top of page

Privacy Policy

Updated 17 April 2026 (This policy will be updated periodically and in line with current legislation).

At Malcolm Struthers Hypnotherapy, I take your privacy seriously. As a professional hypnotherapist based in Dumfries and Galloway, I understand the importance of confidentiality, trust and handling sensitive personal information with care.

This policy explains how your personal data is collected, used and stored in line with UK data protection law.

 

Who I am

Malcolm Struthers Hypnotherapy
Dumfries and Galloway and online hypnotherapy sessions
Email: info@malcolmstruthers.com
Website: www.malcolmstruthers.com

Legal basis for processing data

I process personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The lawful bases I rely on are:

  • Contract – to provide hypnotherapy services

  • Legitimate interests – to manage and improve my practice

  • Explicit consent – for health information and email communications

 

Health-related information is treated as special category data and handled with additional care.

What personal data I collect

As part of providing hypnotherapy services, I may collect:

  • Name, email address and phone number

  • Health and wellbeing information relevant to your sessions

  • Session notes and progress records

  • Appointment and booking details

  • Payment information (via secure third-party providers

I only collect information that is necessary to support your sessions.

How your data is collected

Your data may be collected when you:

  • Book hypnotherapy sessions via TidyCal

  • Contact me through my website, email or phone

  • Complete consultation or intake forms

  • Attend online or in-person sessions

How your data is used

 

Your personal data is used to:

  • Arrange and manage appointments

  • Provide hypnotherapy and wellbeing support

  • Maintain accurate client records

  • Send relevant information where you have opted in

I do not use your data for automated decision-making.

How your data is stored and protected

Your data is stored securely at all times:

  • Digital records are held on encrypted, password-protected devices

  • Paper records are stored in a locked cabinet

  • Access is restricted to me only

Appropriate technical and organisational measures are in place to protect your information.

Third-party services

To run my hypnotherapy practice efficiently, I use trusted third-party providers, including:

  • TidyCal for appointment booking

  • Email providers for communication

  • Payment processors where applicable

  • Zoom or similar platforms for online hypnotherapy sessions

These providers meet appropriate data protection standards and only process data as required.

International data transfers

Some third-party services may store data outside the UK. Where this applies, appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses.

Data retention

Client records are kept for up to 7 years after your final session. This supports continuity of care, insurance requirements and professional standards.

After this period, data is securely deleted or destroyed.

Your data protection rights

You have the right to:

  • Access the personal data I hold about you

  • Request correction of inaccurate information

  • Request restriction of processing

  • Object to certain uses of your data

  • Withdraw consent at any time (where applicable)

Please note that some data may need to be retained to meet legal or professional obligations.

Confidentiality

All hypnotherapy sessions are confidential. Your information will not be shared unless:

  • You give explicit consent

  • There is a legal requirement

  • There is a serious risk of harm to you or others

Marketing and emails

If you choose to receive emails from Malcolm Struthers Hypnotherapy, you can opt out at any time using the unsubscribe link or by contacting me directly.

I will only send marketing communications where you have given consent.

Data breaches

In the unlikely event of a data breach, appropriate action will be taken and, where required, this will be reported to the Information Commissioner's Office.

Complaints

If you have concerns about how your data is handled, please contact me first so I can help resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office:
https://www.ico.org.uk

bottom of page