top of page

Privacy Policy

This client privacy notice sets out, in line with the General Data Protection Regulation (GDPR), the types of data that I hold on you as a client of Sharon Mason.  It also sets out how I use that information, how long I keep it for and other relevant information about your data. 

 

The principles of this notice apply to current and former clients.

Data protection principles 

In relation to your data, I will:

  • process it fairly, and lawfully

  • collect only the data that is relevant to your session and treatment

  • only use it in the way I have told you about

  • keep your data only for as long as I need

  • process it in a way that ensures that it will not be used for anything that you are not aware of, or have consented to

 

Types of data I hold

  • your personal details, including name, address, date of birth, email and phone number

  • next of kin and their contact details

  • medical or health information that you have provided as part of your session

  • session notes that I have taken during your life interview

  • session notes that I have taken during the hypnosis session

  • session recordings on audio or video

How I collect your data

  • Your client information form

  • your life interview

  • your hypnosis session

  • audio recording

  • video recording (online sessions)

How I process your data

The law on data protection allows me to process your data for certain reasons only:

  • in order to carry out your treatment as your practitioner

  • to protect your interests

  • in order for me to carry out my legitimate interests

All of the processing carried out falls into the permitted reason to carry out the contract between us, myself as the practitioner and you as the client.

Special categories of data

Special categories of data that I may hold on record may be any of the following, if you have chosen to share that information with me

  • health

  • sex life

  • sexual orientation

  • race

  • ethnic origin

  • political opinion

  • religion

These categories of data must be processed with more stringent guidelines. Most commonly I will process special categories of data when the following applies:

  • you have given explicit consent to the processing

  • I must process the data to carry out my legal obligations

  • you have already made the data public

I will only use your special category data for the purposes of providing relevant treatment during the course of your session. Your data will not be used in any other way.

Your data will not be shared with any third parties, unless you have specifically requested that I share your contact details with another client or practitioner.

Protecting your data

I am aware of the requirement to ensure your data is protected against accidental loss, disclosure or destruction. You data will be held securely electronically.

How long I keep your data for

In line with Data Protection principles, I only keep your data for as long as I need it, which will be at least for the duration of your treatment and any follow-up sessions, and for a maximum of 1 year after your session.  After 1 year all data will be deleted and destroyed, including audio and video recordings.

Your Rights in relation to data

  • the right to be informed. This means that I must tell you how I use your data, and this is the purpose of this privacy notice 

  • the right of access. You have the right to access to the data that I hold on you. To do so, you should make a subject access request to me

  • the right for any inaccuracies to be corrected. If any data that I hold about you is incomplete or inaccurate, you are able to require me to correct it  

  • the right to have information deleted. If you would like me to stop processing your data, you have the right to ask me to delete it from my systems where you believe there is no reason for me to continue processing it 

  • the right to restrict the processing of the data. For example, if you believe the data I hold is incorrect, I will stop processing the data (whilst still holding it) until I have ensured that the data is correct  

  • the right to portability. You may transfer the data that I hold on you for your own purposes 

  • the right to object to the inclusion of any information. You have the right to object to the way I use your data where I am using it for my legitimate interests 

Where you have provided consent to my use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that I will stop processing the data that you had previously given me consent to use. There will be no consequences for withdrawing your consent. However, in some cases, I may continue to use the data where so permitted by having a legitimate reason for doing so. 

Making a complaint

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by me, you are able to make a complaint to the ICO. 

Data Controller

The data controller is Sharon Mason.

bottom of page