Privacy Statement

From 25th May 2018, under the General Data Protection Regulations (GDPR) I am required by law to inform you how I process and keep safe the data I hold you have given me.

I am also required to gain your consent to holding and processing your data in a certain way.

I take confidentiality and privacy very seriously and I am bound by a code of ethics to adhere to this.

The information you provide to me via my website or mobile phone is used firstly to make contact with you to discuss your requirements. Then, If you choose to proceed with making an appointment to see me, I will ask you at your initial consultation to complete paperwork, where some personal details will be taken down and you will be asked to sign a paper copy of my privacy policy. 

During your initial consultation, I will ask for your email address for the purpose of sending you any relevant information that relevant to you and your hypnotherapy treatment and respond to any enquiries you may have. I must also ask for your GP’s Name and address because I have a duty of care to ensure your emotional health and well being is met. There are some circumstances where it may be necessary to contact your GP before or during therapy, this will not be done without your consent and I will inform you of this at your appointment should this be necessary.

My computer and mobile phone are password protected. Other than myself, nobody else has access to them. No personal names of patients and clients are stored on my phone. Once you finish therapy with me, all information held electronically will be securely deleted within 30 days.

All paper information and notes contained in your file are required by law to be held onto for 7 years. These are kept secure in a lockable filing cabinet. After such time they shall be responsibly shredded and disposed of.


It is necessary that I gain your clear consent for me to hold this information, this will be done during your initial consultation session.

Any payments made into my business account should be referenced by yourself using your initials or first

name only to safeguard your privacy. Below you will find GDPR guidelines which I aim to adhere to at all times.

Under the General Data Protection Regulations which are effective from 25th May 2018 you have the following rights:

1. The right to be informed, which is why I have produced this policy
2. The right of access. If you wish to see your files then please make a request in writing to Poppy St John-Mosse, or contact me via my contact page. I will provide you with the information within 30 days of your request.
3. The right to rectification: This is your right to request changes to any information I hold that may become inaccurate. If this becomes the case, please let me know as soon as possible in order that I can make the appropriate changes.
4. The right to restrict processing. I will only use the information for the purposes that I have stated. I uphold the common law principles of confidentiality where the duty to keep confidence is measured against the concept of ‘greater good’ if in my opinion as a therapist there is a good reason to believe not to disclose would cause danger or serious harm to your self or others then other outside agencies or your GP may be contacted. Only information required to ensure the safety of relevant parties would be disclosed. Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime. The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentially.
5. The right to data portability, this right is more relevant to IT companies e.g the sharing of information when moving from one utility provider to another. I will not share your information without your specific consent.


How cookies are used

A cookie is a small file which asks permission to be placed on your computers hard drive.
The cookie helps analyse web traffic or lets you know when you visit a particular site. cookies allow web applications to respond to you as an individual.

The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

I may use traffic log cookies to identify which pages of my website are being used. This is only used for statistical analysis purposes.

A cookie in no way gives access to your computer or any information about you other than the data you choose to share with me.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser settings to decline cookies if you prefer.


Links to other websites

My website may contain links to other websites of interest. However, once you have used these links to leave my site I do not have any control over the other website. Therefore I cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites, as they will be governed by their own privacy statement. You should, therefore, exercise caution and look at the privacy statement applicable to the website in question.

If you have any other questions regarding how your therapy client/patient GDPR data is processed and handled, please do not hesitate to discuss this with me.

This document regarding therapy client data and GDPR is subject to regular reviews and will be updated accordingly.