You can visit my Heart-Hypnotherapy website without telling me who you are and without revealing any information about yourself. However, there may be occasions where I do ask you to provide certain information by which you can be identified when using this website. In this instance, you can be assured that any information you provide will only be used in accordance with this privacy statement and I am committed to ensuring that your privacy is protected.

You may wish to provide your information when:

  • You choose to contact me for an appointment
  • To request information from me
Ladies face with finsh raised to lips as in shush
  • Your name
  • Your contact information including telephone number and E-Mail address
  • A brief reason for requesting an appointment
  • It allows me to provide you with the information requested and/or to offer you an appointment and provide a service
  • Your data will be used to enable me to contact you with your requested service
  • Should you book and attend an appointment your data will be transferred to your clinical record
  • If you do not wish to make an appointment your E-Mail containing your data will be securely disposed of

I am committed to ensuring that your information data is securely protected and have measures in place to ensure that your data is protected against unauthorised access,
loss or destruction.

My website may contain links to other websites of interest. However, once you have used these links to leave my site, you should be aware that:

  • I do not have any control over these websites and/or the content contained within that website
  • I cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites
  • I strongly suggest that you read any privacy notice attached to any individual web site that you choose to visit

Information which appertains to your data collection:

When you make an appointment I will request and record specific data from you, which is required to establish your medical health care record. I have set out below the type of data that we require for your assessment and treatment in respect hypnotherapy.

Heart Hypnotherapy

My lawful basis for collecting, recording, storing and using your data is known as ‘Legal Obligation’. This Legal Obligation represents activity, in regard to yours and my, client relationship; and our relationship with your medico-legal intermediary, health insurance provider, solicitor and/or health care professional. Therefore, I have a statutory requirement to collect, record, store and use your data.

Should I be in a position to offer you a credit/debit cards service then we will process your payment details via this lawful basis. We also use a PayPal service.

Please note, that during/following your Initial Consultation, you will be provided with and required to read and sign two consent forms:

  • Data consent form
  • Examination and Treatment consent form

I collect your data specifically for your physical and mental health care and well-being and as such your data is considered as special category data.

Information provided by you and recorded by me will potentially consist of personal identifiable information and sensitive personal data appertaining to your health and wellbeing.

  • Personal details:
    • Name, date of birth, postal address, telephone numbers and your E-Mail address
  • Sensitive health-related details:
    • Presenting condition, general health history, medications and any allergies
    • Your Doctors details and any other professional involved in your care
    • Health insurances and medico-legal intermediaries involved in your care
  • Lifestyle activities:
    • Sports, hobbies, accommodation details, employment details, sleeping and eating behaviours, pet ownership, smoking and alcohol consumption
  • Assessment and treatment details:
    • Health-related notes will be compiled of your assessment, treatment and your progress in respect of any professional treatment and/or therapy provision that you have requested and undertaken
  • Payments history:
    • Details of your payments and methodology are recorded on our Tax records for submission to the HMRC

I as the practitioner will collect all your relevant data.

Data, which is freely and voluntarily provided by you, will be stored in paper files, in a locked location. Email data will be deleted after 60 days or stored on paper if it relates to your case file.

To formulate a medical health care record including any clinical and/or therapeutic treatment interventions recorded in your treatment plan.

Your records are stored solely to maintain a medical record. Your medical records are designed to keep a historical and up to date evidence-based report of your health care provision, progress and rehabilitation.

We provide the HMRC with our taxation records yearly. Information sent to these organisations will consist of your initial and surname and your payment method, such as your bank, cheque no, cash payment, BACS and/or credit and debit card transaction. Your data will not be shared with any other party unless you request it to be shared and you provide your consent for me to do so.

With your consent, I may share your data with your GP and/or an additional Allied Health Care Professional for consulting and referral purposes and for obtaining a second opinion. Any medico-legal organisation, health insurance provider and/or solicitor referring you will have obtained your consent for me to report certain data back to them on a standard medico-legal reporting template or a clinical letter. If requested, I am legally bound to share your data with any lawful and/or Crown agency that requests access to your data via appropriate data release requests.

In communicating with your GP, Health Care Professional, medico-legal intermediaries, health insurance provider and/or your solicitor I will be able to:

  • Promote and enhance your healthcare, improve the quality of your life and provide health care protection and safety
  • Comply with the health care reporting requirements of the above organisations
  • No, because the client’s healthcare and wellbeing is the basis of my business, and therefore, we always act in the best interests of the client
  • If I need to write to your GP or Health Care Professional, then I will discuss my clinical reasoning for this activity and request you to sign a third-party consent form
  • When I complete a medico-legal template supplied by the referring organisation then I will only report honest and factual information which is objective and supported with clinical reasoning

Your data is protected by solely being kept on paper and filed securely when not in use. Your paperwork is only in use during your session/s

Under the General Data Protection Regulations (GDPR) you have individual rights:

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right of erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights concerning automated decision making and profiling

How long do I keep your medical records?

Personal information that I process for any purposes shall be not be kept for longer than is necessary for the purpose or those purposes. I am are legally bound by statutory requirements to hold your data for:

  • Adults: I keep your medical and treatment records for 8 years from the date of your last appointment
  • Children: I keep your records until you reach the age of 25

There may be occasions where I need to keep your records for an indefinite period and I may withhold personal information that you request to the extent permitted by law.

I may also retain your personal information where such retention is necessary for compliance with a legal obligation to which I am subject, or to protect your vital interests or the vital interests of another natural person.

I do not sell or distribute your information to any other organisation unless you have consented and/or contracted me to do so. If your personal and sensitive data should change then please inform me immediately for me, to update your records and clinical notes. I have a duty under GDPR to inform all other parties of any such changes.
If you wish to contact me for any aspect in regards to your data please do so by email at:

• Paddy O’Rourke; paddy@heart-hypnotherapy.com

If you wish to complain about how I have handled, recorded, stored and or used your data then you may do so by contacting:

Information Commissioners Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Tel No 0303 123 1113
E-Mail www.ico.org.uk