Privacy Policy
Followed by Cookie Policy
Last updated: July 2026
How will my data be processed and stored?
In May 2018, the Data Protection Act 1998 was replaced by the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). Jennifer Hughes is registered with the Information Commissioner's Office (ICO).
The law exists to ensure your personal, confidential, and sometimes sensitive data is held privately and securely. This means any data you give to Jennifer Hughes must be processed lawfully and, in a way, you agree with. It applies to your identifiable data (e.g., your name and address), the reasons you are seeking therapy, and any session records, text messages, or emails between us.
Jenny Hughes Hypnotherapy follows professional and ethical standards set by the National Council for Hypnotherapists (NCH), The Association for Solution Focused Hypnotherapy (AfSFH), and the Complementary and Natural Healthcare Council (CNHC) where required.
What is the lawful basis for processing your data?
Under UK GDPR, we must have a lawful basis to process your personal data. For general contact and billing information, our lawful basis is "Legitimate Interests" (operating the practice) and "Contract" (fulfilling our therapy agreement with you).
Because hypnotherapy involves discussing your health, much of the information collected is classified as "Special Category Data." The legal conditions for processing this sensitive information are your "Explicit Consent" (obtained during your initial consultation) and the "Provision of Health or Social Care”.
Who else might see your data? (Third Parties & International Transfers)
We use carefully selected third-party service providers to help run the practice effectively. This includes categories of processors such as website hosting providers, email servers, secure online booking/payment systems, and cloud storage providers. These processors are strictly bound by confidentiality and UK GDPR regulations.
Some of our third-party processors may store data outside of the UK or European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as standard contractual clauses or adherence to the UK Extension to the EU-US Data Privacy Framework, to protect your data to UK GDPR standards.
How long will you hold my information for?
Jennifer Hughes is a member of the National Council for Hypnotherapists (NCH). As such they are bound by their regulations regarding the length of time they must hold onto your information. The organisation insists that Jennifer Hughes must hold onto your data for 8 years after your final session. However, the rule for children is different and NCH stipulates that their data must be held until their 25th birthday. The exception to this rule applies to young adults whose treatment ends when they are 17 years old when Jennifer Hughes must keep their records until they reach their 26th birthday. Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.
What if I would like my data to be destroyed before this date?
Due to the sensitive nature of what Jennifer Hughes offers, the insurance company advises that deletion of a client's data cannot occur before the minimum term (see above) has expired.
Your Data Rights
Under UK GDPR, you have several rights regarding your data:
Right of Access: You can request a copy of the information held about you. If you send a written request, we will supply it within 30 days free of charge (subject to identity confirmation). Note that our insurance legal team may wish to verify information before it is sent.
Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances.
You have the right to request the deletion of your data; however, this is superseded by our legal and insurance obligations to retain clinical records for 8 years as discussed above.
Am I able to see or get a copy of the information held by you?
In line with GDPR, if you send Jennifer Hughes a request in writing, specifying the data you wish to see, they will supply you with a copy of your data within 30 days. Jennifer Hughes will need to confirm your identity before sending you the information. There will be no charge for this service. Jennifer Hughes’ insurance company’s legal team may wish to verify any information Jennifer Hughes sends out.
What is your reason for collecting this information?
Jennifer Hughes is keen to offer the highest quality support to their clients and in order to do so they will collect the following information:
• An idea of what you would like to achieve by coming for hypnotherapy
• A small amount of medical information
• Some brief session notes
• Information submitted by you through enquiries forms on the website or via email
• Your contact details
• Parent/ guardian details where relevant
• Emergency contact details
• GP contact details
• Correspondence between you and Jenny Hughes
• Payment information if applicable
• CORP research data
This information allows Jennifer Hughes to provide continuity within the sessions, in order to help you towards your goal. This information will allow Jennifer Hughes to refer to the content of earlier sessions and previous discussions. Jennifer Hughes will only use your contact details/address and GP’s details with your explicit consent. See client agreement and initial consultation.
Website enquiries
If you contact Jenny Hughes Hypnotherapy with an enquiry whether by email, phone or website, we may collect and store the information you provide so we can accurately respond with the necessary information. Due to this please do not submit sensitive or personal data through any enquiry forms on the website unless absolutely necessary.
How do I know that Jennifer Hughes will store my information safely?
I take appropriate steps to protect personal information, this includes: password protection, authentication, secure platforms for any online therapy and encryption. Additionally, security measures will be regularly reviewed and maintained in accordance with GDPR law. For specific measures, see below:
Paper session notes – Jennifer Hughes stores all paperwork behind two secure locks at all times.
Online session notes – Jennifer Hughes stores all paperwork behind two secure passwords at all times.
Text messages – Jennifer Hughes’ work phone requires a password for access and uses WhatsApp for any messaging and this is secured by End-to-End Encryption.
Emails – Jennifer Hughes’ email account requires a password and multi-factor authenticator to access emails.
CORP research data- accessed via a password protected programme on a laptop and mobile device.
Online Therapy and the Use of Zoom
For clients opting for remote sessions, Jenny Hughes Hypnotherapy uses Zoom as our secure video conferencing platform.
Security and Encryption: To protect your privacy, all online sessions are conducted using Zoom’s End-to-End Encryption. Additionally, every session is secured with a unique meeting password and a 'waiting room' feature to ensure no unauthorized person can access the therapeutic space.
Data Processing: Zoom acts as a "Data Processor" for the practice. While the visual and audio content of our sessions remains strictly confidential and encrypted, Zoom may collect basic technical metadata (such as your IP address or device type) to facilitate the video connection. Zoom complies with UK GDPR regulations and utilizes approved safeguards, such as Standard Contractual Clauses, for any technical data processed outside the UK/EEA.
Session Recording: To maintain a safe and confidential therapeutic environment, online sessions are strictly not recorded by Jenny Hughes Hypnotherapy. We also kindly request that clients do not record sessions on their own devices.
Client Responsibility: While we take every measure to ensure the digital platform is secure, confidentiality during online therapy is a shared responsibility. We ask that you ensure you are in a quiet, private location where you cannot be disturbed, interrupted, or overheard for the duration of our call. Please also ensure that the device and network you use to connect are trusted and secure.
Are our discussions within the hypnotherapy sessions confidential?
Everything you discuss with Jennifer Hughes during your sessions remains strictly confidential. Occasionally it may be necessary for Jennifer Hughes to discuss elements of your sessions with their supervisor to ensure that they are helping you in the most effective way. However, no identifying features about you will be disclosed during these discussions. Jennifer Hughes’ supervisor is also registered with the ICO and abides by GDPR requirements.
What if I see Jennifer Hughes outside of a hypnotherapy session?
Jennifer Hughes is obliged by GDPR to protect your confidentiality at all times. So, for this reason, although they may acknowledge you, it would be ideal if any further conversation could be avoided. However, if you wish to discuss your therapy with other people, that is your choice and you are welcome to do so.
Will Jennifer Hughes discuss information about me with other health and social care professionals?
Jennifer Hughes is only able to contact other health and social care professionals with your written consent.
Should they write to your GP, to notify them that you have entered into a therapeutic relationship with them, or to notify them that your therapy has been successfully concluded, Jennifer Hughes would require your signature, in line with GDPR requirements.
Jennifer Hughes does have a ‘duty of care’ towards their clients, so the only exceptions to this would be if they believed that you were about to harm yourself or others. Additionally, if there were other safeguarding concerns present that required further intervention. Should this occur then Jennifer Hughes would be required to inform the relevant authorities. However, Jennifer Hughes would always aim to discuss this with you before taking any action. Legally, Jennifer Hughes would also have to provide the police with information as set out in a warrant or court order, should the situation arise. The decision to share information without consent would only be due to safeguarding, legal, ethical or insurance reasons
Complaints
If you have concerns about the collection or storage of your personal data, please contact Jenny Hughes Hypnotherapy. This will be acknowledged within 30 days and appropriate steps will be taken without undue delay. If you are not satisfied with the response, you can contact the Information Commissioner’s Office (ICO).
Who is the Data Controller and what is their ICO registration number?
The Data Controller is Jennifer Hughes, 5 Convent Close, BS107XQ. This policy was last updated 04/07/2026. It may be updated at any time, so please check back regularly to ensure that you're aware of the latest version. The latest version will always be stored in the privacy policy section of the website: jennyhugheshypnotherapy.co.uk for your convenience. Please note that the cookie policy for jennyhugheshypnotherapy.co.uk is available to view online.
ICO Registration number: ZC117731
Date 04/07/2026
Cookie Policy
This Cookie Policy was last updated on 04/07/2026
This Cookie Policy explains how Jenny Hughes Hypnotherapy uses cookies and similar technologies on our website at https://jennyhugheshypnotherapy.co.uk/. We are committed to protecting your personal information and being transparent about the technologies we use.
This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).
1. What Are Cookies?
Cookies are small text files that are downloaded to your computer or mobile device when you visit a website. They allow the website to recognize your device and store some information about your preferences or past actions.
2. The Cookies We Use
A. Strictly Necessary Cookies (No Consent Required)
These cookies are essential for our website to function properly and securely. Without these cookies, the core services you have asked for cannot be provided. Because they are strictly necessary for the operation of the site, PECR regulations state that we do not need your consent to place them on your device.
We use strictly necessary cookies to:
Ensure the security of the website and prevent fraudulent activity.
Route data over the network so the website loads efficiently.
Remember items placed in a shopping basket (if applicable).
Remember your privacy preferences (so we know whether you have consented to other cookies).
B. Functionality Cookies (Consent Required)
These cookies allow our website to remember choices you make and provide enhanced, more personal features. They help improve your experience but are not strictly essential for the website to work. We will only place these cookies on your device if you give us your explicit consent via our cookie banner.
We use functionality cookies to:
Remember your preferences, such as text size, fonts, and other customizable site elements.
Remember if you have already completed a specific action (like filling out a form or dismissing a pop-up) so you are not asked to do it again.
3. How to Manage Your Cookie Preferences
You have full control over the non-essential cookies on our site.
Our Cookie Banner: When you first visit our site, you will see a banner asking for your consent to use Functionality cookies. You can choose to "Accept" or "Decline." Additionally, you can select "manage preferences" for a wider choice.
Browser Settings: You can also configure your web browser to block or delete cookies entirely. Please note that if you use your browser settings to block all cookies (including Strictly Necessary ones), parts of our website may not function correctly. For more information on how to manage cookies via your browser, please visit the ICO’s guidance for the public on cookies.
4. Your Data Protection Rights
To the extent that any cookie we use collects personal data (such as an IP address or unique device identifier), we process this data in accordance with the UK GDPR. For full details on your rights—including your right to access, rectify, or erase your data, and your right to complain to the ICO—please read our Privacy policy at: https://jennyhugheshypnotherapy.co.uk/policies
6. Contact Us
If you have any questions about this Cookie Policy or how we handle your data, please contact us at:
CONTACT
You can contact me via my email for advice and information or if you would like a consultation. If however, you are having a mental health emergency, please Get help from 111 online or call 111 and select the mental health option.
If however you or anyone with you is in immediate danger please call 999.
The Samaritans are also able to support you here: https://www.samaritans.org/
Phone
info@jennyhugheshypnotherapy.com
© 2025. All rights reserved.
