Privacy Policy

How will my data be stored?

In May 2018 the Data Protection Act was replaced by the General Data Protection Regulations (GDPR). Sharon Mortimer is GDPR registered. The changes to the Data Protection Act are aimed at ensuring that your personal, confidential and sometimes sensitive data, is held privately and securely. This means that any data you give to Sharon must be processed in a way that you agree with. GDPR exists to protect your rights as a consumer. It applies to your identifiable data, e.g. your name and address & any reason you might have for visiting Sharon. It also covers any session records, text messages or emails between Sharon and yourself.

How long will you hold my information for?

Sharon is a member of a number of regulatory bodies and as such she is bound by their regulations regarding the length of time she must hold onto your information. In light of this, Sharon must hold onto your data for 8 years after your final session. (However, the rule for children is different and some organisations stipulate that their data must be held until their 25th birthday.  The exception to this rule applies to young adults whose treatment ends when they are 17 years old, when Sharon must keep their records until they reach their 26th birthday). Client records will be destroyed in the January after the dates given above. This is in line with NHS regulations for holding data.


What if I would like my data to be destroyed before this date?

Under the GDPR rules you are able to request the deletion of any of your records at any time.  Simply write to Sharon requesting that your records are destroyed and once she has confirmed your identity, she will do so. There is no charge for this service. Sharon will then ensure that all your paper records are shredded.  Any electronic data held by Sharon, such as emails or text messages will be permanently deleted from the devices they are stored on. NB. Sharon will need to save the written deletion request you sent her but would destroy any other data.

Am I able to see or get a copy of the information held by you?

In line with GDPR if you send Sharon a request in writing, specifying the data you wish to see, she will supply you with a copy of your data within 30 days. Sharon will need to confirm your identity before sending you the information. There will be no charge for this service. NB. Sharon’s insurance company’s legal team may wish to verify any information she sends out.

What are your reasons for collecting this information?

Sharon is keen to offer the highest quality support to her clients and in order to do so, she will collect the following information:


  • Your personal contact details including address, telephone, NOK etc.
  • Physical contact consent


  • An idea of what you would like to achieve by coming for hypnotherapy
  • A small amount of medical information
  • Some information about your important others
  • Some brief session notes
  • Your contact and NOK details
  • GP contact details
  • Research data

This information allows Sharon to provide continuity within the sessions, in order to help you towards your goal. This information will allow Sharon to refer to content of earlier sessions and previous discussions. Sharon will only use your contact details / address and GP’s details with your consent, unless it is thought you are at risk to yourself or to others, or you were taken ill during your session with Sharon, in which case your next of kin or medical assistance will be contacted. Confidentiality may also be broken if a criminal act is disclosed.

How do I know that Sharon will store my information securely?

  • Paper session notes – Sharon stores all paperwork within a locked unit.
  • Text messages – Sharon’s phone is secured with fingerprint recognition or a pass code.
  • Emails – Sharon’s email account requires a username and password.

Are our discussions within the hypnotherapy sessions confidential?

Everything you discuss with Sharon during your sessions remains strictly confidential. Occasionally it may be necessary for Sharon to discuss elements of your sessions with her supervisor to ensure that she is helping you in the most effective way. However, no identifying features about you will be disclosed during these discussions. Sharon’s supervisor is also registered with GDPR.

What if I see Sharon outside of a hypnotherapy session?

Sharon is obligated by GDPR to protect your confidentiality at all times. So, for this reason, although she may acknowledge you in a response to you doing so first, any therapy conversation should be avoided.  However, if you wish to discuss your therapy with other people, that is your choice and you are welcome to do so.

Will Sharon discuss information about me with other Health and Social Care Professionals?

Sharon is only able to contact other health and social care professionals with your written consent. Should she write to your GP, to notify them that you have entered into a therapeutic relationship with her, or to notify them that your therapy has been satisfactorily concluded, Sharon would require your signature in line with GDPR requirements. Sharon does have a “Duty of Care” towards her clients, so the only exceptions to this would be if she believed that you were about to harm yourself or others. Should this occur then Sharon would be required to inform the relevant authorities”. However, Sharon would always aim to discuss this with you before taking any action, where possible. Legally, Sharon would also have to provide the police with information as set out in a warrant or court order, should the situation arise.

Other information

ICO registration number : ZA754113

Changes to our privacy policy

Sharon keeps the privacy policy under regular review. This privacy policy was last updated on 04.03.2024

Other websites – Believe & Achieve website may contain links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies

Cookie Policy

I want my website to be easy to use, reliable and relevant to visitor interests. In order to monitor how my site is being used, and to help me improve it, my website needs to place small files known as cookies on your device (computer, mobile etc). Cookies are used by the majority of web sites. They are small text files which are harmless to your computer and are not used by this website to identify you personally.

These pieces of information are used to improve services for you through, for example:
• measuring how many people are visiting the website, so areas of most interest on a site can be identified.
• enabling a service to recognise your device so you don’t have to give the same information multiple times.

You can manage these small files yourself and learn more about them from:

My use of cookies

This website cannot function properly without these cookies.

Preference cookies enable my website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Google Analytics sets cookies to help me accurately estimate the number of visitors to the website and volumes of usage. Google Analytics stores visitor information in an anonymised form and the cookies used by Google Analytics do not store any sensitive data, or data which identifies you personally.

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.

Facebook – Used by Facebook to register impressions on pages with the Facebook login button.

If you want to delete or block our cookies you can do so using your browser’s settings. If you would like detailed instructions as to how to do this I recommend you take a look at the guides at Your use of my website without modifying your cookie settings means you consent to our use of cookies.