Privacy Notice: How Your Data is Processed & Stored

1. How will my data be processed and stored?

The General Data Protection Regulation (GDPR) and the UK Data Protection Act are aimed at ensuring your personal, confidential, and sometimes sensitive data is held privately and securely. This means that any data you share with Henry Lushington must be processed only in ways you explicitly agree to.

GDPR exists to protect your rights as a consumer. It applies to your identifiable data (such as your name, address, and contact details), any reasons you have for seeking hypnotherapy, and all session records, text messages, or emails between us. Henry Lushington Hypnotherapy  is fully registered with the Information Commissioner's Office (ICO) to handle this data legally and safely.

​

2. What are the reasons for collecting this information?

To offer the highest quality support and ensure continuity within our sessions, I collect the following information:

• An overview of what you would like to achieve through hypnotherapy

• Relevant medical information

• Brief, ongoing session notes

• Your contact details

• Your GP’s contact details

• CORP research data (used to track progress and outcomes)

• Basic information about important individuals in your life (e.g., family members or partners)

This information allows me to refer back to the content of earlier sessions and tailor our progress toward your goals. I will only ever use your contact details or contact your GP with your explicit, written consent.

​

3. How do I know my information is stored safely?

I use robust security measures to protect your data across all mediums:

• Paper session notes: All paper notes are securely stored in a locked filing cabinet accessible only by me.  

• Text messages: My business phone is password-protected and secured by biometric face/fingerprint ID.

• Emails: My email account uses two-factor authentication and a secure, encrypted password to access.

• CORP research data: This data is accessed solely via a password-protected program on a secure, private device.

​

4. Are our discussions within the hypnotherapy sessions confidential?

Everything you discuss with me during your sessions remains strictly confidential.

Occasionally, it may be necessary for me to discuss elements of our sessions with my supervisor to ensure I am supporting you in the most effective way. However, no identifying features or personal details about you will ever be disclosed during these discussions. My supervisor is also fully registered with the ICO and abides by all GDPR requirements.

​

5. What if I see you outside of a hypnotherapy session?

I am obliged by GDPR and professional ethics to protect your confidentiality at all times. For this reason, if we happen to cross paths in public, I will not initiate a conversation or acknowledge you unless you choose to greet me first. This prevents others from questioning how we know each other. You are, of course, entirely welcome to discuss your own therapy with anyone you choose, but your privacy remains my absolute priority.

​

6. Will you discuss information about me with other health professionals?

I will only contact other health and social care professionals with your written consent. For example, if I write to your GP to notify them that you have started hypnotherapy or that your therapy has successfully concluded, I will always require your signature beforehand.

The only exceptions to this confidentiality rule are rooted in my legal Duty of Care:

1. If I have reason to believe that you are at serious risk of harming yourself or others, I am required to inform the relevant authorities. I will always aim to discuss this with you before taking action.

2. I am legally required to provide information to law enforcement if served with a valid court order or police warrant.

​

7. How long will you hold my information for?

As a member of AfSFH, I am bound by regulatory frameworks regarding data retention, which align with NHS guidelines:

• Adults: Client records must be held for 8 years after your final session.

• Children & Young Adults: If a client is a child, their data must be held until their 25th birthday. If treatment concludes when the young adult is 17 years old, records must be kept until their 26th birthday.

All relevant client records are securely destroyed in the January following the expiration of these mandatory dates.

​

8. What if I would like my data to be destroyed before this date?

Due to the sensitive nature of clinical hypnotherapy, my professional insurance company advises that the deletion of a client's data cannot occur before the mandatory minimum retention terms (stated above) have expired.

​

9. Am I able to see or get a copy of the information held by you?

Yes. In line with GDPR, you have the right to request access to your data. If you send a request in writing specifying the data you wish to see, I will supply you with a copy free of charge within 30 days. Please note that I will need to verify your identity before releasing any information, and my insurance company's legal team may wish to verify any information sent out.

Data Controller & Regulatory Status

• Data Controller: Henry Lushington / Henry Lushington Hypnotherapy

• Clinic Address: 107 New Brighton Road, Emsworth, Hampshire, PO10 7QS

• ICO Registration Number: ZC144684

​

10. Your Right to Complain

We work to the highest standards when it comes to processing your personal and sensitive health information. If you have any questions, concerns, or wish to make a formal complaint about how your data is handled, please contact me directly:

• Email: info@henrylushington.co.uk

• Phone: 07795 435377

• Postal Address: Henry Lushington Hypnotherapy, 107 New Brighton Road, Emsworth, Hampshire, PO10 7QS

​

​

I take all data protection complaints very seriously. I will formally acknowledge receipt of your complaint within 30 days and will conduct a thorough internal investigation to resolve the matter without undue delay, keeping you fully updated on my progress.

​

If you remain unsatisfied with my handling of your complaint or my response, you have the statutory right to lodge a formal complaint with the UK's data protection regulator, the Information Commissioner’s Office (ICO).

• ICO Website: ico.org.uk/make-a-complaint

• Helpline: 0303 123 1113

• Our ICO Registration Number: ZC144684

​​

Please note that our online Cookie Policy is available to view separately at www.henrylushington.co.uk This policy was last updated on Monday 8 June 2026. It may be updated at any time, so please check back regularly to ensure you are aware of the latest version.