Privacy Policy

My name is Lauren Stoney and I am a certified NLP Practitioner and Hypnotherapist. Legislation from the Information Commissioner’s Office (General Data Protection Regulations – GDPR) requires anyone handling personal data to uphold certain practices in the management of that data.

For more information on the requirements, please visit the ICO website or click the link

This Privacy Policy sets out how I meet the requirements and how I use and protect any information that you give me when you visit my website, and when you use my services.

For all intents and purposes, I hold the role of data controller and data processor for all clients who receive my therapy and coaching services. I am responsible for managing how your personal data is to be processed and shared.

I am registered with the Information Commissioner’s Office and my registered number is ZA415962. If you have any questions about the way in which your personal data is used, please contact me directly on 07554 841880 or

How I collect your information

Any information collected by me, through which you can be identified, will only be used in accordance with this privacy statement.

Data may be collected by means of email, phone, website or face to face during sessions.


Anyone using my service, in the form of therapy and/or coaching, is required to complete a pre-consultation form which collects key personal information used for the purpose of coaching / therapy. It also includes the basic privacy policy, to be signed by way of confirming you have read and understood its content.

If you contact me using the contact form on the website, your enquiry comes to me via email. Your details are not stored by the website. I do not sell or share the information you give. You information will be used to contact you to follow up your enquiry. If you have consented to further communications, I may also contact you in the future with information that may be of interest to you including promotional offers.

When you enquire about my services via email and I reply to you via email, I cannot guarantee that your email, or my reply is 100% secure as no data transmission over the Internet can be guaranteed to be 100% secure. If you wish to send any documents via email and have any concerns about confidentiality, you may wish to password protect your documents before sending them to me. You can either provide me with your password in a separate email, or phone me and provide me with your password over the phone.

During consultation

When you attend coaching or therapy sessions, I collect and record data from you in order to get to know you, understand you, and help you overcome your difficulties. If you choose to contact me over the phone, I may collect information from you as a prerequisite for inviting you in for an assessment (see below).

Throughout the course of your sessions with me, I may collect some or all of the listed personal and sensitive data from you to ensure that the service I provide to you is adequate, and for therapy monitoring and evaluation purposes. This includes but is not limited to:

  • Name
  • Contact details including email address
  • Gender
  • Date of birth
  • GP name and contact details
  • Employment
  • Emergency contact
  • Ethnic background
  • Sexual orientation
  • Sexual behaviour and history
  • Relationship history
  • Religion
  • Physical and mental health history (including history of alcohol consumption, drug use and any medication previously prescribed)
  • Current physical and mental health symptoms including suicide risk, alcohol and drug use, and any medication you are currently taking
  • Offences and alleged offences

Receiving information from third parties

In rare cases, I may receive information about you from third parties, including health professionals or your employer. If they write a referral letter, it may contain both personal and sensitive information. If you have any concerns about whether the third parties are GDPR compliant, please contact them directly. I will never knowingly obtain data about you from any third party without your knowledge or consent.

Website data collection

I use website analytics tools like Google Analytics to better understand how people use my site so I can make it easier to use. These tools use tags and cookies to collect data on how you use our site. These services may collect your device’s IP address in pseudonymised form, geographic information, device type, browser information, and other data about your session. This doesn’t tell us who you are, and we don’t use this information to identify individual users. If you’ve opted into Google’s data privacy policy, Google may associate your visit with other data held by Google in order to identify you across multiple devices. You can refuse this use of cookies by changing the cookie settings in your browser.

How I store your information

If you have provided personal data but later decided not to pursue therapy, and you have not opted in to further communications from me, your email will be deleted within 3 months of your enquiry being made.

Whilst you are receiving therapy or coaching, any paper notes are stored in a locked, fire retardant storage. Notes may also be recorded electronically and stored on a secure password protected site, only accessible by myself. Your clinical notes may be moved from site to site, or from storage to the venue where you receive your therapy and back. This is to facilitate the effective delivery of therapy.

The phone is carried whilst in use, or locked in the same facility as the paper notes when not in use. Your name and number will not be stored in my phone to protect your confidentiality. The mobile number you will be provided is my contact number and will not be picked up by anyone else. Likewise, the voicemail box is only answered by myself.

The laptop containing any electronic records is stored in the same facility as the paper notes when not in use.

Once you are no longer using my service, your file is stored securely in a locked, fire retardant secure storage off site for seven years, after which your file is shredded or burned. I use two main criteria for determining my retention period.

Criteria 1: According to the Limitation Act 1980, you, as my client, have six years within which to bring against me a complaint of breach of contract, breach of trust or a claim in relation to negligence. It is therefore in both our interests that I store your data for this period of time. For young people, this time period commences from when they turn 18 years of age.

Criteria 2: The second criteria that I use in deciding how long to store your data is the likelihood of you returning to me for further therapy at some point in the future. Generally speaking, if a client returns to me for further therapy in future, they normally do so within seven years.

How i use/process your information

I take your privacy very seriously and am committed to ensuring your personal data is protected at all times. I process your personal data in line with GDPR legislation (General Data Protection Regulation) (EU) 2016/679.

My lawful basis for processing your data is called legitimate interest. In order for me to fulfill my role as a coach and therapist, I take notes in each session and store these notes in your file. I will only use your personal information in ways that are core or legally essential for me to fulfill my role as an effective, safe, ethical and responsive coach. Personal information is collected to ensure you are provided with effective, tailored coaching and/or therapy, which may include:

  • making appropriate referrals
  • communicating with you regarding your treatment/ appointments
  • account for my clinical decisions and/or respond to complaints
  • clinical supervision as part of my own professional development.  I am required to attend clinical supervision as part of my professional practice to discuss the clients I see with my supervisor. My supervisor is bound by the same ethical guidelines regarding confidentiality as I am. I never disclose full names when discussing my clients with my supervisor.

If you have consented to receiving further communications from me, I may also use your data to communicate with you about topics of interest and, in some cases, promotional offers.

In some cases, I may use profiling and screening techniques to analyse geographic, demographic and other information relating to you to better understand your interests and preferences so I can contact you with the most relevant communications. Personal details collected this way will only be used to provide you with information you would reasonably expect or have agreed to. I do this to understand more about the background and interests of the people who are interested in my services, allowing me to target my resources effectively. I may use additional information from publicly available sources where it is appropriate, which ensures I can make this service more widely known to those who are more likely to be interested in, and benefit from, this service. 

Profiling and screening means that you receive information that is appropriate, relevant and timely and which I hope will enhance your experience as an email subscriber and/or client. It means that I can make more people aware of the vital resources available in health and wellness, in the mission to help more people get their health and wellness back. If you would like to opt out of this, please contact me directly at

Sharing your information

Your personal information will never be shared with any third parties without your consent. Exceptions to this are:

Court Order: If I am required to disclose data about you under a Court Order
Child Protection: If I am concerned about the welfare of a child, i.e., where there are child protection issues
Risk to self or others: Where there is an imminent risk of harm to yourself or others, i.e., you have expressed an intent to kill yourself, or to kill someone else, imminently.

As per the BIH (British Institute of Hypnotherapy Code of Ethics, Conduct and Best Practice (the Code)), I must take appropriate action to protect the rights of children and vulnerable adults if I believe they are at risk, including following national and local policies.

Sharing your information with consent

There may be occasions when I need to share the personal information I process about you with third parties, such as health professionals involved in your care. When I do so, this would only ever be done with your consent and I would comply with all aspects of GDPR. If I am ever concerned about your mental state or safety, it may be deemed appropriate for me to refer to a third party such as your GP or local safeguarding contact.

There may be occasions where you wish me to share certain information for a specific purpose. Examples of this may be in education to support mitigating circumstances around exams or your employer to support a request for ‘reasonable adjustment’. On these occasions, you will be provided with a report or letter that you can then share with whomever is appropriate. This ensures you stay in control of your data and the sharing of it.

If you have been referred by your employer, they may request brief information about the proposed treatment, duration and outcomes to enable them to audit the provision of service and its cost-effectiveness. Under these circumstances, only the minimum amount of information necessary will be shared. You will be invited to view a copy of this information prior to it being submitted, and will be offered a copy.

My website may include quotes from feedback provided by previous clients, but this is anonymised using false names. You will be asked for consent to include this during the therapy process and your comments will only be included if you provide that consent. You are able to withdraw consent at any time, and if your comments have been included they will be removed.