This is the privacy notice of Liviu Tipurita Hypnotherapy. In this document, “I”, “we”, “our”, “us”, “practitioner” or “therapist” refer to me, Liviu Tipurita and my work as a hypnotherapist, NLP Practitioner and Personal Coach.
This policy sets out how I use and protect the information you provide when using my services and accessing this website.
This notice informs you of my policy about all information that I record about you. It sets out the conditions under which I may process any information that I collect from you, or that you provide to me. It covers information that could identify you (personal information) and information that could not.
In the context of the law and this notice, process means collect, store, transfer, use or otherwise act on information.
2. Our Core Beliefs Regarding User Privacy and Data Protection
• User privacy and data protection are human rights
• We will never sell, rent or otherwise distribute or make public your personal information
3. Who We Are and How We Process Your Personal Data
Liviu Tipurita / Hypnotherapy (operates website at www.live-fully.co.uk) comply with their obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing (and destroying it) securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
2 Harley Street, London, W1G 9PA
M: +44 (0) 7707 289 228
www.live-fully.co.uk (website owned by Liviu Tipurita)
Liviu Tipurita / Hypnotherapy, (operates website at www.live-fully.co.uk) are the business names of sole trader, Liviu Tipurita.
I, Liviu Tipurita am the Data Controller and Processor of Liviu Tipurita Hypnotherapy / www.live-fully.co.uk.
4. Statement of Intent
I intend to ensure any data you provide is kept secure, managed respectfully and only used for the purposes for which it has been provided.
This policy will be updated periodically in line with current legislation.
I am happy to clarify any of the points included in this Policy, should you require further information.
I take seriously the protection of your privacy and confidentiality. I understand that all visitors to my website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
I undertake to preserve the confidentiality of all information you provide to me, and hope that you reciprocate.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided here and at www.knowyourprivacyrights.org
I regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website and not use our services.
6. Personal Data
I process your personal data for the following purposes:
a. To deliver the services that you, the client requested;
b. To contact you as necessary in accordance with the services that you requested;
c. To contact you via surveys to ascertain your opinions on the service received from me;
d. To check in with you via email after the completion of the treatment, to see how you are getting on. This helps me with my ongoing research on the long term-effects and efficiency of the hypnotherapy.
e. For marketing purposes: I will ask you when you book your appointment to tick a box if you wish to receive promotional/ further information about services I may offer in future that I believe may be of interest to you, including our newsletter, or about well-being in general. If you do not tick this box, I will not contact you for these purposes.
f. To maintain my own accounts and records.
In the event that my recorded data is utilised for research purposes, my own supervision or for the instruction or tuition of students, all such data will be sufficiently anonymised to the extent that individual clients cannot be identified. The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentiality. However, should a client indicate that their data should not be used for these purposes, I will refrain from using that data.
Individual client data will never be passed to a third party without the express consent of the respective client, always provided that such confidentiality is neither inconsistent with the therapist’s own safety or that of the client, the client’s family members or other members of the public, nor in contravention of any legal action or legal requirement.
For the purposes of clarity, I uphold the common law principles of confidentiality where the duty to keep confidence is measured against the concept of ‘greater good’. If in my opinion as a therapist there is good reason to believe not to disclose would cause danger or serious harm to self, the therapist or others, then your GP or other appropriate agencies may be contacted. Only information required to ensure safety of relevant parties would be disclosed. Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime (i.e. the planning of a terror attack).
8. Retention Period for Personal Data
In accordance with my need to maintain the possibility of access to client data as a result of returning clients, or those who may wish to lodge a complaint in respect of my professional services to either my professional body or our insurers (i.e. in all cases perhaps after some period of time has elapsed), I retain client data for a minimum period of 7 years. For clients under the age of 18, data will be retained until their 25th birthday. After this time your information will be securely destroyed.
You do not have to consent to the collection and processing of information, however, if you choose not to provide it, I may not be able to work with you.
9. Our Lawful Basis for Processing Client Personal Data
The client has given clear consent for me to process their personal data for a specific purpose. Further, the processing is necessary for both my client’s and my own legitimate interests.
Therefore, the basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide therapy) and that it is data that you would reasonably expect me to hold and use.
10. What Data I Collect & Hold
The data I collect and hold is primarily used to enable me to provide therapy for you.
i. For those who enquire about therapy, the data I hold includes any information you have sent me by email/text/message
ii. For those who book and attend at least one session, the data I hold includes:
a. Basic information such as name, email address, phone number and the information you provide in the Client Intake Form;
b. Information that you give me when we communicate via email/telephone/online and as part of the work we do together which may include Personal history, Family, lifestyle and social circumstances, Financial details, Employment and education details, Physical or mental health details, Racial or ethnic origin, Religious or other beliefs of a similar nature, Offences and alleged offences etc);
c. Records of the interventions I use (or potentially do not use) in our sessions;
d. Emails, texts and/or messages that are sent between us;
e. Client testimonials, references or anonymous case studies;
f. Information sent from any third party, i.e. GP, insurance company, EAP;
g. I will ask you for your GP contact details and some basic health information: there are some conditions that are contra indicated for hypnotherapy and sometimes there are circumstances where it may be necessary to contact your GP before commencing therapy. I will inform you of this at our appointment should this appear appropriate.
h. I will ask you for details of your next of kin: this is used very rarely and only in emergency situations;
i. In some cases, only with your consent and for the sole purpose of therapeutic process, I may make an audio recording of either the whole, or a part of our session. I may send you a copy of this recording via email so you can listen to as part of the therapy. The purpose of such recording is to plan bespoke therapy sessions and identify/produce scripts/audio materials which will be used in session and/or which can be sent to you to listen to between sessions;
j. My accountants may see bank, credit/debit card, Stripe, iZettle, Square and Paypal records which will contain some information that you submit when making payment. If you would like me to redact your identifiable data before sending to the accountants, then please let me know.
Data is not shared with anyone, except possibly your GP, and for any reasons covered by the legal Requirements for Disclosure which are detailed above (at point g) and in the Confidentiality Section (please see the relevant session on my website).
11. How We Store Your Data
Details of where your data is held:
a. Any emails sent between us are held on my computer’s hard drive, on my iPhone, and/or iPad. All these devices are password protected and my computer has virus protection. Copies of the emails are also on the 1&1.co.uk server that hosts my website. 1and1.co.uk is committed to do everything in its power to ensure that your right to privacy is maintained and protected.
b. Any texts/WhatsApp messages/Messenger messages sent between us (see Social Media and Electronic Information section) are held on my computer’s hard drive, on my iPhone, and/or iPad. All these devices are password protected.
c. I use Acuity Scheduling (https://acuityscheduling.com/) to take bookings, payments, organise appointments, send confirmations of the bookings and reminders, process intake forms, keep and communicate with my Clients List etc. All the information that you provide when booking an appointment with me online – including the information you give in the Intake Forms, Consent Forms, Terms and Conditions or Agreement documents – are safely stored by Acuity Scheduling. They are GDPR compliant. I manage this data on their website and regularly back it up on my devices (see Backups section below).
d. I use Google Calendar to keep track of my professional appointments. Some of your data (name/phone/email) is stored on my Google calendar account. My Google Account is password protected and successfully passed the Security Check-up recommended by Google. Google is committed to protecting privacy and security and uses one of the world’s most advanced security infrastructures and encryptions. I access Google Calendar on my computer, on my iPhone, and/or iPad. All these devices are password protected.
e. At the point of payment, I use the following major, well known, reputable payment gateway providers/aggregators:
i. Stripe, Paypal (for Acuity online card payments & bookings)
ii. iZettle (point-of-sale system – app & card reader in combination with my password protected computer, my iPhone, and/or iPad.)
iii. Square (as a point of sale virtual terminal to accept remote payments including telephone payments, or to take manual payments, in combination with my password protected computer, my iPhone, and/or iPad) or with the Square app & card reader).
IMPORTANT NOTES: The payment gateway providers listed above are all PCI compliant and have the technical, fraud prevention, and safe banking infrastructure required to operate on-line payment systems and take card payments at point of sale. When you make a payment via one of these aggregators then clearly these systems will process your data. No payment details are kept on our website or servers. I do not see, collect or save your debit/credit card details. I download some information from these systems (name/date/amount/receipt/invoice) for accounting purposes and the resulting spreadsheets are held in my back-up systems (see Backups section below). When sent to my accountants, they are password protected.
o As stated in their Privacy Policies listed below, the payment gateway providers/aggregators I use implement and observe high-standards of security and are committed to protecting their user’s privacy and safety when processing payments. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. For information on how these payment processors collect, use, share or transfer your data, please see below the links to their privacy policies, to which you accept and consent when you sign up for, access, or use them. If you disagree with their practices described in these policies you should (a) take the necessary steps to remove their cookies from your computer after leaving their website, and (b) discontinue your use of their services. If you disagree with one particular payment gateway provider and would like to use an alternative one from my list, or if you would prefer to pay in cash, please contact me directly at: email@example.com
f. Your session notes are handwritten electronically/digitally or typed on a password-protected iPad and automatically backed up on my Apple iCloud, which is a secure cloud based storage. A coding system enables me, the therapist to know whose notes are whose, but a stranger seeing the notes would not be able to identify who they refer to.
g. Any audio recordings of part or the whole of our session will be made either on a professional recording machine, or on my password protected iPhone and will immediately be transferred and saved onto my computer or an iStorage Military grade AES 256-bit CBC Hardware Encryption IS-FL-DA-256-4 datAshur 256-bit secure encrypted flash drive. Following the transfer, the audio file will be deleted from the original recording device. With your consent, I may send you such recordings in a compressed form via email or WeTransfer. I will inform you in writing, via email, when your audio recording is fully deleted from all my systems.
h. Backups – All the electronic/digital data (including archived emails) that I collect are backed on one, several, or all of the following systems: on my password protected iPhone/computer (virus protected)/iPad; on my password protected AirPort Time Capsule; an iStorage Military grade AES 256-bit CBC Hardware Encryption IS-FL-DA-256-4 datAshur 256-bit secure encrypted flash drive; on my Apple iCloud which is a secure cloud based storage.
i. All your electronic/digital records are stored at my home office which is alarmed and has a 24/7 operating CCTV system. I do not keep paper records.
j. For accounting purposes Excel spreadsheets or MM Budgeting are used and when possible password locked
I take the security of data very seriously and as such:
o All data is held securely (see specific details of where data is held above)
o Any data transmitted is sent encrypted where possible
o I am not in control of data (including emails and texts) which you send me;
o Apps such as Facebook routinely access any information held on their platforms and this is beyond my control.
12. Breach of Data
If there is any breach of data security, I will give full details to the Information Commissioners Office (ICO) and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
13. Your Rights and Your Personal Data
If you do consent to the collection of information, you have rights with regards to the data held:
a. The right to be informed (which is why I have produced this Policy)
b. The right of access. If you wish to see your file then please make a request in writing to Liviu Tipurita, the Data Processor. I will provide you with all data I hold on you as soon as I can, following the request (and definitely within 30 days, unless this is impossible due to holidays, travelling overseas or illness).
c. The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can, following a request (and definitely within 30 days, unless this is impossible due to holidays, travelling overseas or illness).
d. The right to erasure also known as ‘the right to be forgotten’. We have a legal obligation to retain your records for seven years after your most recent appointment (for clients under the age of 18, data will be retained until their 25th birthday). After this period, you can ask us to delete these records if you wish. Otherwise we will retain your records indefinitely in order to provide you with the best possible care should you need to see us at some future date.
NB: Some data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing, but this would never include case notes or data such as name/address/email/phone.
e. The right to withdraw your consent to the processing at any time.
f. The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure. For instance, where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction to be placed on further processing;
g. The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, ie. I would send the data to you.
h. The right to object to:
o processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
o direct marketing.
o processing for purposes of scientific/historical research and statistics.
o automated decision making and profiling. (Note: I do not engage in automated decision making or profiling.)
i. The right to lodge a complaint with the Information Commissioners Office (see below).
14. Complaints Notice
If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/handling/).
15. To Access Your Personal Data
To access what personal data is held, identification will be required.
We will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport or birth certificate, together with a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to firstname.lastname@example.org or by phoning +44 (0) 7707 289 228 or writing to us at: Liviu Tipurita Hypnotherapy, 2 Harley Street, London, W1G 9PA
If you do not hear back from us within five days, please try another form of contact.
16. Other Matters
a. Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you, but Google do not grant us access to this. We consider Google to be a third party data processor.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
I may also occasionally use the 1&1.co.uk’s (my own website provider) Analytics System, which functions similarly to GA.
• Improve website security and link to other social networks.
• Better understand how our users find and use our web pages and to see their journey through the website
• Collect any personally identifiable information
• Collect any sensitive information
• Pass date to advertising networks or third parties
• Pay sales commissions
c. Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
d. Links to other websites
17. ICO Registration No
Our ICO Registration Number is: ZA361795