Privacy Notice

Privacy Notice The National College of Hypnosis & Psychotherapy

Contact Information:

National College of Hypnosis and Psychotherapy

The National College of Hypnosis and Psychotherapy Ltd. is a limited company, registered in

England and Wales/Scotland/Northern Ireland. Company Number 12521247. The National College of Hypnosis and Psychotherapy Ltd. includes the National Society of Talking Therapies (which does not have a separate corporate identity).

The data controller and processor is Stuart Cale.

 

The Lawful Basis For Processing Data

The basis on which we keep data is that of legitimate interests. This means that the data is necessary for us to fulfil the objectives of the college and that it is data that would reasonably

be expected for us to hold and use.

 

Data

The data we hold includes:        

Student Information

  • As provided on the forms required for entry to the course or in interview (data from the diversity form is added to a spreadsheet for the year and no identifiable data is added). If the form has been sent as a hard copy it is then shredded, and if electronically the email is permanently deleted. This is particularly important as some elements (e.g. ethnicity), which we need in order to gather statistics for the UKCP are considered special category data and as such should not be held in an identifiable way.
  • Work submitted and grades.
  • Information submitted in order to achieve each level of qualification (e.g. self-development

information).

  • Reports from tutors/supervisors.
  • Financial information.
  • Emails that are sent between us.
  • Details of any complaints/concerns.

Email Lists

  • Email addresses.
  • A record of which emails have been opened etc.

Member Information

  • Member information as provided on the application form.
  • Financial information.
  • Emails that are sent between us.
  • Details of any complaints/concerns.            

Enquirers’ Information

  • Emails that are sent between us.

Sharing

Data is shared in the following situations:      

  • With our regulators (CNHC and UKCP) who may ask questions such as whether you are in good standing.        
  • Our accountant will see bank, credit card and Paypal records which will contain any information that you submit when making payment. If you would like us to redact your identifiable data before sending to the accountant then please let us know.        
  • With venues who may need an attendee list for their own regulations.        
  • Within the organisation, e.g. with tutors and assessors. Fellow students will be able to see email addresses of those on the same stage of training in Dropbox.

The data is primarily used to enable us to provide the service(s) that you have engaged us to provide. It may also be used for scientific research purposes and statistical purposes.

 

Details of Where Data is Held:

        

  • Any emails are held either on computer hard drive or if archived in Dropbox which is a secure cloud-based storage facility (which is GDPR compliant).        
  • Student information is also held in Dropbox.        
  • Credit card information is shredded as soon as processed.        
  • Standing order mandates are shredded and/or deleted as soon as payments commence, if you use Paypal, standing order facilities or online banking then those systems will hold your data. We will download from these systems for accounting purposes and the resulting spreadsheets are then held in Dropbox and if sent to our accountants, they will be password protected.        
  • Email addresses are held within our email processing software, Icontact, which is GDPR compliant.

Student data is kept for 40 years, this length of time is based on the potential length of a career during which time you may need information from us. NSTT membership data is kept for as long as the person remains a member. Enquirer information is kept for three years, after this time any paper and computer records are destroyed.

Security

       

  • All data is held securely (see details of where data is held above).      
  • Any sensitive data transmitted is encrypted wherever possible.       
  • For accounting purposes Excel spreadsheets are used.

We are not, however, in control of data (including emails) which you send to us.

NCHP Ltd. team members are trained in the use of data according to our systems and this training is appropriately updated. If there is any breach of data security, NCHP will give full details to the Information Commissioners Office (ICO) and any person affected within 72 hours of the breach and

do all possible to minimise any potential impact.

 

Rights

You have rights with regards to the data held:        

  • The right of access. We will provide you with all data we hold on you as soon as we can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). For students, most data is held in Dropbox to which they have access.        
  • The right to rectification. If any data we hold is incorrect, please inform us and we will correct it as soon as we can following a request (and definitely within 30 days, unless that is impossible).       
  • The right to erasure. If you wish us to erase your data just let us know and we will delete any computer records and shred any paper records as soon as we can following a request (and definitely within 30 days, unless that is impossible). Data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include data such as address, email or phone.
  • The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure.       
  • The right to data portability. This might apply if you require your data sent to another party. 

The right to object to

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), NCHP does not engage in these activities.
  • Direct marketing. You can opt out at any time.
  • Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
  • Automated decision making and profiling. NCHP does not engage in automated decision making or profiling.