top of page

Privacy Policy

Statement of Intent

This policy sets out how I at Bright Thinking Therapies otherwise known as Michelle Louise Balson use and protect the information that you provide when you use our services and our website.

It is my intention to ensure that any data you provide is managed respectfully, kept secure and only used for the purposes for which it has been provided. This policy will be updated from time to time in line with prevailing legislation.

When you contact me via phone or email I will collect your: Name: Email Address: Telephone Number: Any information you choose to supply regarding the purpose of your enquiry.

What I do with this information:

I use this information in order to make contact with you to discuss your requirements. I may also use this information to improve my services such as offering sessions in a different location.

At the first appointment I will ask for Your name, address, telephone and email contact details so that I may contact you during the time we are working together.  I will also ask for your GP contact details and health information: there are some conditions which are contraindicated for hypnotherapy. Your next of kin: this is used very rarely and only in emergency situations. I will not contact you about anything else. Please be sure to tell me whether I can leave messages on your answerphone.

In the course of our sessions I will make a note of information you provide to us in order that I can plan future sessions and produce language patterns which will be used in session.

Under the General Data Protection Regulations which are effective from 25th May 2018 you have the following rights:

The GDPR includes the following rights for individuals:

  • The right to be informed (which is why I have produced this policy).


  • The right of access (if you wish to see your file then please make a request in writing to Michelle Louise Balson, the Data Processor. I will provide you with the information within 30 days of your request).

  • The right to rectification (this is your right to request changes to any information I hold that is factually inaccurate. If you believe any of the information I hold about you is incorrect then please let us know as soon as possible and I will make the appropriate changes.


  • The right to erasure (given the nature of MY work I AM required to hold your details for a period of 7 years, after this your information will be securely destroyed.)


  • Any paper notes are kept securely and only I have access to them. Any emails are password protected and only I have access to them. Any phone calls/messages are password protected and only I have access to them. I will keep computer records of our sessions, but these are on a computer solely used for Hypnotherapy sessions, is password protected and only I have access to it. I will make every effort to keep all information and details completely confidential and secure.


  • The right to restrict processing (I will only use the information for the purposes that I have stated: most standards of confidentiality applied in professional contexts are based upon the Common Law concept of confidentiality where the duty to keep confidence is measured against the concept of “greater good”. If in the therapist's opinion there is good cause to believe that not to disclose would cause danger or serious harm to self, the therapist or others, your GP or other appropriate agencies may be contacted.


  • Only information required to ensure safety of relevant parties would be disclosed. Information may have to be disclosed without consent for the prevention, detection or prosecution of a crime. The sharing of anonymous case histories with supervisors and peer support groups is not a breach of professional confidentiality.


  • The right to data portability: I will not share your information, other than in the situations described above, without your specific consent.


  • The right to object (I will not contact you for marketing purposes)


  • The right not to be subject to automated decision-making including profiling (I will not use your information for profiling purposes).


  • Sharing Data. I am the data processor for the purposes of administration (including appointment making) and accounts. The data processor is trained for GDPR purposes and fully compliant with the requirements.


  • Webcam Sessions. Where sessions are conducted by webcam, eg. Skype, Facetime, the sessions are recorded only for as long as it takes to write up the notes not taken contemporaneously. Once notes have been documented, the recording is deleted.


  • Cookies. Cookies are small files which ask permission to be placed on your computer's hard drive so that I can analyse web traffic to our site. Through this I can see which of our website's pages are being viewed and are of interest. Most web browsers automatically accept cookies, but you can modify your setting to decline them if you prefer. If you choose to do this, you may find you cannot make full use of the website.


  • There shouldn’t be any outside links on the website. If there are then I did not put them there so don’t click on them.


  • My website was made from a Wix template. Wix provide security to the site.

bottom of page