This policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.
I am committed to protecting your privacy and aim to be clear when I collect your information and use it only as you would reasonably expect.
How I Use Personal Information
I will not use your personal information unless I have first told you how I will use it or it is obvious how I will use it.
I will never sell or rent your personally identifiable information to anyone.
My website is created and hosted by With Hindsite. I take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of website users throughout their visiting experience.
Personally Identifiable Information (PII)
Whilst requesting information via my website, you may be required to provide personal information (name, email, etc.). I will use this information to send you the specific item you have requested (for example my monthly newsletter or course information) and for no other purpose.
I will ensure that all personal information supplied is held securely in accordance with the General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018. Further, by providing your name and any contact details, you consent to me contacting you using these methods.
You have the right at any time to request a copy of the personal information I hold on you. Should you wish to receive a copy of this, or would like to be removed from our database, please contact me at firstname.lastname@example.org. Subscribers to my monthly newsletter may unsubscribe at any time using the link on the newsletter email.
I need to collect and use your personal information in the following circumstances:
- To respond to enquiries about hypnotherapy or to book a session.
- Course applications, registrations and associated administration, including both live and online courses.
- Delivering my monthly newsletter to subscribers who have opted in.
- Understanding the use of my website including details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data as monitored by our website host.
- Monitoring course feedback.
Information Collection And Use
My lawful basis for the purposes that I process personal information is for the performance of my contract with you to provide hypnotherapy sessions and courses. The law allows us me to collect and use personal data if it is necessary for my legitimate business interest and so long as its use is fair, balanced and does not unduly impact your rights.
I will ask for your consent to send you marketing emails regarding our future news relating to Aurora Hypnotherapy. You can withdraw consent for this at any time.
Because of the therapeutic nature of our sessions I may sometimes be informed of sensitive personal data by my clients. I would only record this in writing if it is considered contextually appropriate, and only for the purposes of assisting the your ongoing therapy. Sensitive information of this nature is stored in a locked filing cabinet, and destroyed following the your completion of your therapy.
Everything we talk about during our sessions is strictly confidential between you and me. To ensure I am doing my job effectively and that I have the right support, I may discuss elements of our sessions with my Peer Supervisor. During these discussions I do not disclose any details that may identify you to my Peer Supervisor, and my Peer Supervisor also adheres to the GDPR.
In an emergency situation, I may share your personal details with the emergency services if I believe it is in your ‘vital interests’ to do so. For example, if you are taken ill during one of our sessions. I may also share your personal information where I am compelled by law to do so.
How do I collect information?
I collect information in two possible ways:
- When you directly give it to me (“Directly Provided Data”). When you make an enquiry, book a course, sign up for my newsletter or communicate directly with me, you may choose to give me certain information – for example, by filling in contact boxes, completing booking forms and submitting coursework. All this information requires a direct action by you at that time in order for me to receive it and process it.
- When you give me permission to obtain from other accounts (“User Authorised Data”) Depending on your settings or the privacy policies for other online services, you may give me permission to obtain information from your account with those other services. For example, this can be via the payment method you use (PayPal, GoCardless, etc.) or by choosing to send me your location data when accessing my website from your smartphone.
I collect personal information from you directly through my website, e-mails, over the phone and through paper booking forms.
My website may collect information about the software on your computer or device (your browser version etc.) and your IP address (your connection with the internet) to improve your interaction with my website. This may happen automatically without you being aware of it.
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. I use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features.
The Personal Information That I Collect
The type and quantity of information I collect and how I use it depends on why you are providing it. The following is a more detailed explanation of what personal information I collect in each circumstance:
For booking individual therapy sessions:
- Name and email contact details
- Name and address of GP Practice
- Medical history
- Record of any medication taken
- Emergency contact details
For event applications, registrations and administration I may collect:
- Name and contact details of the person or organisation making the booking.
- Name and contact details of the person attending the event (if different from the person making the booking).
- Method of payment (I do not directly collect payment information details; payments are made securely via third party payment processing services such as BACS or PayPal).
- Feedback information from individuals following an event.
For sending my newsletter and informing people about my events and services I may collect:
- Names and email contact details.
For managing applications for products and services with third-party providers (for example my online courses) I may collect:
- Details of which of our products and services were purchased or used by you on those sites, including transaction details (date of transaction, cost and product or service purchased).
- In the case of online courses, details of your progress through the course, and any interactions you choose to make within the online community of that specific course.
For administration of complaints and feedback:
- A written summary of your complaint or feedback about my services or those of relevant partners, including the complainant’s PII.
- A written summary regarding an alleged breach of the code of ethics by you, received by me from a third party including related PII.
- A written record of any relevant actions, decisions and correspondence we may have taken.
Where I Store Your Personal Information
Where you have chosen a password which enables you to access my online courses, I do not have access to this and you are responsible for keeping this password confidential. I ask that you do not share your password with anyone.
Unfortunately, the transmission of information via the internet is never completely secure. Although I will do my best to protect your personal data, I cannot guarantee the security of your data transmitted to my website; any transmission is at your own risk.
Once I have received your information, I will use strict procedures and security features to try to prevent unauthorised access.
How I May Share Personal Information
I do not sell or share personal information with third parties for the purposes of marketing.
If I run an event in partnership with another named organisation, your details may need to be shared with them. I will be very clear what will happen to your personal information if you register for such an event.
I will not sell personal information. I may, however, need to disclose your details, if required, to the police, other emergency services, regulatory bodies or legal advisors. I will only ever share your data in other circumstances if we have your explicit and informed consent.
How I Protect Personal Information
I ensure that there are appropriate technical controls in place to protect your personal details.
- Hardcopy documents – Are all stored in a locked cabinet in a locked room.
- Text messages – My work phone is secured with a pin code.
- Emails – My email account requires a user name and password.
- Email attachments – Any attachments sent by email to you containing your personal information would be password protected and the password would be sent to you via text message.
- My computer is password protected and has appropriate virus and malware protection. I do not store any personal or sensitive information in electronic documents.
Unfortunately, the transmission of information over the internet can never be completely secure. Although I will do my best to ensure that your personal information is protected, I cannot guarantee the security of your data transmitted to the website or via email. Any transmission of your personal information by you is therefore at your own risk. Once I have received your information, I will use strict procedures and security features to try and prevent unauthorised access.
How Long I Will Keep Personal Information
I will not retain your personal information longer than necessary. I will retain the information you provide in order to provide my services to you and to meet regulatory requirements, resolve disputes, prevent fraud and abuse.
For individual therapy sessions I will hold your data for 6 years after your final meeting with me.
I keep personal information about:
- Hypnotherapy sessions
- Course applications, registrations and administration.
- Analytics information from my websites.
- Feedback and complaints.
Under GDPR, you can make a request to me in writing for all your records to be deleted. In this case all your paper records would be shredded with a cross shredding machine and any electronic data, such as emails or text messages, would be permanently deleted from the devices they are stored on. I would have to save the request for deletion you made but would not save any other data. In some instances my insurance company or professional body may state that I have a lawful purpose for keeping your information until the end of their client/supervisee file retention period.
- You have a right to know what personal data I hold, who I acquired it from, how I process it, the logic involved in any automatic processing, and who I disclose it to.
- You have a right to ask me not to make decisions based solely on the automatic processing of your personal information.
- You have a right to ask me not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.
- You have the right to request access to any of your personal data I hold, information about how and why it is processed, and to whom it may be disclosed.
- You have a right to ask me to erase your personal information.
These statutory rights are qualified by exceptions and exemptions.
To exercise any of these rights, please contact me at email@example.com or on the telephone number or address below.
You can find out more about your rights from the Information Commissioner, who regulates data protection and privacy.
Changes To This Policy
All questions should be directed to the Data Controller at Aurora Hypnotherapy:
13 Parc yr Odyn