we use the information that you provide to us?

In essence, we utilise personal information for the administration of our business operations, delivery of customer service, and provision of additional items and services to our existing and prospective customers.

When visiting our website, we will refrain from collecting personally identifiable information about you unless you explicitly choose to provide such information. Furthermore, such information will not be sold or otherwise transferred to unaffiliated third parties without the prior consent of the user at the time of collection.

We may use software programs to create summary statistics, which are used for such purposes as assessing the number of visitors to the different sections of our site, what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.

For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor network traffic to identify unauthorised attempts to upload or change information, or otherwise cause damage.

We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights.

A special note about children

My website and services are not suitable for children under the age of 13. Therefore, I kindly request that minors refrain from submitting any personal information to me. If you are a minor, you may use this site only with the permission and guidance of your parents or guardians.

I have an up-to-date enhanced DBS certificate.

How do we protect your information and secure information transmissions?

Email is not recognised as a secure medium of communication. For this reason, we request that you do not send private information to us by email. However, doing so is allowed, but at your own risk. Some of the information you may enter on our website may be transmitted securely via a secure medium known as Secure Sockets Layer, or SSL.

Policy changes

We reserve the right to amend this privacy policy at any time with or without notice. However, please be assured that if the Privacy Policy changes in the future, we will not use the personal information you have submitted to us in a manner that is materially inconsistent with this Privacy Policy, without your prior consent.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.

Your privacy is important. This policy explains how your personal information is collected, stored and used.

This covers:

The business entity (Calon Quay) , Susan Burn, Susie Burn-Strange, is committed to providing Solution-Focused hypnotherapy, including NLP (Neurolinguistic Programming techniques) safely and professionally.

By using this website or booking and attending sessions, you agree to the following:

 Professional Standards 

 I am a trained solution-focused hypnotherapist, I hold Professional liability Insurance, and I am DBS (enhanced) checked.

  Hypnotherapy is provided for well-being purposes and is not a substitute for medical treatment or medical advice 

 Privacy & Data 

Any personal information you provide (contact details, session notes, payment information) is stored securely and confidentially. For more details please refer to Privacy policy Sections A, B & C.

Information will only be shared with third parties if required by Law or with your consent.
You have the right to access, correct, or request deletion of your data at any time.

Terms of Service

Cancellation  Rescheduling policies apply - less than 24 hours notice full fees applies (exceptions may be made at my discretion).
 
By booking a session, you consent to these terms.

For questions about your data or this policy, please contact Susan Burn at: Susanesburn@gmail.com