Privacy Policy


This Privacy Policy outlines EM Wellbeing’s practices with respect to information collected from users who access our website at, or otherwise share personal information with us (collectively: “Users”).

What is the UK GDPR (General Data Protection Regulations, 2018) & how does it affect me?

The UK GDPR replaces the 1998 Data Protection Act to ensure that your personal and sensitive, confidential data is kept private and held securely, being processed in the way that we have agreed. It is there to protect your rights as a consumer of a service that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we might exchange.

EM Wellbeing privacy and data protection policies are in line with UK GDPR regulations.

How long will you hold my information for?

I am regulated by the CNHC, an organisation that stipulates I must hold your data for 8 years after your final session, unless you are a child, in which case I must hold your data until your 25th birthday, or unless you are 17 when treatment ends and then I must keep it until your 26th birthday. Therefore, all records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data.

What if I don’t want my records to be held for that long?

Under the UK GDPR you can make a request in writing to me, for all your records to be deleted. In this case I would contact my insurance company and if they agreed to it, all your paper records would be shredded with a cross shredding machine and any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. I would have to save the request for deletion that you made but would not save any other data.

Why do you need to record this information?

I collect information about; why you are using the service: a small amount of medical information: a small amount of information about your lifestyle: a small amount of information about significant others (family, friends etc.): alongside brief session notes. This information enables me to provide a high quality service to you, ensuring I am equipped with the knowledge of our previous discussions prior to each session. Your contact details / address and Doctors details will only be used with your explicit consent or under extreme circumstances threatening your safety or the safety of others. See Terms and Conditions form.

What provision is made to ensure my information is held securely? 

Hardcopy documents
Are all stored in a locked cabinet in a locked, private building.
Text messages
My mobile phone is secured with a pin code.
My email account requires a user name and password. All emails held by me will be deleted when the content is no longer needed, i.e. has been acted upon or therapy has ended.
Email attachments
Any attachments sent by email to you containing personal information would be password protected and the password would be sent to you via text message.
Electronic documents
Any electronic documents e.g. A letter to your GP, or an invoice, are password protected and stored on a password protected computer if they contain personal or sensitive information.

Is what we discuss kept confidential? 

Everything we talk about during our sessions is strictly confidential between you and me. To ensure I am doing my job effectively and that I have the right support, I may discuss elements of our sessions with my supervisor*. During these discussions I do not disclose any details that may identify you to my supervisor, and my supervisor also adheres to the GDPR.

*supervisors are specially trained hypnotherapists with whom therapists can discuss client issues if they wish but are not obliged to do so. No names or information that would identify a client would be disclosed.

What if I see you outside of the session?

To ensure your confidentiality, if we see each other socially, or outside of our sessions I will not engage in any conversation regarding your therapy. You are welcome to talk with other people about the therapy you are receiving, but I am obligated by UK GDPR law to ensure that your confidentiality is protected.

What happens to my information if anything happens to you, the therapist so you cannot continue with my treatment?

In the event of the therapist being incapable of continuing with your treatment, e.g. because of illness or death, you will be contacted by a trusted person who will also respect rules of confidentiality. You will then be given the option of being put in touch with another therapist for continuation of your sessions.

What happens if you, the therapist, are temporarily incapacitated so you cannot keep an appointment?

If possible, I will contact you myself, otherwise a trusted relative (spouse) will inform you.

What happens if you, the therapist, die during the period of my treatment or are unable to continue due to serious illness?

All client notes would be transferred to another local therapist, who would inform you and give you the option of continuing your therapy with him/her.

What about passing on information to other health and social care professionals? 

As I adhere to the UK GDPR, any contact, relating to you, with other health care professionals would only be made with your signed consent, e.g. If I were to write to your GP to notify them of your treatment with me, and to notify them of the treatment ending. This would only happen if it seemed that it would be particularly beneficial to you or if I need verification that Hypnotherapy is suitable for you. I would only do this if you were to sign the specific consent for this at the time, if such a decision is made.

In order to safeguard you and the people around you, if you were to disclose that you were going to carry out harm to yourself or someone else, then under my “Duty of Care” I am obligated by law to inform the relevant authorities. I would always aim to discuss this with you prior to contacting anyone.
If I was issued with a police warrant or court order for information about you, by law I would also have to provide them with the information.

Links to other websites

EM Wellbeing website may contain links to other websites of interest. However, once you use these links please be aware that you have left our website and we do not have any control over other websites. We cannot therefore be held responsible for the protection and privacy of any information which you provide when visiting such sites and these sites are not goverened by our privacy policy. We advise therefore that you check the privacy statement applicable to the website in question.

Website & Cookies

The EM Wellbeing website and hosting platform may store information about your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths using cookies (files that are sent by us to your computer or other access device) which we can access when you visit our site in future. We do this to understand our website traffic better.

I cannot trace this information back to you as an individual but can see consolidated data presented as graphics.

If you want to delete any cookies that are already on your computer, please refer to the instructions in your file management software to locate the file or directory that stores cookies.

Staying in touch

If you wish to receive emails about promotions or new services, please send me your email in the ‘Get in touch’ section or email me at These details are never passed on to a third party. E-newsletters are sent via MailChimp or just as a direct mail. You can unsubscribe at any time or ask me to delete your contact details.

User Rights

You may request to:

  • Receive confirmation as to whether or not personal information concerning you is being processed, and access your stored personal information, together with supplementary information.
  • Receive a copy of personal information you directly volunteer to us in a structured, commonly used and machine-readable format.
  • Request rectification of your personal information that is in our control.
  • Request erasure of your personal information.
  • Object to the processing of personal information by us.
  • Request to restrict processing of your personal information by us.
  • Lodge a complaint with a supervisory authority.

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

If you wish to exercise any of the aforementioned rights, or receive more information, please contact our Data Protection Officer (“DPO”) using the details provided below:

Tel: 07388 540493


We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow use of our services by minors without prior consent or authorization by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at

How to contact us

If you have any general questions about the Site or the information we collect about you and how we use it, you can contact us at

Emma Plant
Tel: 07388 540493
Last Modified April 2021