Privacy Policy
Helen Willis of The Connectome Connection will be responsible for your Data Protection.
[helen@connectome-connection.com]
Under the General Data Protection Regulation (GDPR) you, as my client, need to be informed how and why I collect personal data from you, and also what I do with this information. This is explained below.
Sensitive data
The lawful bases on which I collect your data are your consent as my client and my legitimate interest as your Connectome Connection consultant. As part of the programme, it will be necessary for me to gather some personal data from you. Such data are gathered only with your explicit consent, as my client. I do not gather sensitive data regarding genetics; biometrics; racial or ethnic origins; political opinions; religious or philosophical beliefs; trade union membership; sexual orientation; or criminal convictions, unless you choose to disclose any of this information to facilitate the therapeutic process.
If, at any stage, you wish to withdraw your consent to my gathering of your personal data, you have the right to do so. This can be achieved by contacting the email address above.
Collection of data
There are three information streams:
1. Initial contact information: This involves recording name, postal address, phone number and email address for both you and your GP and additionally your date of birth. This information will be collected via our email correspondence.
2. Data gathered from any assessment: Assessments will be conducted by myself in order to assess your individual needs as my client. These assessments will occur principally during my first session with you. However, ongoing assessment will be required. All data collected will be recorded in an electronic format and kept in your client file. Your results will also be emailed to you. In addition, during the course of the programme, I will ask a series of questions related to your state of physical health and any issues related to your emotional welfare. This will include asking you about any current prescribed medication and past medical history.
3. Ongoing note-taking that occurs during therapeutic sessions: This is restricted to taking notes of the natural neuromodulation strategies that I have provided during each session. This includes noting down any key observations or feedback reported by you. This enables me to monitor your progress and plan the following sessions. The notes taken will not include any personal commentary from me about you. These notes will be stored electronically in your client file.
NB. No audio or visual recording will be taken of any of your sessions.
Reasons for collection of data
Under the terms and conditions of the Code of Ethics of the Association for Professional Hypnosis and Psychotherapy (APHP: the professional body that I am a Licentiate of, and which regulates my practice), I am required to record the name and contact details of your GP, in case referral is needed at any time. All other data are collected to enable your progress and outcomes to be monitored, and also to facilitate my decision making regarding choice of natural neuromodulation strategy. Your personal contact details are required to enable me to contact you to provide meeting information and/or meeting links (if the programme is undertaken virtually), as well as to provide test results, or information from your notes if required.
Storage and retention of data
All data about you (including my notetaking and any results from assessments) will be stored electronically within encrypted and password-protected folders. Your name will also be converted into code. This means that your identity is known only to myself and is not accessible to others.
This information will be retained in its anonymised format during and after our working relationship.
Confidentiality
Under the terms and conditions of the Code of Ethics of the Association for Professional Hypnosis and Psychotherapy (APHP), I must maintain strict confidentiality within my relationship with you (consistent with the good care of you, as my client, and the laws of the land). I must ensure that your client notes and records are kept secure and confidential and are not shared with any third party.
However, there are exceptions to these requirements, which are explained below:-
Under this APHP Code of Ethics, confidentiality must be observed at all times unless:
It is demonstrably in your best interests for me to disclose relevant information to your medical consultant or physician;
You have given your written permission to disclose information to your medical consultant or physician;
The law requires my disclosure;
I am required to share information with fellow professionals (as part of my professional practice and/or to meet the requirements of my Continuing Professional Development [CPD] to maintain my registration with the APHP), in which case your anonymity will be guaranteed (this means that they will not know your name, or have any contact details for you);
You wish to make a complaint against me. In this case, the governing body of the APHP may require me to send them your notes. If this occurs, I will need to gain your permission beforehand.
Controlling your information
You have certain rights concerning the information I hold about you, as defined under General Data Protection Regulation:
Your right of access: you have the right to ask me for copies of your personal information;
Your right to rectification: you have the right to ask me to alter personal information you think is inaccurate and you also have the right to ask me to complete information you think is incomplete;
Your right to erasure: you have the right to ask me to delete your personal information in certain circumstances;
Your right to restriction of processing: you have the right to ask me to restrict the processing of your personal information under certain circumstances;
Your right to object to processing: you have the right to object to the processing of your personal information in certain circumstances;
Your right to data portability: you have the right to ask that I transfer the personal information you gave me to another organisation or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you.
If you wish to exercise these rights, please contact me via email.
Once I have verified your identity, and contact details, you may request a copy of any data that I hold about you.
Upon this request, I will provide a data encrypted file/s containing the personal data I hold about you. The password to this/these file/s will be sent separately to you by text to your mobile phone.
Updating or correcting your information
The accuracy of your information is extremely important. If you change your email address, or any other information that I hold about you is inaccurate, or out of date, please contact me immediately so I can correct my records.
Deleting your information
You have the right to request erasure of your personal information. Your personal data will be deleted on request, unless there is a compelling reason for the data not to be erased (for example, if I need the data to fulfil my professional or ethical obligations, as identified by the Code of Ethics of the Association for Professional Hypnosis and Psychotherapy [APHP]).
Automated decision making
I do not use any personal information for automated decision making or profiling, so your data would never be subjected to these automated processes.
Security
In order to protect your information from loss, misuse or unauthorised access or disclosure, a series of suitable physical, electronic and managerial procedures have been implemented to safeguard and secure the information that I collect.
This includes:
Data minimisation (i.e. keeping the least possible amount of information about you on file);
Password best practice;
Security best practice concerning devices (PC, laptop, mobile devices, online accounts, website hosting, physical access and storage);
Optimising security features for virtual meetings, via the Zoom platform;
Maintaining continuing professional development in terms of data protection legislation and best practice.
Data Breaches
A data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of accidental and/or deliberate causes.
If there have any data breaches related to your personal information, you will be notified promptly. I am also professionally obliged to report the data breach to the Information Commissioner’s Office (ICO) and investigate it myself as a matter of priority.
Making a complaint regarding compliance with General Data Protection Regulation
If you wish to make a complaint about how I have handled your personal information, please contact me in the first instance, via email, so that I can address your concerns.
If you are not satisfied with my response, or believe that I am not processing your personal information in accordance with the law, you can complain via the website of the Information Commissioner’s Office (ICO).
Privacy Policy last reviewed: May 2022 by Helen Willis