The Hypnotherapy service is confidential, and we will not discuss anything about you outside of the Hypnotherapy and Bee At One Therapy without your explicit agreement, except in exceptional circumstances. For example, we would have a duty to inform your GP if we were concerned that there was a serious risk of harm to yourself or others. Confidentiality is a most important part of this service, and the service subscribes to the ethical framework of the IHP (International Hypnosis Association).

Maintain strict confidentiality about the clients and their treatment, unless written permission is received from the client, or required by court order to divulge information of a confidential nature, or under legal requirement as when suspecting abuse, neglect or violence toward a child or an elderly adult practice within the recognized knowledge and competence of the profession. 

And within the practitioner’s own training remain aware of their own limitations and wherever appropriate, be prepared to refer a client to another practitioner (regardless of discipline) who might be expected to offer suitable treatment maintain or improve their level of skills and professional competence by undertaking formal continuing training and maintain awareness of research and developments in the field ensure that wherever a client is seeking assistance for the relief of physical and mental health symptoms, unless having already done so, that the client be advised to contact a licensed medical or mental health practitioner co-operate with other practitioners where it is deemed in the best interest of the client.

Provided their consent is given confirm that they will never knowingly offer advice to a client which either conflicts with or is contrary to that given by the client’s medical or mental health practitioner ensure that client notes and records be kept secure and confidential obtain written permission from the client (or if appropriate, the client’s parent/s or legal guardian/s) before either recording client sessions or discussing undisguised cases with any person whatsoever.

Wherever possible, obtain the consent of an appropriate adult (i.e. parent or legal guardian) before conducting treatment with clients who are either under the age of majority or are classified as Special Needs take all reasonable steps to ensure the safety of the client and any person who may be accompanying them ensure that their workplace and all facilities offered to both clients and their companions will be in every respect suitable and appropriate for the service provided.

Refrain from using their position of trust and confidence to exploit the client emotionally, sexually, financially or in any other way whatsoever. Should either a sexual or financial relationship (i.e. other than for the payment of relevant products or services) develop between either practitioner and client or members of their respective immediate families, the practitioner must immediately cease to accept fees, terminate treatment and refer the client to another suitable practitioner at the very earliest opportunity.

Not touch the client in any way that may be open to misinterpretation. (e.g. before employing tactile induction or deepening techniques, both an explanation should be given and permission received).

Terminate treatment at the earliest moment consistent with the good care of the client disclose full details of all relevant memberships, training, experience, qualifications and appropriate avenues of complaint to clients, upon request make no claim that they hold specific qualifications unless such claim can be fully substantiated. 

No practitioner shall use the title ‘Doctor’ in a manner that may mislead any member of the public to believe they are medically qualified, if they are not so qualified explain fully to clients, preferably in writing, in advance of any treatment, the fee levels, precise terms of payment and any charges which might be imposed for non-attendance or cancelled appointments present all services and products in an unambiguous manner (to include any limitations and realistic outcomes of treatment) and ensure that the client retains complete control over the decision to purchase such services or products.

Never discriminate against any client for any reason i.e.. race, colour, creed, disability, sexual orientation, political beliefs etc. always maintain standards of the highest professional conduct.

Note: where laws, statutes, rules and regulations in your locality differ from these guidelines, you must follow local laws. This Code of Ethics ad Conduct should not be considered legal advice. 

Consult a legal professional for legal advice.

This document sets out the parameters within which Hypnotherapy with Bee AT One Therapy acquires, controls, stores, uses and disposes of any personal data, in line with General Data Protection Regulation (GDPR) requirements.

Bee At One Therapy takes your privacy very seriously and treats all your personal information as confidential. “Personal information” is information through which you can be directly or indirectly identified e.g. your name or email address. Bee At One Therapy strictly adheres to the requirements of the data protection legislation in the UK.

Bee At One Therapy does not sell, rent or exchange your personal information with any third party for commercial reasons, beyond the essential requirement for credit/debit card validation during payment of sessions. Bee At One Therapy follows strict security procedures in the storage and disclosure of information, which you have given us, to prevent unauthorised access in accordance with the UK data protection legislation.

Bee At One Therapy uses a technology called cookies as part of a normal business procedure. Cookies are small text files that are created by a web server and stored on your computer when you visit a website. Many websites use cookies to improve your browsing experience. Cookies can also be used to record ‘analytics’ data i.e. which web pages you visit, whether or not you arrived at the web page by clicking on an advertisement or an affiliated website. Many websites find the collection of analytics data valuable in improving the quality and content of their web sites.

All the major browsers allow you to block cookies and delete those that have already been created on your computer, usually within the ‘Tools’ section of the browser. These tools allow you to specify which cookies you will accept by type and often by specific websites using an exception list e.g. you can block all cookies and then list the website from which you will accept cookies. There are also a wide choice of browser add-ins that you can install if you wish to have greater control over persistent cookies.

“General Data Protection Regulation (GDPR) is, essentially, an upgraded version of the existing Data Protection Act legislation”

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual. The General Data Protection Regulation covers all companies that deal with data of EU citizens. GDPR came into effect across the EU on May 25, 2018 (Information Commissioner’s Office).

Bee At One Therapy  as an organisation, due to the nature of the therapy services offered, Bee At One Therapy holds a moderate level of identifiable personal data including such data as is categorised under GDPR as ‘Special Category Data’.

Under GDPR, personal data is defined as “any information relating to an identified or identifiable natural person”. Special Category data is highlighted as sensitive and therefore needs more protection. Special Category data can include details of:

· Race

· Ethnic origin

· Politics

· Religion

· Trade union membership

· Genetics

· Biometrics (where used for ID purposes)

· Health

· Sex life

· Sexual orientation

It is viewed as sensitive as, in particular, this type of data could create more significant risks to a person’s fundamental rights and freedoms, for example by putting them at risk of unlawful discrimination.

· Name, address and contact details including email address and telephone number

· Issues which the client is presenting/details of problems with which the client requires help

· Personal history including family details

· Medical history and medication record

· Record of progress through therapy

Bee At One Therapy understands that client consent for treatment is not the same as GDPR consent. In the healthcare sector, client data is held under a duty of confidence. Hypnotherapy with Bee At One Therapy operates on the basis of implied consent to use client data provided, for the purposes of direct therapy treatment, without breaching confidentiality.

· Via the contact form on www.beeatonetherapy.co.uk

· Via the newsletter sign-up form on www.beeatonetherapy.co.uk

· Via the consultation sign-up form on www.beeatonetherapy.co.uk

· At the initial consultation, in person, by email or by telephone or by social media

· Through in-person therapy sessions

· Through Skype therapy sessions

In line with Bee At One Therapy’s IHA registration statement, Bee At One Therapy sometimes needs to share the personal information it processes with the individual and also with other organisations. Where this is necessary, Bee At One Therapy is required to comply with all aspects of the Data Protection Act (DPA).

The following is a description of the types of organisations Bee At One Therapy may need to share some of the personal information with, that is processes, for one or more reasons:

· Family, associates and representatives of the person whose personal data Hypnotherapy with Bee At One Therapy holds (if dealing with children, for example)

· Client’s GP or medical/healthcare consultant etc. (in circumstances where this may be appropriate for those health professionals to know)

· Central government, police forces and security services (if applicable lawful request made)

Bee At One Therapy holds personal data as described above, to enable it to:

· Contact clients signing-up for a free consultation via www.beeatonetherapy.co.uk

· Provide information on hypnotherapy, offers, tips, products and more to clients signing-up to 

Be in the Know via www.beeatonetherapy.co.uk

· Conduct an assessment for clients who request help with treatment

· Provide therapy sessions relevant to those clients

· Track progress through therapy for clients

· Assess therapy ‘end-point’ in conjunction with clients

The lawful basis for processing this data is defined under Article 9(2) of the GDPR:

Processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects.

Bee At One Therapy understands that whilst the holding of sensitive client data is lawful, and is held under a duty of confidence in terms of therapy/treatment, consent to process personal data electronically, or for marketing purposes, must be:

· Freely given

· Specific

· Informed

· Unambiguous

Bee At One Therapy understands that holding client data for treatment purposes and GDPR consent are not related. GDPR consent is not a pre-condition for therapy/treatment.

Bee At One Therapy understands the need for positive opt-in and that consent cannot be inferred from silence, pre-ticked boxes or inactivity. A quick, easy ‘unsubscribe’ link on our email marketing communications will always be provided. 

Hypnotherapy with Bee At One Therapy has also expressly advised its entire marketing database that they can continue to hear from Hypnotherapy with Bee At One Therapy by actively ‘opting-in’ to clarify that they agree with this.

Whilst Bee At One Therapy may hold client ‘Special Category’ data (see above for definition), via appropriate parental consent, for persons under the age of eighteen, which is considered as being held purely for client treatment purposes under a duty of confidence, Bee At One Therapy will not process any of this data for any other purposes such as marketing or profiling etc.

Bee At One Therapy’s IT system is backed up continuously. There is an active security policy in place to ensure that all data is backed up and held in a safe, confidential environment, including a secure, password protected, encrypted file. Bee At One Therapy’s laptops have an activated encryption function in the event of theft/misuse.

Personal data is held for a minimum of 5 (five) years, and an average maximum of 8 (eight) years, in line with NHS and healthcare industry guidelines, after which time it will be destroyed.

Under GDPR, Bee At One Therapy acknowledges the following rights of the individual, in respect of any personal data that we hold:

· The right to be informed

· The right of access

· The right to rectification

· The right to erasure

· The right to restrict processing

· The right to data portability

· The right to object

· The right not to be subject to automated decision-making including profiling

As outlined in GDPR guidelines, Hypnotherapy at Bee At One Therapy will respond to and comply with all subject access requests within one month.

If it is felt that the individual’s request is manifestly unfounded or excessive, Hypnotherapy at Bee At One Therapy reserves the right to refuse or to make a charge.

If any requests are refused on the above grounds, Hypnotherapy at Bee At One Therapy will tell the individual why and inform them that they have the right to complain to the supervisory authority and to a judicial remedy – this will be done within one month of the request.

Hypnotherapy at Bee At One Therapy is communicating its privacy policy via this document which is, and will be, available at all times on www.beeatonetherapy.co.uk

Bee At One Therapy is registered with the International Hypnosis Association’s Office. You can view the registration at the IHA under the member Rebecca Hobbis.

If you would like to discuss any aspect of this document, please contact:

Rebecca Hobbis 

Tel:  0758865148

Email: rebecca@beeatonethreapy.co.uk 

Subject access requests should be submitted in writing to:

Rebecca Hobbis

Bee At One Therapy

Room 1

Regent House 

Princess Court 

Beam Heath Way 

Nantwich 

Cheshire 

CW5 6QP