Client GDPR Policy
Terms
“Eteri McKenzie” and “Eteri McKenzie Hypnotherapy” are used interchangeably in this document
Introduction
This policy explains how Eteri McKenzie Hypnotherapy collects, stores, and protects your personal information. It ensures full compliance with the UK General Data Protection Regulation (GDPR) and the professional standards set by CNHC, AfSFH, and NCH.
How Long Is Information Held
Client records are kept for eight years after the final session, as required by CNHC, AfSFH, and NCH.
For children, data is stored until their 25th birthday. If therapy ended at age 17, it is held until the 26th birthday.
All records are securely destroyed in January following those dates, in line with NHS regulations.
Requesting Early Deletion
Certain data must be retained by law, such as session notes and related communications.
However, you may request that your information be anonymised. This process removes all identifying details and stores the remaining data with coded filenames.
You can email your request to Eteri McKenzie at no cost.
Accessing Your Information
Under GDPR, you have the right to access the personal data held about you.
Please submit a written request specifying which information you wish to view.
After confirming your identity, Eteri McKenzie will provide the data within 30 days.
There is no charge for this service. Occasionally, her insurance provider’s legal team may help verify the information.
Why Data Is Collected
Eteri McKenzie collects only the information needed to offer safe, effective, and personalised hypnotherapy sessions.
This may include:
- Your therapy goals
- Relevant medical details
- Brief session notes
- Contact information (including GP details)
- Basic information about significant others
This information ensures continuity of care and supports the effectiveness of your sessions.
Contact and GP details are used only with your written consent, except in rare legal or safeguarding situations.
How Information Is Stored Safely
Eteri McKenzie takes data security seriously. Information is protected using multiple safeguards:
- Session Notes: Stored as password-protected PDFs on a PIN- and biometric-secured tablet.
- Paper Notes: Either digitised and destroyed or kept in a locked cabinet inside a locked room.
- Text Messages: Stored on a fingerprint- and PIN-protected mobile phone.
- Emails: Accessed through encrypted, password-protected accounts.
All devices are kept up to date with the latest security software to prevent unauthorised access.
Confidentiality During Sessions
Everything discussed in hypnotherapy sessions remains strictly confidential.
At times, anonymous case details may be shared with a qualified supervisor to ensure professional support and service quality.
All supervisors are GDPR-compliant and registered with the Information Commissioner’s Office (ICO).
Public Interactions
If you meet Eteri McKenzie outside of a therapy setting, she will acknowledge you but avoid further conversation to maintain confidentiality.
You are free to discuss your therapy with others if you choose.
Sharing Information with Other Professionals
Eteri McKenzie will only contact other professionals with your written consent.
For example, she may inform your GP when therapy begins or ends, unless a legal or safeguarding exception applies.
When Confidentiality May Be Broken
Confidentiality may be broken only when:
- There is a serious risk of harm to you or another person.
- It is required by law, such as under the Data Protection Act 2018 or a court order.
Whenever possible, this will be discussed with you before any action is taken.
Data Controller Information
Data Controller: Eteri McKenzie Hypnotherapy
ICO Registration Number: ZB873137
Last Updated: January 2025
This policy may be updated at any time. Please check regularly to ensure you have the latest version. For the website privacy policy, visit Privacy Policy.
