Privacy Statement

Privacy Policy


At Giles Norbury Clinical Hypnotherapy (“we”, “us”, “our”), we are committed to protecting and respecting your privacy.


This Policy explains when and why personal information is collected about people who visit this website, how it is used, and the conditions under which it may be disclosed it to others and how it is kept it secure. 


The processing of personal data is governed by the Data Protection Act 1998 and from 25th May 2018 the General Data Protection Regulation (GDPR) (EU) 2016/679 will come into force. The data controller is Giles Norbury. This means he is responsible for how your data is processed and for what purposes. If you have any questions about our privacy policy or information held about you then please get in contact (see below).


This Policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using this website and our services, you’re agreeing to be bound by this Policy.


Any questions regarding this Policy and my privacy practices should be sent by email to info@gilesnorbury.co.uk or by writing to Giles Norbury Clinical Hypnotherapy, Spiro Chiro Clinic, Holcombe House, Gravel Hill, Ludlow, Shropshire SY8 1QU.


Who is Giles Norbury?
Giles Norbury is a fully qualified Sleep Assessor and Sleep Manager.  He is also a Clinical Hypnotherapist working (principally) from the Spiro Chiro Clinic in Ludlow.  He is registered with the Complimentary and Natural Healthcare Council (CNHC), the National Hypnotherapy Society and the General Hypnotherapy Standards Council.  He works in accordance with their Codes of Conduct.


How is information collected from you?
Information is collected about you in two ways.
Firstly, when you make contact through the website (www.gilesnorbury.co.uk) about our products and services, so that we can communicate with you.  This is done by completing form on the “Contact” page. 


Secondly, these and other details pertinent to your case history will be recorded if you contact us by private email or telephone.  Case notes will also be recorded manually, whilst face-to-face in clinic.


What type of information is collected from you?
The personal information we collect through the website might include your name, address, email address, telephone numbers and a short description of the nature of your enquiry.
We do not recommend sending sensitive information about a health condition as we cannot guarantee its security on the internet.


We do not send sensitive information or discuss case history by email.  We may however send documents, questionnaires and health factsheets.  Any case sensitive information that is sent to us by you or other health professionals (via email) will be printed upon receipt and the original message deleted.  We ask that you avoid sending us information in this way.


The website may also collect anonymous website usage information using cookies – this can be prevented by changing the settings on your own web browser.  Your IP address may also be logged in order to diagnose problems with the server or network infrastructure.


In clinic, you will be asked to provide administrative details (including confirmation of contact details, your GP etc) as well as details about your condition.  This is recorded manually.


CCTV:  some of the clinics use CCTV for security purposes in the communal areas.  There are no cameras or recording equipment in the clinic rooms.  This data is the responsibility of the clinic(s) themselves and all enquiries should be directed to the relevant proprietors.


Lawful Basis For Collecting Your Data
Without essential clinical and administrative data, it is not possible or ethical to treat a client.  You will therefore be asked to give formal consent for the collection of this data at the beginning of the first appointment, at which point your options with regard to this data can be explained.  The processing of this special category of personal data is necessary for the provision of healthcare.  Consent / contract for personal data is also a lawful basis.


How is your information used?
We may use your information to/for:
•    internal administration
•    respond to your enquiry about our service;
•    for the provision of therapy;
•    “follow up” on any treatment you have received;
•    process orders that you have submitted;
•    seek your views or comments on the services we provide;
•    notify you of changes to our services;
•    send you communications which you have requested and that may be of interest to you.

We will hold and transmit your information in a safe, confidential and secure environment and we will never sell or pass on client information to other organisations without your express written permission or unless required to do so by law.


We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (e.g. invoices & receipts). We will hold your personal information on our systems for as long as is necessary for the relevant activity, until you ask us to destroy it or for a minimum of 10 years after the end of treatment.  Destruction of documentation is by electronic deletion, shredding and burning.


Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Occasionally (in clinic) it is necessary to contact other health professionals (e.g. your GP, dentist or referring therapist).  This is usually to prevent any conflict in treatment and so it may be necessary to give some details of your condition as well as proposed treatment.  Before contacting the other professional(s), you will be asked to provide written confirmation of your approval, verbally as well as in writing (including email).  A copy of your authorisation may be enclosed for the benefit of that individual.  This note will also authorise them to release by return any details from their own case history relevant to this treatment.


Third Party Service Providers:  Information submitted to us via the website or email may become visible to our third party service providers whilst completing maintenance on the website.  They have a duty that requires them to keep your information secure and not to use it for their own purposes.  Please be reassured that we will not otherwise release your information to third parties without your express written permission or unless we are required to do so by law, for example, by a court order, for the purposes of prevention of fraud or for your own safety or that of others.


We will not contact you for marketing purposes by email, phone, post or text message.


How you can access and update your information
The accuracy of your information is important to us and we will endeavour to keep your information current and accurate.  In the meantime, if you change email address, or if any of the other information we hold is inaccurate or out of date, please email us at info@gilesnorbury.co.uk, or write to us at: Giles Norbury, Spiro Chiro Clinic, Holcombe House, Gravel Hill, Ludlow, Shropshire, SY8 1QU.


You have the right to ask for a copy of the information Giles Norbury Clinical Hypnotherapy holds about you.  Access will be granted within one calendar month of receipt of the request.  If you find any inaccuracies we will delete and/or correct it. You also have the right to request removal of personal data where there is no compelling reason for its continued processing.  Your data will be scanned and saved to USB for you to collect from the reception at SpiroChiro clinic.  We reserve the right to charge for this service.


If you are not happy with how your data is stored or processed, you have the right to contact the ICO (Information Commissioner’s Office) and relay your concerns.


You have the right to object to us processing your data, however, it is not practical to do this prior to the end of therapy.


Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. 
Enquiries via the website are printed and the original emails deleted.  Non-sensitive details (your email address etc.) are transmitted normally over the Internet (encrypted), though this can never be guaranteed to be 100% secure.


Diaries (personal and clinic) contain only the client name.  Your email address may also be stored in the email address book.  The personal diary and email are both password protected.
As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.


All records are kept in a lockable filing cabinet, within a secure premises.  Whilst in transit, they are also stored in a locked strong box.  It is not practical to only keep encrypted electronic records whilst providing therapy.


Once we receive your information, we make our best effort to ensure its security on our systems and premises.


Use of 'cookies'
Like many other websites, the Giles Norbury Clinical Hypnotherapy website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better, more personalised service.


It is possible to switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality when using our website.


Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.


In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.


16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.


Review of this Policy
We keep this Policy under regular review. This Policy was last updated in May 2018.