top of page

Privacy Policy

This document sets out the parameters within which Kate Roberts Hypnotherapy acquires, controls, stores, uses and disposes of any personal data, in line with General Data Protection Regulation (GDPR) requirements.

Kate Roberts Hypnotherapy takes your privacy very seriously and treats all your personal information as confidential. “Personal information” is information through which you can be directly or indirectly identified e.g. your name or email address. Kate Roberts Hypnotherapy strictly adheres to the requirements of the data protection legislation in the UK.

Kate Roberts Hypnotherapy does not sell, rent or exchange your personal information with any third party for commercial reasons, beyond the essential requirement for credit/debit card validation during payment of sessions. Kate Roberts Hypnotherapy follows strict security procedures in the storage and disclosure of information, which you have given us, to prevent unauthorised access in accordance with the UK data protection legislation.

Kate Roberts Hypnotherapy uses a technology called cookies as part of a normal business procedure. Cookies are small text files that are created by a web server and stored on your computer when you visit a website. Many websites use cookies to improve your browsing experience. Cookies can also be used to record ‘analytics’ data i.e. which web pages you visit, whether or not you arrived at the web page by clicking on an advertisement or an affiliated website. Many websites find the collection of analytics data valuable in improving the quality and content of their web sites.

All the major browsers allow you to block cookies and delete those that have already been created on your computer, usually within the ‘Tools’ section of the browser. These tools allow you to specify which cookies you will accept by type and often by specific websites using an exception list e.g. you can block all cookies and then list the website from which you will accept cookies. There are also a wide choice of browser add-ins that you can install if you wish to have greater control over persistent cookies.

What is GDPR?

“General Data Protection Regulation (GDPR) is, essentially, an upgraded version of the existing Data Protection Act legislation”

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual. The General Data Protection Regulation covers all companies that deal with data of EU citizens. GDPR came into effect across the EU on May 25, 2018 (Information Commissioner’s Office).

The Personal Data Information Kate Roberts Hypnotherapy Holds 

As an organisation, due to the nature of the therapy services offered, Kate Roberts Hypnotherapy holds a moderate level of identifiable personal data including such data as is categorised under GDPR as ‘Special Category Data’.

Under GDPR, personal data is defined as “any information relating to an identified or identifiable natural person”. Special Category data is highlighted as sensitive and therefore needs more protection. Special Category data can include details of:

  • Race

  • Ethnic origin

  • Politics

  • Religion

  • Trade union membership

  • Genetics

  • Biometrics (where used for ID purposes)

  • Health

  • Sex life

  • Sexual orientation

It is viewed as sensitive as, in particular, this type of data could create more significant risks to a person’s fundamental rights and freedoms, for example by putting them at risk of unlawful discrimination.

Kate Roberts Hypnotherapy holds the following client information:

  • Name, address and contact details including email address and telephone number

  • Issues which the client is presenting/details of problems with which the client requires help

  • Personal history including family details

  • Medical history and medication record

  • Record of progress through therapy

Kate Roberts Hypnotherapy understands that client consent for treatment is not the same as GDPR consent. In the healthcare sector, client data is held under a duty of confidence. Kate Roberts Hypnotherapy operates on the basis of implied consent to use client data provided, for the purposes of direct therapy treatment, without breaching confidentiality.

How Kate Roberts Hypnotherapy acquires this information


Who Kate Roberts Hypnotherapy shares this information with

Kate Roberts Hypnotherapy sometimes needs to share the personal information it processes with the individual and also with other organisations. Where this is necessary, Kate Roberts Hypnotherapy is required to comply with all aspects of the Data Protection Act (DPA).

The following is a description of the types of organisations Kate Roberts Hypnotherapy may need to share some of the personal information with, that is processes, for one or more reasons:

  • Family, associates and representatives of the person whose personal data Kate Roberts Hypnotherapy holds (if dealing with children, for example)

  • Client’s GP or medical/healthcare consultant etc. (in circumstances where this may be appropriate for those health professionals to know)

  • Central government, police forces and security services (if applicable lawful request made)


The lawful basis for processing personal data

Kate Roberts Hypnotherapy holds personal data as described above, to enable it to:

  • Contact clients signing up for a free consultation via

  • Provide information on hypnotherapy, offers, tips, products and more to clients signing up to newsletters via

  • Conduct an assessment for clients who request help with treatment

  • Provide therapy sessions relevant to those clients

  • Track progress through therapy for clients

  • Assess therapy ‘end-point’ in conjunction with clients

The lawful basis for processing this data is defined under Article 9(2) of the GDPR:

Processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects.


Kate Roberts Hypnotherapy understands that whilst the holding of sensitive client data is lawful, and is held under a duty of confidence in terms of therapy/treatment, consent to process personal data electronically, or for marketing purposes, must be:

  • Freely given

  • Specific

  • Informed

  • Unambiguous

Kate Roberts Hypnotherapy understands that holding client data for treatment purposes and GDPR consent are not related. GDPR consent is not a pre-condition for therapy/treatment.

Kate Roberts Hypnotherapy understands the need for positive opt-in and that consent cannot be inferred from silence, pre-ticked boxes or inactivity. A quick, easy ‘unsubscribe’ link on our email marketing communications will always be provided. Kate Roberts Hypnotherapy has also expressly advised its entire marketing database that they can continue to hear from us by actively ‘opting-in’ to clarify that they agree with this.


Whilst Kate Roberts Hypnotherapy may hold client ‘Special Category’ data (see above for definition), via appropriate parental consent, for persons under the age of eighteen, which is considered as being held purely for client treatment purposes under a duty of confidence, Kate Roberts Hypnotherapy will not process any of this data for any other purposes such as marketing or profiling etc.

Data Security and Retention Policy

Kate Roberts Hypnotherapy IT system is backed up continuously. There is an active security policy in place to ensure that all data is backed up and held in a safe, confidential environment, including a secure, password protected, encrypted file. Kate Roberts Hypnotherapy laptops have an activated encryption function in the event of theft/misuse.

Personal data is held for a minimum of 5 (five) years, and an average maximum of 8 (eight) years, in line with NHS and healthcare industry guidelines, after which time it will be destroyed.


Individuals Rights 

Under GDPR, Kate Roberts Hypnotherapy acknowledges the following rights of the individual, in respect of any personal data that we hold:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • The right not to be subject to automated decision-making including profiling


Subject Access Requests

As outlined in GDPR guidelines, Kate Roberts Hypnotherapy will respond to and comply with all subject access requests within one month.

If it is felt that the individual’s request is manifestly unfounded or excessive, Kate Roberts Hypnotherapy reserves the right to refuse or to make a charge.

If any requests are refused on the above grounds, Kate Roberts Hypnotherapy will tell the individual why and inform them that they have the right to complain to the supervisory authority and to a judicial remedy – this will be done within one month of the request.

Communication of Privacy Information

Kate Roberts Hypnotherapy is communicating its privacy policy via this document which is, and will be, available at all times on

If you would like to discuss any aspect of this document, please contact:

Kate Roberts


bottom of page