top of page

Privacy Statement

Privacy Statement

How will my data be stored?


In May 2018, the Data Protection Act was replaced by the General Data Protection Regulations (GDPR). The changes have been made to ensure that your personal, sometimes sensitive, confidential data is held privately and securely, being processed in the way that you have agreed to. GDPR exists to protect your rights as a customer. It applies to your identifiable data, e.g. your name and address & any reason you might have for visiting me. It also covers session records, text messages or emails between us.



How long will you hold my information for?


As a member of the NCH (National Council for Hypnotherapy) I am bound by their regulations regarding the length of time I must hold onto your information. This organisation specifies that I must hold your data for 8 years after your final session. The exception to this rule applies to children, for whom I must hold their data until their 25th birthday, (unless they are 17 when treatment ends when I must keep it until their 26th birthday). All records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data.



Can I ask for my data to be destroyed before this date?


Under the GDPR rules, you have the right to request the deletion of any of your records at any time. If you wish to have your personal records deleted, please make a request in writing to me and once I have confirmed your identity, I will do so. There is no charge for this service. Should you request this then all your paper records would be shredded with a cross shredding machine. Any electronic data such as emails or text messages would be permanently deleted from the devices that they are stored on. Please note that I would have to save the deletion request you made but I would not save any other data.



Would I be able to receive a copy of the information held by you?


In line with GDPR, if you send a request in writing to me, specifying the data you wish to see, I will provide you with a copy of your data within 30 days. I will need to confirm your identity before sending you the information. It is possible, however, that my insurance company’s legal team may want to verify information that I send out.



Why do you need a record of this information?


In order to give you the highest quality support I can, I collect information about:


  • An idea what you would like to achieve by coming for hypnotherapy

  • A small amount of medical information

  • Some brief session notes.

  • Your contact details

  • GP contact details

  • Some basic information about your important others


This information allows me to refer to information about previous discussions and the content of earlier sessions. Your contact details/ address and GP’s details will only be used with your explicit consent.



How do I know that my information is stored securely?


  • Text messages- My work phone is secured with a passcode

  • Emails- My email account requires a user name and password

  • All session notes are stored electronically and the file to access these is password protected in addition to a password to access the computer.

  • Any paper session notes will either be shredded (if transferred to an electronic format) or stored in a locked cabinet.



Do our discussions during the sessions remain confidential?


Everything we discuss during our sessions remains strictly confidential between you and me. On occasion I may choose to discuss elements of our sessions with my supervisor to ensure that I am doing my job effectively. During these discussions I will not disclose any identifying details about you to my supervisor. My supervisor also adheres to GDPR.


What if I see you outside of a hypnotherapy session?


I am obliged by GDPR to protect your confidentiality at all times. For this reason, although I will acknowledge you, it would be better to avoid any further conversation. However, if you wish to discuss your therapy with other people, you are welcome to do so.


Will you discuss me with other Health and Social Care professionals?


I am only able to contact other health and social care professionals with your written consent. Should I write to your GP, to notify them that you have come to see me for treatment and again at the end of the therapeutic relationship, I would require your signature in line with GDPR requirements. The only exceptions to this would be if I believed that you were about to harm yourself or another person when I would be required to inform the relevant authorities as part of my ‘Duty of Care’. However, I would always aim to discuss this with you before taking any action. Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.





Cookies are text files that a website can store on your browser to save standard internet log in information and to help the website keep track of your visits and activity. Cookies are used to improve user experience, create

customised web pages to tailor to the individual’s preferences. Most web browsers automatically accept cookies but you can change your browser setting to block cookies if you prefer.

Information about the use of cookies on my website along with the ability to block them is available on


Other information:


The Data Controller is Dominica Sygulska.

This policy was last updated on the 29th July 2021. It may be updated at any time, so please check back regularly so that you are aware of the latest version.


ICO Registration number:  ZB121123


Signed: Dominica Sygulska

bottom of page