CONTACT INFORMATION
Callie Di Nello - Glow Well Compass
c/o 130 Lambton Road, London SW20 0TJ
Tel: 07833 636967
Email: callie@glowwellcompass.co.uk
I, Callie Di Nello, am the Data Controller and Processor of Glow Well Compass. I adhere to the code of ethics of NSTT. If you are unhappy with my treatment of you with regard to hypnotherapy services, you may write to them.
PRIVACY NOTICE
The basis for my keeping client data is “Legitimate Interests.” This means I hold and use the data necessary to fulfil the agreement we have together - specifically, to provide therapy and coaching - and it is information you would reasonably expect me to maintain.
The information I keep includes:
• basic details such as your name, email address, and phone number
• any information you share with me as part of our work together
• records of the therapeutic interventions I use (or choose not to use) during our sessions
• emails, texts, and/or messages exchanged between us
• information provided by any third party, such as your GP.
Some of the information you share with me may fall under the definition of “special category data” as defined by the General Data Protection Regulation (GDPR). The condition for processing this type of data is that it is “necessary for medical diagnosis or the provision of health care or treatment pursuant to a contract with a health professional”. However, any information regarding criminal offences (including allegations, proceedings, or convictions) is subject to even stricter controls, and I will require your explicit consent to hold such data.
Your data is never shared without your knowledge, except in the following situations:
• with your GP or my clinical supervisor, to ensure your continued care
• for reasons outlined in the “Requirements for Disclosure” section (above)
• if you were to make a formal complaint about me to my professional body, in which case I may need to share your notes as part of their investigation process.
Primarily, your data is used to support me in providing coaching and therapeutic services for you. On occasion, it may also be used for scientific research or statistical purposes; this would always maintain your confidentiality. If you have any questions about how your information is handled, please do ask me.
DETAILS OF WHERE DATA IS HELD
The security of your information and your privacy are incredibly important to me. Below, I outlined how your data is stored, managed, and protected:
• email: any emails exchanged between us are stored on my ProtonMail encrypted email server, which is GDPR and HIPAA-compliant
• mobile phone: any emails or WhatsApp messages held on my mobile phone are protected by a secure passcode
• notes: your session notes are typed up immediately after your session, and stored on ProtonDrive, a secure encrypted and GDPR-compliant cloud storage facility. Your notes are coded so that only I am able to identify them; no-one else could connect them to you
• credit card information: if you pay by credit card, your details are shredded immediately after processing
• PayPal, Sum Up or online banking: if you pay through PayPal, Sum Up or online banking, those platforms will hold your data. I download records from these systems for accounting purposes. My account spreadsheets are stored securely in ProtonDrive, and are password-protected • recordings: any session recordings are saved on ProtonDrive, as above
• data retention: I keep your data for 7 years, as required by my insurer. After this period of time, digital records are permanently deleted.
I take data security seriously. To ensure your information is safe:
• all data is securely stored (as outlined above)
• data transmitted electronically is encrypted wherever possible
• accounting records are managed using password-protected Excel spreadsheets.
Important:
I do not have control over: the security of data you send to me (e.g., emails or messages)
• digital apps, such as Facebook, may access information you send via their platform.
IN CASE OF A DATA BREACH
If a data breach were to occur, I (Callie Di Nello at Glow Well Compass) will notify the Information Commissioner’s Office and anyone affected within 72 hours. I will also take every possible step to minimise the impact.
YOUR RIGHTS REGARDING YOUR DATA
You have several rights when it comes to the data I hold about you:
1. The Right of Access You can request access to all the data I hold about you. I will provide this as soon as possible (and within 30 days unless unavoidable delays, like holidays or illness, occur).
2. The Right to Rectification If any data I hold is incorrect, let me know, and I’ll correct it promptly (again, within 30 days unless delayed by holidays or illness).
3. The Right to Erasure If you’d like your data erased, I will delete computer records and shred paper records as soon as I can (within 30 days, unless delayed by holidays or illness). Some data may be retained for scientific, historical, or statistical purposes, but this will never include case notes or personal details like your address, email, or phone number.
4. The Right to Restrict Processing This allows you to pause processing of your data while any errors are corrected or erasure requests are being processed.
5. The Right to Data Portability If you’d like your notes shared with another therapist, for example, I can provide them to you directly for ease.
6. The Right to Object You can object to certain types of data processing, including:
• processing based on legitimate interests or tasks in the public interest (including profiling)
• direct marketing processing for scientific, historical, or statistical purposes (please provide grounds for objection)
• automated decision-making and profiling (I do not engage in this).
If you have any questions or concerns about your data, please feel free to discuss them with me at any time.
Privacy Notice updated 16 July 2025