top of page

Privacy Policy

​

Updated 17 April 2026 (This policy will be updated periodically and in line with current legislation).

​

At Malcolm Struthers Hypnotherapy, I take your privacy seriously. As a professional hypnotherapist based in Dumfries and Galloway, I understand the importance of confidentiality, trust and handling sensitive personal information with care.

​

This policy explains how your personal data is collected, used and stored in line with UK data protection law.

 

Who I am

Malcolm Struthers Hypnotherapy
Dumfries and Galloway and online hypnotherapy sessions
Email: info@malcolmstruthers.com
Website: www.malcolmstruthers.com

​

Legal basis for processing data

​

I process personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

The lawful bases I rely on are:

​

  • Contract – to provide hypnotherapy services

  • Legitimate interests – to manage and improve my practice

  • Explicit consent – for health information and email communications

 

Health-related information is treated as special category data and handled with additional care.

​

What personal data I collect

​

As part of providing hypnotherapy services, I may collect:

​

  • Name, email address and phone number

  • Health and wellbeing information relevant to your sessions

  • Session notes and progress records

  • Appointment and booking details

  • Payment information (via secure third-party providers

​

I only collect information that is necessary to support your sessions.

​

How your data is collected

​

Your data may be collected when you:

​

  • Book hypnotherapy sessions via TidyCal

  • Contact me through my website, email or phone

  • Complete consultation or intake forms

  • Attend online or in-person sessions

​

How your data is used

 

Your personal data is used to:

​

  • Arrange and manage appointments

  • Provide hypnotherapy and wellbeing support

  • Maintain accurate client records

  • Send relevant information where you have opted in

​

I do not use your data for automated decision-making.

​

How your data is stored and protected

​

Your data is stored securely at all times:

​

  • Digital records are held on encrypted, password-protected devices

  • Paper records are stored in a locked cabinet

  • Access is restricted to me only

​

Appropriate technical and organisational measures are in place to protect your information.

​

Third-party services

​

To run my hypnotherapy practice efficiently, I use trusted third-party providers, including:

​

  • TidyCal for appointment booking

  • Email providers for communication

  • Payment processors where applicable

  • Zoom or similar platforms for online hypnotherapy sessions

​

These providers meet appropriate data protection standards and only process data as required.

​

International data transfers

​

Some third-party services may store data outside the UK. Where this applies, appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses.

​

Data retention

​

Client records are kept for up to 7 years after your final session. This supports continuity of care, insurance requirements and professional standards.

​

After this period, data is securely deleted or destroyed.

​

Your data protection rights

​

You have the right to:

​

  • Access the personal data I hold about you

  • Request correction of inaccurate information

  • Request restriction of processing

  • Object to certain uses of your data

  • Withdraw consent at any time (where applicable)

​

Please note that some data may need to be retained to meet legal or professional obligations.

​

Confidentiality

​

All hypnotherapy sessions are confidential. Your information will not be shared unless:

​

  • You give explicit consent

  • There is a legal requirement

  • There is a serious risk of harm to you or others

​

Marketing and emails

​

If you choose to receive emails from Malcolm Struthers Hypnotherapy, you can opt out at any time using the unsubscribe link or by contacting me directly.

​

I will only send marketing communications where you have given consent.

​

Data breaches

​

In the unlikely event of a data breach, appropriate action will be taken and, where required, this will be reported to the Information Commissioner's Office.

​

Complaints

​

If you have concerns about how your data is handled, please contact me first so I can help resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office:
https://www.ico.org.uk

​

bottom of page