Privacy Policy

At Emerge Sheffield, your privacy, trust and confidentiality are incredibly important. We understand that reaching out for support can sometimes feel like a vulnerable step and we are committed to ensuring that any personal information you share with us is handled safely, respectfully and in line with current UK GDPR and data protection regulations.

This Privacy Policy explains what information we collect, how it is used, how it is stored and your rights in relation to your data.

Who We Are

Emerge Sheffield provides Solution Focused Hypnotherapy, Solution Focused Therapy, Coaching and Employability Support.

Data Controller: Rebecca Morris

Email: rebecca@emergesheffield.co.uk

ICO Registration Number: ZA927224

What Information We May Collect

Contact & Enquiry Information

When you contact Emerge Sheffield, we may collect:

  • Name

  • Email address

  • Telephone number

  • Appointment preferences

  • Information relating to your enquiry

Therapy & Support Information

During consultations and sessions, we may collect information relevant to supporting you safely and appropriately, including:

  • Presenting concerns

  • Relevant background information

  • Wellbeing information

  • Lifestyle factors

  • Therapy goals and best hopes

  • Risk or safeguarding information where relevant

Session Notes

Brief professional notes may be recorded following sessions. These notes are:

  • Minimal and factual

  • Solution focused in nature

  • Used to support continuity of care and professional practice

Notes may include:

  • Scaling scores

  • Progress markers

  • Agreed actions

  • Session themes

Website & Technical Information

When visiting our website, certain technical information may automatically be collected, including:

  • IP address

  • Browser type

  • Cookie data

  • Website interaction information

This information helps improve website performance and user experience.

How Your Information Is Used

Your information may be used to:

  • Respond to enquiries

  • Arrange and manage appointments

  • Deliver therapy and support safely and appropriately

  • Maintain professional records

  • Track progress throughout sessions

  • Process payments or invoices

  • Communicate important information relating to appointments or services

  • Improve website functionality and user experience

We never sell your personal information and do not use your information for unsolicited marketing.

Lawful Bases For Processing

Under UK GDPR, the lawful bases relied upon for processing personal information include:

  • Consent

  • Contract

  • Legitimate Interests

  • Legal Obligation

This includes the provision of therapy/support services, professional record keeping, safeguarding responsibilities and financial/legal obligations.

Confidentiality

Everything discussed within sessions is treated respectfully and confidentially.

Information will only be shared where:

  • Explicit consent has been provided

  • Safeguarding concerns arise

  • There is a serious risk of harm to yourself or another person

  • Disclosure is required by law

As part of ethical professional practice, aspects of work may occasionally be discussed anonymously within professional supervision. Identifying details will always be kept to an absolute minimum wherever possible.

Where appropriate and safe to do so, we will always aim to discuss any necessary disclosure with you first.

How Your Information Is Stored

Your information is stored securely using:

  • Password-protected digital systems

  • Secure email practices

  • Restricted access systems

  • Locked and fire-safe storage for paper records

Only Rebecca Morris has access to identifiable therapy records unless disclosure is required for safeguarding or legal reasons.

Sessions are never recorded unless explicitly agreed in writing beforehand.

Data Retention

Information is retained only for as long as necessary in line with professional, insurance and legal requirements.

Typical retention periods include:

  • Therapy records: 7 years after final session

  • Enquiry-only information: up to 12 months

  • Financial records: 6 years (HMRC requirement)After these periods, information is securely deleted or destroyed.

Your Rights Under UK GDPR

Under UK GDPR, you have the right to:

  • Access the information held about you

  • Request correction of inaccurate information

  • Request deletion in certain circumstances

  • Withdraw consent

  • Object to processing

  • Request restriction of processing

  • Request transfer of your information where applicable

Requests relating to your information will usually be responded to within 30 days.

You also have the right to raise concerns with the Information Commissioner’s Office (ICO).

Cookies & Website Analytics

Our website may use cookies and standard analytics tools to:

  • Improve website functionality

  • Monitor website performance

  • Understand user behaviour and engagement

You can disable cookies through your browser settings at any time.

Third-Party Services

Trusted third-party providers may occasionally be used for:

  • Appointment scheduling

  • Payment processing

  • Website analytics

  • Secure storage systems

  • Email communication

These providers are expected to comply with UK GDPR and are not permitted to use your information for their own marketing purposes.

Children & Young People

For clients under 18 years old:

  • Parent or guardian consent may be required

  • Record keeping follows safeguarding guidance

  • Information may be shared where necessary for safety reasonsChanges To This Privacy Policy

This Privacy Policy may occasionally be updated to reflect changes in legal, professional or operational requirements.

The most recent version will always be available via Emerge Sheffield.

Last Updated: May 2026