My GDPR Policy

As a clinical hypnotherapist, it is important that I collect some personal information from you in order to create a customised treatment plan tailored specifically for you. In how I handle and store this data, I am bound by General Data Protection Regulation (GDPR) legislation and the Code of Ethics from my own professional body the National Council for Hypnotherapy (NCH).

My company Swift Hypnotherapy is registered with the ICO. You can learn more about this at As a sole trader, I am both the Data Controller and Data Protection Officer within Swift Hypnotherapy.

You have no legal requirement to share any personal information with me, however, declining to do so may impact my ability to work with you effectively.

How I get your information:

In most cases, the information will come directly from you, however there are certain circumstances where additional information may be provided. These circumstances are:
If you are under 18 years of age, information may also come from your parents/guardians.
If the referral comes through a third party e.g your employer.
Other professionals who you have given me permission to contact e.g your G.P.

Personal information I may ask for:

In order for me to deliver a safe and effective service, my information gathering process may include: your name, your contact details, your medical history, your social and family situation, your professional situation, lifestyle, hobbies and interests, and details of the issues which you would like me to help you with.

What I do with your personal information:

I may use your data in the following ways:
To deliver effective hypnotherapy.
To respond to you if you contact me.
To contact you between therapy sessions where necessary.
To allow me to collect payment from you.
To maintain my records and accounts.

How I share your information:

Unless there are exceptional circumstances, I do not share your personal information with any 3rd parties. Exceptional circumstances, where I would be professionally or legally obliged to share your information would be:
where you ask me in writing to share your information with a 3rd party.
where there is a legal requirement e.g. a court order or warrant is issued.
where I am obliged to do so under the local safeguarding guidelines or the Duty of Care Provision within my Code of Ethics (please see further details).
Where I am part of a wider team of professionals working with you e.g. a care team.
Where you have been referred by your employer. However in this situation there will be a pre arranged level of information sharing which you will be made aware of.
Should I (Kate Mitchell) or any member of my household, test positive for COVID-19, your contact details ONLY may need to be passed to the government ‘track &trace’ system, in accordance to current government guidelines and legislation.

How long I keep your information:

I am required by my professional body and insurance company to keep your information, securely stored, for 7 years. When a client is under the age of 18, I am required to keep information until they are 18 and then store it for an additional 7 years. After this time all information is shredded and disposed of securely.

Your rights over the information I hold about you:

Regarding the personal information I hold about you, you have a right to:
be informed: the information contained within this document must be made available to you.
to access: you have a right to request access to all the information held about you within 30 days.
to rectification: you can make a request for incorrect information I hold to be corrected within 30 days.
to erasure: you have a right to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’.
to restrict processing: you have the right to restrict the processing of your personal information when there is a particular reason.
to object: In some circumstances a person has the right to object to the use of their personal information.

Other Considerations.

The consent of a parent or guardian will be required if you are under the age of 18. In addition to this, documents to verify age will be required if the client is under the age of 13.

You can withdraw permission for me to actively use your personal information at any time, however this will prevent our therapeutic relationship from continuing.

National Council for Hypnotherapy – Code of Ethics.

The NCH require me to keep your personal information confidential through a ‘Duty of Care’, except in circumstances where one of the following applies:
where there is good cause to believe that if I do not disclose information, you or others would be exposed to a serious risk of harm.
where there is a legal requirement for me to share information (as explained above).

The NCH Code of Ethics also allows me to share anonymous case histories verbally or in hypnotherapy publications for the purposes of supervision or training. All Personal details are removed and details about your situation are changed to protect anonymity.

If you have concerns about the way I store or use your data you have the right to complain to the ICO. You can learn more about these rights on

Hypnotherapy services tailored to meet your needs