Privacy Policy

Karen Briggs is a clinical solution focused psychotherapist and hypnotherapist.  I respect your privacy and will ensure that your personal information that you provide me is protected. 

This privacy policy explains how and why I collect personal information.  This might be information that is shared via text, email, the website contacts page and during the sessions you attend. It also explains how I use this information, whom I share it with and your rights regarding personal information.  

What information do I collect?

I collect basic information when you complete the website contacts page and when you email me directly. I collect it during the hypnotherapy sessions, when you text and when you complete the CORP research programme. I collect visitor behaviour information when you use the website

 In addition to your contact details and during the sessions I collect information about:

  • What you want to achieve during the hypnotherapy sessions
  • A limited amount of relevant medical information
  • Some family details
  • Brief session notes.

Why do we need a record of this information?

This is so that I can offer you the highest quality support to you, ensuring I am equipped with the knowledge of our discussions in previous sessions. Your contact details /address and GP details will only be used with your explicit consent. The CORP research programme collects non- identifiable information to produce statistical analysis into Solution Focused Hypnotherapy.

I use information from the website to identify visitor information behaviour and trends. An example would be the number of times the site has been visited and what pages have been accessed.  When you visit the website, you will be asked to accept or decline our cookies.

How do I know that the information will be held securely?

Hardcopy documents – All are stored in a locked filing cabinet.

Text messages – My mobile phone is secured with a pin code and finger print recognition.

Emails – Stored on the computer that requires a user name and password.

Electronic documents – Any electronic documents e.g. a letter to your GP, or an invoice, are password protected and stored on a password protected computer if they contain personal or sensitive information.

CORP Research – Stored on a password protected computer

How long will you hold my information for?

I adhere to the standards of the CNHC, an organisation that stipulates that I must hold your data for 8 years after your final session, unless you are a child, in which case I must hold your data until your 25th birthday, or unless you are 17 when treatment ends and then I must keep it until your 26th birthday.  Therefore all records will be deleted in the January after the above retention scales.  This is in line with NHS regulations for holding data.

What if I don’t want my records to be held for that long?

GDPR allows the request of all your records to be deleted.  You can make a request in writing to me at:

Karen Briggs White Cross Business Park, South Rd, Lancaster LA1 4XQ

Should you request this then all your paper records will be shredded with a cross shredding machine. Any electronic data such as emails, text messages and contact forms will be permanently deleted from the device they are stored on. Please note that I must save the deletion request you made. It is possible that the legal team of my insurance company ‘Holistic Insurance’ may want me to verify the information sent out.

Is what we discuss confidential?

Everything you discuss with me during your sessions remains strictly confidential. Occasionally it may be necessary for me to discus elements of your sessions with my supervisor to ensure that I am helping you in the most effective way.  However no identifying features about you will be disclosed during these sessions.  My supervisor also adheres to the GDPR.

Can I ask to see my data and how long will it take?

You are now able to ask to see any data that is held about you within 30 days of asking. You can ask for a copy of any personal information held by me if you decide. It is possible however, that the legal team of my insurance company may want to verify information that I send out.   

What if I see you outside of the session?

To ensure your confidentiality and comply with GDPR, if we see each other socially or outside of our sessions, I will not engage in any conversation regarding your therapy.  You are welcome to talk with other people about the therapy you are receiving

What about passing on information to other Health Care Professionals?

As I adhere to GDPR any contact relating to you with other health care professionals would only be made with your signed consent e.g. if I were to write to your GP to notify them of your treatment with me and to notify them of the treatment ending.  This would only happen if it seemed that it would be particularly beneficial to you or if I needed verification that Hypnotherapy is suitable for you. I would only do this if you were to sign the specific consent for this at the time, if such a decision is made.


In order to safeguard you and the people around you, if you were to disclose that you were going to carry out harm to yourself or someone else, then under my ‘Duty of Care’ I am obligated by law to inform the relevant authorities.  I would always aim to discuss this with you prior to contacting anyone.

If I was issued with a police warrant or court order for information about you, by law I would also have to provide them with the information.