My name is Sarah Dubbins and I am a certified NLP Practitioner, Clinical Hypnotherapist and Coach. Legislation from the Information Commissioner’s Office (General Data Protection Regulations – GDPR) requires anyone handling personal data to uphold certain practices in the management of that data.
For more information on the requirements, please visit the ICO website or click the link
For all intents and purposes, I hold the role of data controller and data processor for all clients who receive my therapy and coaching services. I am responsible for managing how your personal data is to be processed and shared.
I am registered with the Information Commissioner’s Office reference number ZA406236. If you have any questions about the way in which your personal data is used, please contact me directly on 07734 310665 or
I respect and value the privacy of everyone who visits this website, www.sarahdubbins.org and will only collect and use personal data in ways that are described here, and in a manner that is consistent with my obligations and your rights under the law.
Any information collected by me, through which you can be identified, will only be used in accordance with this privacy statement.
Data may be collected by means of email, phone, my website or face to face during consultations.
If you contact me using the contact form on the website, your enquiry comes to me via email. Your details are not stored by the website. I do not sell or share the information you give. Your information will be used to contact you to follow up your enquiry. If you have consented to further communications, I may also contact you in the future with information that may be of interest to you including promotional offers.
When you enquire about my services via email and I reply to you via email, I cannot guarantee that your email, or my reply is 100% secure as no data transmission over the
Internet can be guaranteed to be 100% secure. If you wish to send any documents via email and have any concerns about confidentiality, you may wish to password protect your documents before sending them to me. You can either provide me with your password in a separate email, or phone me and provide me with your password over the phone.
When you attend coaching or therapy sessions, I collect and record data from you in order to get to know you and help work towards a solution. If you choose to contact me over the phone, I may collect information from you prior to an appointment.
Throughout the course of your sessions with me, I may collect some or all of the listed personal and sensitive data from you to ensure that the service I provide to you is adequate, and for therapy monitoring and evaluation purposes. This includes but is not limited to:
- Contact details including email address
- Date of birth
- GP name and contact details
- Emergency contact
- Ethnic background
- Sexual orientation
- Sexual behaviour and history
- Relationship history
- Physical and mental health history (including history of alcohol consumption, drug use and any medication previously prescribed)
- Current physical and mental health symptoms including suicide risk, alcohol and drug use, and any medication you are currently taking
- Offences and alleged offences
- In rare cases, I may receive information about you from third parties, including health professionals or your employer. If they write a referral letter, it may contain both personal and sensitive information. If you have any concerns about whether the third parties are GDPR compliant, please contact them directly. I will never knowingly obtain data about you from any third party without your knowledge or consent.
If you have provided personal data but later decided not to pursue therapy, and you have not opted in to further communications from me, your email will be deleted within 3 months of your enquiry being made.
Whilst you are receiving therapy or coaching, any paper notes are stored in a locked, fire retardant storage. Notes may also be recorded electronically and stored on a secure password protected site, only accessible by myself. Your clinical notes may be moved from site to site, or from storage to the venue where you receive your therapy and back. This is to facilitate the effective delivery of therapy.
The mobile number you will be provided is my contact number and will not be picked up by anyone else. Likewise, the voicemail box is only answered by myself.
The laptop containing any electronic records is stored in the same facility as the paper notes and locked when not in use.
Once you are no longer using my service, your file is stored securely in a locked, fire retardant secure storage for seven years, after which your file is shredded or burned.
According to the Limitation Act 1980, you, as my client, have six years within which to bring against me a complaint of breach of contract, breach of trust or a claim in relation to negligence. It is therefore in both our interests that I store your data for this period of time. For young people, this time period commences from when they turn 18 years of age.
I take your privacy very seriously and am committed to ensuring your personal data is protected at all times. I process your personal data in line with GDPR legislation (General Data Protection Regulation) (EU) 2016/679.
Any notes I take during appointments will be kept securely in a locked filing system. I will only use your personal information in ways that are core or legally essential for me to fulfil my role as an effective, safe, ethical and responsive coach. Personal information is collected to ensure you are provided with effective, tailored coaching and/or therapy, which may include:
- making appropriate referrals
- communicating with you regarding your treatment/ appointments
- account for my clinical decisions and/or respond to complaints
- clinical supervision as part of my own professional development. I am required to attend clinical supervision as part of my professional practice to discuss the clients I see with my supervisor. My supervisor is bound by the same ethical guidelines regarding confidentiality as I am. I never disclose any names when discussing my clients with my supervisor.
If you have consented to receiving further communications from me, I may also use your data to communicate with you about topics of interest and, in some cases, promotional offers.
Your personal information will never be shared with any third parties without your consent. Exceptions to this are:
Court Order: If I am required to disclose data about you under a Court Order
Child Protection: If I am concerned about the welfare of a child, i.e., where there are child protection issues
Risk to self or others: Where there is an imminent risk of harm to yourself or others, i.e., you have expressed an intent to kill yourself, or to kill someone else, imminently.
As per the BIH (British Institute of Hypnotherapy Code of Ethics, Conduct and Best Practice (the Code)), I must take appropriate action to protect the rights of children and vulnerable adults if I believe they are at risk, including following national and local policies.
There may be occasions when I need to share the personal information I process about you with third parties, such as health professionals involved in your care. When I do so, this
would only ever be done with your consent and I would comply with all aspects of GDPR. If I am ever concerned about your mental state or safety, it may be deemed appropriate for me to refer to a third party such as your GP or local safeguarding contact.
If you have been referred by your employer, they may request brief information about the proposed treatment, duration and outcomes to enable them to audit the provision of service and its cost-effectiveness. Under these circumstances, only the minimum amount of information necessary will be shared. You will be invited to view a copy of this information prior to it being submitted and will be offered a copy.
My website may include quotes from feedback provided by previous clients, but this is anonymised using false names. You will be asked for consent to include this during the therapy process and your comments will only be included if you provide that consent. You are able to withdraw consent at any time, and if your comments have been included they will be removed.
As a data subject, you have the following rights under the GDPR, which this Policy and my use of personal data have been designed to uphold:
The right to be informed about my collection and use of personal data;
The right of access to the personal data I hold about you;
The right to rectification if any personal data I hold about you is inaccurate or incomplete;
The right to be forgotten – i.e. the right to ask me to delete any personal data I hold about you (I only hold your personal data for a limited time, but if you would like me to delete it sooner, please contact me using the details on my website);
The right to restrict (i.e. prevent) the processing of your personal data;
The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
The right to object to me using your personal data for particular purposes; and
If you have any cause for complaint about my use of your personal data, please contact me and I will do my best to solve the problem for you. If I am unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
How Do I Use Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. I will comply with my obligations and safeguard your rights under the GDPR at all times.
My use of your personal data will always have a lawful basis, either because it is necessary for my performance of a contract with you, because you have consented to my use of your personal data (e.g. by subscribing to emails), or because it is in my legitimate interests. Specifically, I may use your data for the following purposes:
- Personalising and tailoring your experience;
- Personalising and tailoring my services for you;
- Replying to emails from you;
- Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time;
- Analysing your use of my site and gathering feedback to enable me to continually improve my site and your user experience.
With your permission and/or where permitted by law, I may also use your data for marketing purposes which may include contacting you by email, telephone, text message or post with information, news and offers on my services. I will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that I fully protect your rights and comply with my obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
I will never sell your data.
You have the right to withdraw your consent to me using your personal data at any time, and to request that I delete it.
I do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
How Can You Control Your Data?
In addition to your rights under the GDPR, when you submit personal data via my site, you may be given options to restrict my use of your data. In particular, I aim to give you strong controls on my use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from me which you may do by unsubscribing using the links provided in my emails.
You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by me (where such data is held). Under the GDPR, no fee is payable, and I will provide any and all information in response to your request free of charge. Please contact me for more details through the contact page on my website.
By using my site, you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than me. These Cookies are not integral to the functioning of my site and your use and experience of my site will not be impaired by refusing consent to them.
All Cookies used by and on my site are used in accordance with current Cookie Law.
Before Cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling me to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of my site may not function fully or as intended. Certain features of my site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”.
In addition to the controls that I provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
Thank you for reading.