Nurtured Self Hypnotherapy Last reviewed: May 2026
This Privacy Notice explains how personal information is collected, used, stored, and protected when you access this website, make contact, or receive services from Nurtured Self Hypnotherapy.
It applies to all individuals including website visitors, prospective clients, and current or past clients.
This document is written in line with:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Data (Use and Access) Act 2025
1. DATA CONTROLLER DETAILS
Service name: Nurtured Self Hypnotherapy Practitioner: Kelly Ratcliffe ICO registration number:ZB943584 Email: kelly@nurturedselfhypnotherapy.co.uk Address for correspondence: 34 Norton Drive, Fareham, Hampshire, PO167PZ
Kelly Ratcliffe is the data controller, meaning it determines how personal information is collected and used
2. INFORMATION THAT MAY BE HELD
Only information relevant to providing safe and effective therapeutic services is collected. This may include:
Name and contact details (email, phone, address)
Date of birth
Relevant health or medical background information
GP details and emergency contact information
Information shared during sessions
Clinical notes and session records
Appointment history
Written communication (email, text, messaging)
Website enquiry submissions
Payment or invoicing records where applicable
3. PURPOSE OF USING PERSONAL DATA
Information is used to:
Deliver hypnotherapy and psychotherapy services
Understand individual needs and tailor support
Arrange and manage appointments
Maintain accurate clinical records
Meet legal, safeguarding, and insurance obligations
Handle administration and service management
Respond to enquiries
4. LAW BASES FOR PROCESSING DATA
Processing is carried out under UK GDPR:
Article 6(1)(b) – Contract: required to deliver therapy services
Article 6(1)(f) – Legitimate Interests: for administration and safe service operation
Where health-related information is processed:
Article 9(2)(h) – Health or Social Care: for therapeutic provision and care delivery
All processing is conducted lawfully, fairly, and transparently.
5. CONFIDENTIALITY
All personal and session information is treated as confidential.
Confidentiality may only be broken in limited circumstances, including:
Risk of harm to self or others
Safeguarding concerns involving a child or vulnerable adult
Legal obligations or court orders
Clinical supervision requirements
Where possible, disclosure would be discussed in advance.
6. CLINICAL SUPERVISION
To ensure safe and ethical practice, client work may be discussed in professional supervision.
All information shared is anonymised where possible and handled confidentially.
7. SHARING INFORMATION
Personal data is never sold or used for marketing purposes.
It may only be shared when necessary with:
Clinical supervisors
Healthcare professionals (with consent where appropriate)
Emergency or safeguarding services
Legal or regulatory authorities if required
Insurance providers for professional cover
Only the minimum necessary information is shared.
8. DATA SECURITY
Appropriate safeguards are in place to protect personal information, including:
Password-protected devices and accounts
Secure email systems
Encrypted or restricted digital storage
Locked storage for paper records where used
No system can be guaranteed completely secure, but reasonable protections are always applied.
9. THIRD-PARTY PROVIDERS
Trusted third parties may be used for:
Email hosting
Appointment booking systems
Video consultation platforms
Payment processing
Website hosting (e.g. Squarespace)
Online forms and cloud storage
All providers are expected to comply with data protection law.
10. WEBSITE USE, COOKIES & ANALYTICS
The website may collect limited technical data such as:
Device and browser type
Pages visited
Time spent on pages
General usage patterns
Cookies may be used for functionality, analytics, and user experience improvement.
Where required, cookie consent tools will be used.
Further details are available on request.
11. OPTIONAL COMMUNICATIONS
If you choose to opt in to updates or resources, your contact details may be used to send relevant information.
You may withdraw consent at any time.
Your data is never sold or shared for marketing purposes.
12. DATA RETENTION PERIODS
Records are retained in line with professional insurance requirements:
Typically 8 years after therapy ends
For children/young people: until age 25, or 26 if treatment ended at age 17
After this period, records are securely destroyed.
13. DELETION REQUESTS
You may request deletion of your data at any time.
However, some information may need to be retained for:
Legal obligations
Insurance requirements
Safeguarding responsibilities
Each request is assessed individually.
14. YOUR DATA RIGHTS
You have the right to:
Access your personal data
Correct inaccurate data
Request restriction of processing
Request deletion (where applicable)
Object to processing
Withdraw marketing consent
Complain to the ICO
Responses are normally provided within one calendar month.
15. COMPLAINTS (DATA PROTECTION)
If you are concerned about how your data has been handled, you may raise a complaint.
